On Sun, 2008-09-21 at 23:25 +0200, Israel Saeta Pérez wrote: > Hello list, > > On Sun, Sep 21, 2008 at 8:23 AM, Samuel Murray (Groenkloof) > <[EMAIL PROTECTED]> wrote: > > Israel Saeta Pérez wrote: > > > >> The automated process could be: > >> 1) The user clicks the "I've lost my password" link and enter his username. > >> 2) A random password reset hash code is generated and associated to > >> the user_id and the current date in a (special) table. > >> 3) The hash code is sent to the user's email. > >> 4) The user access a special URL with the code in it, like > >> http://example.org/passwordrecovery/ahx4bFj84DjunX0hax0r, in less than > >> 24h. > >> 5) The user sets his new password. > > > > I have no objection to this method, or any other method, but who would > > be coding it? The problem with such elegant solutions is that they > > require extensive coding. This is the reason for my temporary solution > > -- it requires only a few simple changes to the HTML templates, and > > perhaps one static HTML file. > > I totally agree: the first inmediate thing to tackle would be the > mail-to-admin solution, since it looks really easy to implement and > later the automatic method, only if somebody is keen on implementing > it. > > Unfortunately I've never touched a line of jToolkit but I have some > SQLAlchemy an Python skills, if it helps.
Wonderful! You have the job ;) Seriously, I had/have no jToolkit skills and Pootle code to me is mystically. Yet I managed to add plural support for live translations and a number of other tweeks. Doing the password recovery would really just bee checking how we currently do passwords and slowly working towards the goal. Are you up for it? > > > Pootle currently requires activation of an account. This is not ideal, > > IMO, because the user must remember what password he had chosen when he > > registered. The act of activation does not automatically log in the > > user. The user must also remember his username. This may seem a > > trivial thing, but looking at the HTTP logs I can tell you that new > > users often get their usernames wrong the first time they try to log in > > (and I can only wonder how many users we lose because of that). A > > common problem is capitalisation (as user names are case-sensitive). > > Isn't his username mentioned in the activation email? Or there isn't > any activation email? Sorry for so newbie question. > > Anyways, I guess the login function could be hacked to accept email > addresses instead of usernames too. > > > If there is going to be extensive coding, perhaps we should look at the > > whole issue of registration and not just lost passwords. > > Why not? But I don't know how high is this in the Pootle development > priority list. > > -- Israel > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Translate-pootle mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/translate-pootle -- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Translate-pootle mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/translate-pootle
