[pmwiki-users] A robust user registration module

V.Krishn vkrishn at insteps.net
Mon May 24 07:24:06 CDT 2010


On Monday 24 May 2010 4:29:58 pm Wordit Ltd wrote:
> I just realised this a lot simpler than I thought. There is no need
> for temporarily storing the sign-up info.
>
> I think this should work:
>
> - user supplies email, username, password via a form
>
> - create a key containing supplied info plus a secret: sha1($email.).
>

Who provides the secret string?
if its just sha1($email) then its not difficult to create and get compromised.
I am guessing you mean sha1($email.$username.$password)

> - Mail to user. No record is kept because the key can be generated
> from info the returning user enters plus the secret.
>
> - user goes to verification page and enters the info plus the key. The
> key is checked.
>
> - if it matches, append, replace, or remove entry in wiki page
>
> The only general functions needed are to find a line in a wiki page,
> and write to a page. (I guess both these already exist as pmwiki
> functions?)
>
>
> Marcus
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

-- 
Regards,
V.Krishn



More information about the pmwiki-users mailing list