Azril, believe me you did a very good job. just keep trusting yourself / be yourself and you are the winner soon or later
Dear BrendonKoz, I agree with you, some points are application specific. On Jan 13, 5:04 pm, BrendonKoz <[email protected]> wrote: > I disagree with 1-3, 5, and 8. These are all project specific > requirements that may change depending on the project. Obviously 4 > and 6 can be argued as project specific as well, but much less often > do I see these fluctuate. 7 is good because you mentioned that if > further permissions are needed, an entirely different system should be > used. ;) > > There is no single "right" or "wrong" approach. If it works, it > should help *at least* one other person! :) > > Good job on your first plugin attempt, Azril Nazli! > > On Jan 13, 8:05 am, robustsolution <[email protected]> wrote: > > > thanks for sharing us your work. > > It was a very good start. > > some quick notes: > > 1)after signup user should receive an activation link to activate his > > account not to activate the account by default. in this case use > > should autologin > > 2)user should be able to login using the password with (either his > > username or his email) > > 3)user should not be able to change his username in edit mode, but he > > could change always his email address in edit mode, in this case his > > account will be deactivated(banned) until he verifies that he is the > > owner of the new email address > > 4)the resetpassword link should be used only for one reset password > > operation, for security reason. same for activation link > > 5)after successfully resetting the password, or activating the account > > user should autologin to the system > > 6) user life cycle: created,activated,banned then ,activated,banned, > > activated,banned, activated,banned,activated,banned, etc... so just > > three status is enough. > > 7)in case you have either user or admin account for the user record, > > is_admin is enough, otherwise a light or heavy weight permission > > system should be required > > 8)cookies should always be a user choice that developer could not > > ignore it
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
