I'm working on automating the account sign up process and was pleased to see that an email is automatically sent once an accountn is "Validated".

The email gets sent to the new account owner and says:
———
Your (site name) membership has been approved

Your member account, (membername), on (site name) has been validated.  You may now log in:

https://website.com/index.php?page=login
———-

What I'd like to do is customize the email text a bit…but I can't seem to find the template used to support this email.  I've looked all over themes.  Any idea where I can find the template used to create this email?

Thanks in advance for your help!

Best,
Christopher

 

Hi,

Most of the emails don't have templates, just language strings.
This is 'VALIDATED_MEMBER_SUBJECT' and 'MEMBER_VALIDATED' in 'cns'.

Admin Zone > Style > Translate/rephrase Composr

Thanks Chris.  I'm deep-diving as much as I can into this interesting and incredibly powerful software...and I'm learning a lot.  I sincerely appreciate you taking the time to answer the occassional question when I'm unable to find it on my own.

Real quick, I'm hoping you can tell me how I might be able to add the display of the user password in the 'MEMBER_VALIDATED' language string?  Is that parameter passed and/or available to this language string?  And if so, how is it referenced?

Thanks for all your help!  I look forward to your quick response.
 

.

Sorry, you can't do that I'm afraid. The password is irreversibly hashed – once saved the system can't reverse the hash back into the actual password. It is possible to change that behaviour, but it's definitely a bad idea to do so, and even then there's no mechanism for it to get into the e-mails.

If you're adding accounts on behalf of other users you can import a spreadsheet of usernames and passwords then use standard spreadsheet mail merge features (e.g. in Excel) to manually generate emails for people from the same spreadsheet. That's available in the Admin Zone.

Okay, thanks Chris.  I'll look into an alternate process.  No problem.  But I got excited when I saw the automated email after validating the account and was hoping the account login details could be part of that email process...but I can understand why the password would be encrypted once stored.  Not even surprised about that.  But if you force the new user to change the account upon next login...it seems like that process would still work and be secure.

Thanks for the quick response!

Right, a temporary random or staff-assigned password that has to be changed, that would not be a security issue.

Are you planning to be manually adding these accounts and disabling the manual join page?

If you want to sponsor maybe 1.5 hours work, we could add it so that welcome emails could reference a plain text temporary password .

Yep, that was my thinking.  The site I'm working on is basically a closed site only for Homeowner Association community members.  The accounts will be manually created by Staff, this kicks off a generic Welcome Email introducing the new member to the site (which is why I sort of wanted to customize that email, but I can make it work generic).  CRON will kick off the SMTP email within 30 minutes.  After that I can make the account validated, which then send a second email indicating that their account has been validated and now they can log in.  This is where being able to show the temporary password would be handy, as that email is automated as well.  I would set 'Force temporary password' so that the temporary password is truly temporary :)  That's my thinking anyway.

I have indeed manually disabled the join page.  The only way in is via a Staff created account.  Once in, of course, the new member can customize to their hearts content.

I am definitely interested in sponsoring 1.5 hours....if I can afford it? :)  You can email me directly, if you like.  Are you considering adding this option to a future release of Composr?  Seems like others may find this useful as well.

Thanks!

One more real quick question:  how can I send emails to a whole USERGROUP.  In my case, as a Staff member I'd like to be able to send emails to everybody in the HOA-CurrentMember usergroup.  I can see how to send emails to individual members, but it would be considerably less tedious if I could send an email to everybody in a usergroup.

 

For the sake of anyone else viewing this topic, I should clarify that a temporary non-hashed password is not necessarily a security issue.
There is nuance to it:

• Definitely an issue for any system privileged account, like an admin account
• Definitely an issue if gaining access to an account confers other privileges, like the ability to take someone's identity

So don't take my brief response in this topic as perfect advice for everyone . There are also considerations regarding e-mailing out any kind of passwords, as e-mail traffic is not guaranteed to be done over secure channels.

Anyway…

I have written up the changes that would be required in this issue 0004205: Add temporary_plain password compatibility scheme - Composr CMS feature tracker
1.5 hours is likely an underestimate, but I'd do it for the cost associated with that (or anyone else from the community can also put their hand up to do for any or no cost of course), which is in the issue also.

After that I can make the account validated, which then send a second email indicating that their account has been validated and now they can log in.  This is where being able to show the temporary password would be handy, as that email is automated as well.

The way I have specified this, it's all done via welcome e-mails, and not touching the account validation e-mail.
I don't see any advantage to you manually validating members to trigger an e-mail when you can do it all just with welcome e-mails.

Are you considering adding this option to a future release of Composr?  Seems like others may find this useful as well.

Yes, 'sponsored' work would always be intended for future inclusion.

One more real quick question:  how can I send emails to a whole USERGROUP.  In my case, as a Staff member I'd like to be able to send emails to everybody in the HOA-CurrentMember usergroup.  I can see how to send emails to individual members, but it would be considerably less tedious if I could send an email to everybody in a usergroup.

This is a possibility when sending a newsletter. You can target it to a usergroup.

To be honest, the more I think about it, it probably just makes more sense to add email subject and body fields to the add-member form, with support for specifying what the default values for those fields should be, and support for the same variable binding welcome e-mails now have.

A whole lot less messing about with how passwords are managed internally, less concern about evaluating security, simpler, and customisable as you go. I'd give the same price quote to sponsor that.

Chris Graham said

The way I have specified this, it's all done via welcome e-mails, and not touching the account validation e-mail.
I don't see any advantage to you manually validating members to trigger an e-mail when you can do it all just with welcome e-mails.

Works for me.

Yes, 'sponsored' work would always be intended for future inclusion.

Excellent.  So how does one go about sponsoring such work?  

This is a possibility when sending a newsletter. You can target it to a usergroup.

Okay.  I'm still quite new to Composr but catching up quickly.  I need to spend some more time getting to understand newsletters better.  Thanks for pointing me in the right direction.

Are you sure the 2nd idea (just having an e-mail feature on the add-member form) isn't better for you?

Sponsorship could be through a PayPal payment.

Newsletters can be something people sign up to, but the addon supports also just targeting usergroups too. It's fairly straight-forward.

Are you sure the 2nd idea (just having an e-mail feature on the add-member form) isn't better for you?

Yes, I think that would be just fine.  Basically, as long as the Welcome email can include the username and temporary password, and ensure the Force temporary password field is set…this should work well.

I'm testing out your 'fixed' code right now and received an error.  See my new post in the other Topic.

Sponsorship could be through a PayPal payment.

Not a problem.  The HOA is non-profit so this development would be on my dime.  How much are we talking?  You can send me a direct email if you don't normally discuss such details in the forums.