- CB 2.0.14 nightly build 2016.03.30
- CBSubs 4.0.2
- J! 3.5
- PHP 5.5.3
- no Antispam, no Auto Action triggered by anything before or after registration

Relevant settings CB:
- Allow User Registration: independent of CMS
- Generate Registration Passwords: no
- Admin Approval: no
- Email Confirmation: no
- Moderator Approve Users: no

Configuration CBSubs:
- Show subscription plans at registration: yes

All was working fine with the above when these following settings were
- Allow Free Registered Users: yes
- Create Subscriptions also for free lifetime plans: no

Since I flipped this around to
- Allow Free Registered Users: no
- Create Subscriptions also for free lifetime plans: yes
to prevent new users from registering without selecting at least one of the non-exclusive plans, the password gets saved in the database in plain text. Users can finish registration incl basket and 'thank you' page etc, but cannot log in without password reset, which creates and saves a properly encrypted password. Then changing to a new password in profile edit also goes well.

The encryption seems to be skipped only with the above settings during registration.

Thanks for your help/fix.

P.S.:

I was able to reproduce it in a test environment on the same server with same software versions, where everything is out of the box and minimal, but same settings as described above: same issue, password saves in plain text.

Sorry for so much bla-bla, but in an effort to give you as much and detailed info as possible to cut your search for the bug short, I just did more trials and errors in the "clean" test environment. After quite many registrations with different settings here's the culprit:

It only happens if
- Allow Free Registered Users: no
- Create Subscriptions also for free lifetime plans: yes
AND
- Purchasing a free plan with a negative fixed amount promotion applying to it (no conditions other than that)

As soon as I flip the mentioned yes/no settings or make them yes/yes, the password saves properly encrypted.

Also, if I leave the yes/no settings as here above but change the plan price from 0 to whatever, the password saves well encrypted, no matter if a negative or positive promotion gets applied.

BTW, "purchasing" free plans without any (negative) promotion does not cause any issues no matter what the settings above are.

It appears that it's only the setting "Allow Free Registered Users: no" causing it, during registration with a free plan plus negative fixed promo - at least as far as I can see after many trials.

---

So, wrap-up for reproduction:

1.) Settings as per my list here above, especially in CBSubs
- Allow Free Registered Users: no
- Create Subscriptions also for free lifetime plans: yes

2.) Create CBSub plan, exclusive or not, with regular price 0, make it available during registration.

3.) Create promotion for all purchases with fixed negative value, applying to the above plan.

4.) Sign-up with that plan selected.

5.) Once the basket has loaded, look up the password field for this new user in #__users, it'll be plain text.


Again, thanks in advance for fixing this.

beat wrote: Thanks for your detailed bug report, we are looking into it

#5903

Hi Beat,

Friendly question a week onwards: Any news or progress on this? One of the last obstacles in my project...

Thanks for some good news!

<wondering class="friendly">Anyone able to tell me something?<br />Thanks!</wondering>