[pmwiki-users] My Thoughts on User Authentication
The Editor
editor at fast.st
Fri Mar 3 17:58:35 CST 2006
Hi again,
Right now in the process of trying to figure out how to set up my own
User Authentication system. All this discussion on AuthUser is thus
very timely and helpful. Below is my current (tentative) plan and a
few questions, after poring through bunches of recipes and
documentation. Any feedback or potential pitfalls you see?
Objectives:
I want to use AuthUser generally, because it seems more powerful,
stable, flexible, etc., use StoredAuthName to require members to sign
their name when posting, and use
Htpasswd form for any admin functions I might need, and so users can
change their passwords. Generally, users only need to give me a
verified email to access my members area, but I want to track various
other user details. Also, I want it all completely automated.
Process:
Step 1) 'UserAuth-NewUser' confirms email, and notifies me of a new
member. (I want this for my members newsletter, and to connect a
UserName to each email). Their confirmation email points them to a
wiki page that does step two.
Step 2) 'UserAuth-Register' creates the account (with their UserName
and password). The documentation wasn't clear if it stored it in the
.htpassword file--in a way AuthUser can use? Hope so... Note: I want
to ensure this UserName and the one from step 1 are identical. If
easier, I might reverse the order of these steps.
Step 3) Finally, they are taken to a form created by the BuildForm
recipe, which stores various user information in the file
"Account.UserName.var". This information could then be useable in
conditional statements anywhere on the site linked to the individual
user.
Note step three is an extension of the system I'm trying to build
around my Members Office recipe. It should be a snap to add another
link in their office sidebar allowing members to update their account
details, and another to change their password.
Anyway, that's my current thinking. Any comments or suggestions? Oh,
also, is a .htpasswd file fast enough for a user base of several
thousand?
Caveman
More information about the pmwiki-users
mailing list