When customer register new account we have to send them a confirmation email, what my question is i need to send each customer confirmation email with attached their login email address and password that they created a while ago... so how can i get their password from my customer table from field password..?? i just want to echo this password customer verification email page where i want....
<?php echo $password; ?>
any idea.? thanks...
To be honest, I hate every website I register to that sends me a confirmation email containing my password!!! And quickly I regret I did even register...
So the best answer and option for You: do not send a password back to user - he knows what password he entered during the registration and even if he lost it he still is able to change it to another one whether using his account management or "Lost password" link.
Short answer - you can't. Read up on SHA1, MD5, salt and hashing in general. Google is your friend here.
Your only option is to remove encryption all together and store it unencrypted, which is not very secure.
On a second thought, if you're doing this confirmation email during registration, then store unencrypted password string in some variable before submiting the form, then use it in your mailing script. Password in the DB will still be encrypted
If you want so save a copy of the passwords cleartext you need to:
1) Create a new table at your db (for this example table is called temp, containing varchar fields mail and pass)
2) locate registration file: /catalog/model/account/customer.php
3) locate line starting with :
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET store_id = '" .
should be at about line 14
add a new line after it as following:
$this->db->query("INSERT INTO " . DB_PREFIX . "temp SET mail = '" . $this->db->escape($data['email']) . "', pass = '" . $this->db->escape($data['password']) . "'");
By default, Open Cart hashes the password with SHA1 in a one-direction encryption. In simple words, that means that the password is not intented to be de-hashed. When the user logs in, the system hashes the user input again and compares the hashes. This is known as one-directional encryption and is considerably safe.
The only common way to decrypt it (let's say a hacker for example) will be by using a collision table that stores all the original and hashed results. To make life harder for hackers, OpenCart also uses a Salt (that creates new differnt collision table for each Salt key) so it is very unlikely to decrypt the password (although SHA-1 is already not recommended by many developers due to currently known volunarabilities and it is probably better to use SHA-256).
That being said, I'd recommend 2 options:
mcrypt_encrypt()/mcrypt_decrypt(). OpenCart actually helps you with it, look under System/Libaray/encryption.php. You will need to change the catalog/model/account/customer.php model. You will also need to change the controller so that it actually includes $this->data['password'] = $customer_info['password']; This will make sure you can access $password in the .tpl file.