On Monday 24 May 2010 4:29:58 pm Wordit Ltd wrote: > I just realised this a lot simpler than I thought. There is no need > for temporarily storing the sign-up info. > > I think this should work: > > - user supplies email, username, password via a form > > - create a key containing supplied info plus a secret: sha1($email.). >
Who provides the secret string? if its just sha1($email) then its not difficult to create and get compromised. I am guessing you mean sha1($email.$username.$password) > - Mail to user. No record is kept because the key can be generated > from info the returning user enters plus the secret. > > - user goes to verification page and enters the info plus the key. The > key is checked. > > - if it matches, append, replace, or remove entry in wiki page > > The only general functions needed are to find a line in a wiki page, > and write to a page. (I guess both these already exist as pmwiki > functions?) > > > Marcus > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users -- Regards, V.Krishn _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
