[pmwiki-users] PageList Project
The Editor
editor at fast.st
Thu Jan 11 15:56:07 CST 2007
I just about have a zap newsletter management system operational, but
a couple small problems I thought I'd ask for input on...
First, on the subscription/unsubscriptions page, I have a page list
used to check and see which mail lists a member is subscribed to, (the
page allows them to subscribe/unsubscribe at the click of a
button--and then is supposed to dynamically reflects those changes):
Current Subscriptions:
(:pagelist {$Email} group=MailList name=-Template list=normal fmt=#title:)
It works fine as long as they have read permission to the MailList
group, but when they don't it won't show any subscriptions. The
reason is not because the pagelist is protected, but rather, I'm
guessing, because pagelist can't read the target pages to test for the
search criteria (their email address), all the lists fail. I've
verified using two browsers (one with admin access) that the user is
indeed adding and dropping himself to/from the lists, so that is not
the problem. It's just the pagelist can't see that.
Any suggestions for making this work? As these pages contain secure
information (lots of email addresses) and I want to make absolutely
sure they are protected, I'm not comfortable with just a redirect or
the like. I could perhaps put a (:if auth edit/admin:) around the
lists, but don't like the idea of the pages being readable even with
this... Perhaps a custom conditional that can read the page directly
and check for a match that could be put in the pagelist template...
Any other thoughts?
Second, I'm wanting to set up an email authentication system, but not
sure the best approach. One option is to verify an email before a
person creates a member's account but I'm not thrilled with the idea
of forcing them reverify their email everytime they update some bit of
profile information. Nor of having a separate form for updating
emails and another for their other profile data (Though that's one
possibility...).
Another option might be to dispense with the idea of memberships
completely, and just allow visitors to authenticate an email anytime
they want to update their subscriptions--something like this:
1) They go to a page where they enter an email address. 2). On
submit, they are forwarded to a page with a passcode field, and an
email is sent to that address with the passcode. 3) If they enter the
right number, they are logged in with a random number id, and are
given access to the subscribe/unsubscribe form for their verified
email address. Then 4) they logout. Their email might need to be
stored in a temporary login accounts that would be later deleted
(perhaps by cron). Or another workaround might not require login at
all, just get variables or something.
Anyway, just thinking out loud about the best way to set up the
system. The newsletter sending part (for admins) is working like a
charm. I just want an interface for users to be able to securely
manage their own accounts.
Cheers,
Dan
More information about the pmwiki-users
mailing list