On 21/03/11 1:12 PM, John Rankin wrote:
We are using a modified version of Cookbook.NewGroupBox [1] to let
users create a NewGroup.HomePage and set a group password for
edit/upload in NewGroup.GroupAttributes. The user only needs read
access to the "Start a New Group" page, but gets re-prompted for the
new edit password before the recipe saves NewGroup.HomePage. We want a
way for users to recover from a forgotten password and are having
difficulty working out how to implement a suitable scheme.
<snip>
I need advice on how to:
a. retrieve the email address from NewGroup.GroupAttributes
Figured that one out: $page = RetrieveAuthPage(...); $page['email']
contains the email address.
b. check that the attr password is valid and that only the generated
value allows the resetpasswd action
I think the trick is to set $DefaultPasswords['attr'] = '*'; in
local/config.php, then by default only the admin password will work.
We generate a random password, store it (encrypted) in passwdattr and
email it to the user's designated address.
Then we can use the standard password prompt mechanism, and only the
admin password or the generated value will work.
c. unset the attr password in a way that does not open
NewGroup.GroupAttributes to editing by all and sundry
If we 'clear' the attr password, the default password reverts to '*' and
the attributes screen remains locked to non-admin users.
d. deal with the case where a user with an edit password has accessed
NewGroup.GroupAttributes?action=attr
Setting $DefaultPasswords['attr'] = '*'; prevents this.
Comments?
[1] http://www.pmwiki.org/wiki/Cookbook/NewGroupBox
JR
--
John Rankin
Affinity Limited
T 64 4 495 3737
F 64 4 473 7991
M 021 RANKIN
john.ran...@affinity.co.nz
www.affinity.co.nz
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
