Tutorial – I recently noticed that the password is showing up in user account registration activation emails that users receive when they create a new account on my website. It is strange that chose to have this feature as this is not best practice. I want to modify the activation email so that it does not send out the users password in clear text. For example, see below:
1. User creates a new account and clicks on ‘Register’. They will get a message that says:
2. The User then the user will receive an email registration confirmation email that looks like this:
After activation you may login to http://yourdomain.com/ using the following username and password:
3. The password is showing in the email. High risk!!! Must remove.
Below is the high level overview of how to remove the password from the activation email:
- Access the – Language Manager
- Add a New Language Override
- Search for the text you want to change = Constant
- Click on the Search Results
- Edit the Email Text
1. Access the Extensions – Language Manager
You can edit your user registration activation emails via your Joomla 2.5 backend. The Language Manager is where you can edit your email text.
- Login to your Joomla 2.5 backend administrator panel
- Click on ‘Extensions’, ‘Language Manager’
2. Add a New Language Override
In the language manager you can manage many installed languages. You can have multi-languages installed if your site caters to many different countries. I only have one language installed right now – English (United Kingdom) which is language type = en-GB.
- In the Language Manager: Installed Languages, click on the tab – Overrides
- Then Click on ‘New‘
3. Search for the text you want to change = Constant
Here it gets a little tricky, but if you follow you should be fine. First you need to search for the constant or string that stores the email text. This string or constant is called: COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY
- On the right side of the screen, you will see a heading “Search text you want to change”
- In the Text box, set the following value:
- Search for, set the following value:
- Click on ‘Search‘
4. Click on the Search Results
The Language Manager will return the search results below. It will display the constant you searched for and the contents for you to preview. You can click anywhere in the result section to edit it.
- On the right bottom side of the screen, will see a heading that says “Search Results’
- Click anywhere in the results panel to edit the text.
5. Edit the Email Text
Once you found the string or constant that holds the email text, you can see and edit it on the left panel of your screen.
- On the Left side of your screen, see heading that says:
- Create a New Override
- Put your mouse on the ‘Text‘ portion and remove any mention of password.
- For Example, your text should now say:
Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account click on the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the username and password you entered at registration:\n\nUsername: %s
- Click on ‘Save & Close’
Now when users create a new account the activation email that is sent to them will not contain their password. if they forget their password they can always use the ‘Forget Password’ function available.
Hope that helps you!