#5678 - [PASSWORD] variable in pending email is displayed in email as [PASSWORD] when resending confirmation

Update after internal discussion with CB Team members.

The [DETAILS] tag no longer includes the password field (since CB 2.0 release).
It was considered bad security practice.

However, if you have configured automatic password generation in your CB Configuration, then the password is automatically sennt in the Welcome message that is sent in this case (language string) and not the pending approval message.

So, if you do want to include the [PASSWORD] tag in your pending confirmation message you can do this, but you will end up having an issue when you send email confirmation messages for unconfirmed accounts.

Hope this helps.

Nick,

While this change was made with CB2.x, it has yet to be reflected in the displayed help.

This is what is causing the confusion. And as we both have pointed out, the password isn't sent in a reconfirmation mail so it may be best to eliminate the option to auto-create the password for the user and simply send the auto-confirmation links which confirms their email.

As long as the software behaviour differs from the displayed help, this will continue to be an issue from time to time. Best to talk with the developers and find the best way to either update the help, or update the help and remove the option to create a password since it doesn't work as expected sending a reconfirmation mail.

Savvy users such as ourselves can generally deal with these one time password emails but for the average user, they don't even have an idea what a spam folder may even be or be aware something can block it. It really creates more unintended issues using it than it is worth. Yes, I know, some will still ask for the password feature but let that be on their head. I'm going to disable it.

gardenho wrote: Thank you for the reply. I realize adding [PASSWORD] will add it to the email, I guess my point was in the documentation it says that [DETAILS] contains the password as well, but obviously it doesn't. I've added it to my email template so it will be included one time for the user, in the one which they must click to confirm.

Thanks for the info on toggling etc. on the resend email feature. I thought I was trying to resend on a test signup acct that had not confirmed yet and it didn't work, however testing this morning and paying particular attention to that shows that indeed it does provided they haven't confirmed yet.

I have the same issue here on a member site for an organization - so many signups have never responded to their confirmation emails so they have never come back, I'm sure it goes to their spam folders. Since I have the member list I can reference the names and approve based on that, but I get annoyed at office admin constantly contacting me saying the site isn't working right when a member complains they didn't hear anything after signing up. I do the obligatory testing every time it is reported to me and it always works as it should.

Agree!

forge.joomlapolis.com/issues/5678

will be fixed for next release.