[pmwiki-users] Limiting Edit to Login with Username only (no password required)
Philip Yates
phil at philipyates.com
Mon Feb 26 11:34:03 CST 2007
Two questions:
1. For registration, how do you turn off encryption of passwords from a
login form that stores passwords in .htpasswd (or anywhere else)?
2. How to require, for edit privileges, a Username but not require a
password?
Why do I care?
I spent the weekend learning about AuthUser and UserAuth, and now I've
got a login page and registration page that takes a username and a
password, and no one can edit now with entering a password and a login
name. However, there's no reason to impose a password obligation to
edit 99% of the wiki. For those parts of the wiki that need protection,
I like the password-only access philosphy of pmWiki. But I want users
to make posts using their real name, and I want an email address for
each user. (For a community wiki, it's important to know who's posting.)
After a user has already registered once, how can I force a user to
enter a name and an email address, and have a cookie remember the name
he/she used the last time, without forcing the entry of a password to
make a simple edit?
The desired effect: User browses page, never having edited or logged in
before. He clicks on edit. He sees a prompt asking for a UserName in
FirstnameLastname format, and a block for entering an email address
(twice), as the password. He enters his name and email address (twice)
and makes his edit. Next time he browses and tries to edit, he sees a
prompt for his UserName only, with a cookie set to enter it for him.
The system allows him to edit if his UserName is on the list of
UserNames already registered. There is some chance that somebody will
mistakenly enter somebody else's name by mistake, e.g. two people with
almost the same name, but in a small community wiki, but I don't think
that is a significant risk. On the other hand, it's not much trouble to
enter an email address whenever you want to make an edit. Anythoughts
on the tradeoffs here would be appreciated from this novice wiki admin.
Whether or not I turn off the requirement to enter a password for an
edit, if I'm going to use the user's email address for a password, I'll
need to see the email address. How do I turn off the encryption so the
email address is stored in a readable format?
Any other ideas or suggestions?
--
Philip Yates
515 High St.
Oregon City, OR 97045
(503) 570-8000 cell
(503) 656-1127 home
More information about the pmwiki-users
mailing list