[pmwiki-users] Self registration

Patrick R. Michaud pmichaud at pobox.com
Thu Jan 22 15:49:24 CST 2009

On Thu, Jan 22, 2009 at 09:42:32PM +0100, kirpi at kirpi.it wrote:
> > > where would the advantage be to keeping the additional information in a
> > > user profile page?  You certainly don't want people to be able to update
> > > their unprotected profile and change their email without it being confirmed
> > > in some way if it's part of the official identity, right?  And most people
> > > wouldn't want their email to be published cleartext on a web-page...
> > Sorry, I wasn't clear.  The intent is to store this information as
> > page attributes (which aren't user visible), not in the text of the
> > wiki page itself.
> Uhmm... With a quick pagelist one might easily gather those data just
> like we gather ctime and other variables in the hidden part of a page.
> This means that an extra layer of protection has to be set for those
> specific sensible data, am I wrong?

You're wrong.  Currently there's not a way to get 'ctime'.  There's
a page variable that uses 'ctime' to generate its output, but
there's not a way to directly access 'ctime' from the markup.

What I'm describing would be very similar to the the way passwdedit, 
passwdattr, etc. page attributes are handled now.  These attributes
are stored in each page file, but there's no direct way to be able
to access them from markup.  There's an indirect way to view them
using the {$PasswdEdit}, {$PasswdAttr}, etc. page variables, but those
page variables are only visible to site administrators.

So, a profile page could hold sensitive information such as a user's 
email address as a page attribute, but there's not a way to see that
information except via page variables, and those can be restricted
to just the administrator (and possibly the owner of the profile page).


More information about the pmwiki-users mailing list