Hi list, I would like to outline an additional way for the work flow of setting the user's password in Mapbender's administration application (gui).
The way it works now: The administrator user is the one who creates a new user and defines the new user's password by typing in a password. This is not a good process as in most use cases the administrator user should not know the password of her users. My proposal is as follows: - the administrator user creates a user without manually setting the password -> A generated one-time password is created dynamically and stored in the password field. - When the new user's data is written to the mb_user table simultaneously a ticket number for that new user is written into table mb_user (new field) - An e-mail is sent to the new user which contains a link (ticket number of this user is sent as a parameter) to a new Mapbender module (for example: mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form where the user is requested to insert her new password (twice for confirmation, as we already have it). - If the ticket number is not valid the module returns an error (you are not authorized, please request a new ticket, etc.) The ticket in the table mb_user is deleted. - If the ticket number is valid, the new password will be saved in db and the ticket number of this user will be deleted The new module could be based on or be an enhancement of the module "ForgottenPassword" which does some related things. What do you think? Any suggestions concerning that topic? Best regards Verena _______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
