Created attachment 321138 [details] Forums: Email with plain text password After registering for a Gentoo forum account, the system emailed me my password in plain text. (1) There was no need to email me the password since I choose it. (2) Its not appropriate to transmit secrets this way - and there was no need due to (1). If Gentoo forums wants to email plain text passwords and other secrets, perhaps it should generate a random, throw-away password to share with the world.
Created attachment 414168 [details, diff] Changes email templates in all languages (htdocs+translations) Remove {PASSWORD} token from email templates. This prevents user passwords being emailed in plain text. Following the phpBB v3 email templates, the only template which does send a password is the user_activate_passwd template because it is the only one which sends a password the user did not provide. I suspect the diff paths may not be what you want to apply this. Let me know if/what to change them to if this is the case :)
This is still an issue in January 2022. I registered today and got an email with plain text password I provided during registration.
Its a feature of phpBB2 and will be fixed with the phpBB3 upgrade. The workaround until then is to change your password. The board will not email you your new password.
