[pmwiki-users] PmWiki standard AuthUser

Crisses crisses at kinhost.org
Wed Jul 2 08:56:08 CDT 2014


Right now, an admin has to change passwords in AuthUser.  Some people don't want to tell the admin their password.

I am working on a membership site where members will log in and need edit permissions to their own profile information (name, contact info, description, etc.), can change their own passwords, are in a group @members so that permissions can be doled out around the website, some members can be @admin (or other permission group) privileged.  And I'd like to avoid using a database.

I'm looking through PmWiki documentation, recipes, etc.  So many recipes are old, haven't been maintained in 4+ years, are not PHP5 (much less 5.5) compatible, etc.  I was trying to get .htpasswd files working, spent a whole day on that, got it working -- but the recipe I was going to use to handle password updating and group management is http://www.pmwiki.org/wiki/Cookbook/HtpasswdForm -- and it's broken (and too complicated for an easy fix).  I put the (:command:) in the page, and the page comes out blank when it should come up with password updating and group permissions forms.

In all honesty, I love the simplicity of AuthUser.  It would be lovely if PmWiki finally got -- a little -- more sophisticated on user/password management.  Here's my thought on how it can be set up for users to edit their own password:

Similar to SiteAdmin there could be a locked-down group, perhaps (to keep with $BaseName tactics) "Profile-Data".  This would be a PmWiki data page hidden from the world.  In it could be profile data (page $Name = username, crypt'd password, email address, phone number, member expiration date, whatever...).

What I need:

I would like to be able to tell SiteAdmin/AuthUser to use Profile-Data/{$username}$:passwd for username/password auth.  So just like it would grab a username/password from the SiteAdmin/AuthUser page, I want it to grab the passwd: <encrypted password> from their Profile-Data page.

I also need a way to set group access attributes so that only id:{*$Name} (i.e. the current wiki page name) could edit their own pages (plus admins of course).  That might be configurable already via local/Profiles.php 

This I can probably do, although I'm rusty:

The user corresponding to the Profile, when logged in, can either directly edit their Profile-Data page, or (when one has edit permissions) there can be a form for updating their Profile-Data/$username data that saves data and the encrypted password to the corresponding Profile-Data/$Name page (cf how PmForm saves data to another page) while visiting their own Profile.

Then the only case in which an admin is needed is if a user forgets their password, not if they just want to change it.  This means admins can set an initial password and the users can change their own password after their first login.

Crisses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20140702/376c1731/attachment.html>


More information about the pmwiki-users mailing list