[pmwiki-users] A robust user registration module
vkrishn at insteps.net
Mon May 24 07:24:06 CDT 2010
On Monday 24 May 2010 4:29:58 pm Wordit Ltd wrote:
> I just realised this a lot simpler than I thought. There is no need
> for temporarily storing the sign-up info.
> I think this should work:
> - user supplies email, username, password via a form
> - create a key containing supplied info plus a secret: sha1($email.).
Who provides the secret string?
if its just sha1($email) then its not difficult to create and get compromised.
I am guessing you mean sha1($email.$username.$password)
> - Mail to user. No record is kept because the key can be generated
> from info the returning user enters plus the secret.
> - user goes to verification page and enters the info plus the key. The
> key is checked.
> - if it matches, append, replace, or remove entry in wiki page
> The only general functions needed are to find a line in a wiki page,
> and write to a page. (I guess both these already exist as pmwiki
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
More information about the pmwiki-users