johnmoore84 Posted December 6, 2013 Share Posted December 6, 2013 Hello everyone we have a shop built with Prestashop 1.5 and have used prestashop for many year now. Today I had a email from a customer who had created an account when making a purchase which basically said "Very unhappy about my password not being encrypted in your email". What he was referring to was to was the welcome email prestashop sends when a customer crsates an account which contains both there email address and password. A copy of the email is below with the email address and password changed. My question is should this email be changed to not include the password or is this normal and ok, only ever had the one customer mention this but though I would see what other people think. Thank you for creating a customer account at Stakehill Nurseries. Here are your login details: E-mail address: [email protected] Password: 1d2p3k4g5m Important Security Tips: Always keep your account details safe. Never disclose your login details to anyone. Change your password regularly. Should you suspect someone is using your account illegally, please notify us immediately. Thank you all in advance Link to comment Share on other sites More sharing options...
El Patron Posted December 6, 2013 Share Posted December 6, 2013 you can easily remove it... back office-->localization-->translations-->email templates translations-->select language flag-->(note will need to do this for each language) ctl+f (search password) click edit this email template modify .html and .txt, i.e. remove the password text and {} save Link to comment Share on other sites More sharing options...
lynbbor Posted December 9, 2013 Share Posted December 9, 2013 I just experienced the exact same thing this morning. A new customer sent me a nasty gram about his password being exposed via an email message. I logged on to this forum and now thanks to El Patron that email will now have Stars (*****) instead of the users password. Note, there was one minor step missing from the instructions. After selecting the language flag you will need to click the button to "Expand" all so you can see your search results. I did it using chrome which found 2 but showed me nothing until I eventually noticed the expand button. Then it found 7 and could jump to the matches. I only changed the welcome email to hide the password and added a message to the user to login and change their password immediately because passwords sent via email are no longer secure. I assume one of these were for when someone requests a new password because they forgot theirs. And there was another that was about converting a user from a guest to a customer. Anyway, nice to see this forum work this well at providing the exact solution to my problem. Link to comment Share on other sites More sharing options...
Recommended Posts