[pmwiki-users] PmWiki standard AuthUser
StefCT
stefct4 at gmail.com
Wed Jul 2 22:38:26 CDT 2014
On 07/02/2014 03:56 PM, Crisses wrote:
> Right now, an admin has to change passwords in AuthUser. Some people
> don't want to tell the admin their password.
To avoid e-mailing passwords in plain text, you can always ask users to
encrypt their password with action=crypt and then email the resulting
string to you.
Anyway, I agree that some more sophisticated user/password management
tools would be great.
--StefCT
>
> I am working on a membership site where members will log in and need
> edit permissions to their own profile information (name, contact info,
> description, etc.), can change their own passwords, are in a group
> @members so that permissions can be doled out around the website, some
> members can be @admin (or other permission group) privileged. And I'd
> like to avoid using a database.
>
> I'm looking through PmWiki documentation, recipes, etc. So many recipes
> are old, haven't been maintained in 4+ years, are not PHP5 (much less
> 5.5) compatible, etc. I was trying to get .htpasswd files working,
> spent a whole day on that, got it working -- but the recipe I was going
> to use to handle password updating and group management
> is http://www.pmwiki.org/wiki/Cookbook/HtpasswdForm -- and it's broken
> (and too complicated for an easy fix). I put the (:command:) in the
> page, and the page comes out blank when it should come up with password
> updating and group permissions forms.
>
> In all honesty, I love the simplicity of AuthUser. It would be lovely
> if PmWiki finally got -- a little -- more sophisticated on user/password
> management. Here's my thought on how it can be set up for users to edit
> their own password:
>
> Similar to SiteAdmin there could be a locked-down group, perhaps (to
> keep with $BaseName tactics) "Profile-Data". This would be a PmWiki
> data page hidden from the world. In it could be profile data (page
> $Name = username, crypt'd password, email address, phone number, member
> expiration date, whatever...).
>
> What I need:
>
> I would like to be able to tell SiteAdmin/AuthUser to use
> Profile-Data/{$username}$:passwd for username/password auth. So just
> like it would grab a username/password from the SiteAdmin/AuthUser page,
> I want it to grab the passwd: <encrypted password> from their
> Profile-Data page.
>
> I also need a way to set group access attributes so that only
> id:{*$Name} (i.e. the current wiki page name) could edit their own pages
> (plus admins of course). That might be configurable already via
> local/Profiles.php
>
> This I can probably do, although I'm rusty:
>
> The user corresponding to the Profile, when logged in, can either
> directly edit their Profile-Data page, or (when one has edit
> permissions) there can be a form for updating their
> Profile-Data/$username data that saves data and the encrypted password
> to the corresponding Profile-Data/$Name page (cf how PmForm saves data
> to another page) while visiting their own Profile.
>
> Then the only case in which an admin is needed is if a user forgets
> their password, not if they just want to change it. This means admins
> can set an initial password and the users can change their own password
> after their first login.
>
> Crisses
>
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
More information about the pmwiki-users
mailing list