On 07/02/2014 03:56 PM, Crisses wrote: > Right now, an admin has to change passwords in AuthUser. Some people > don't want to tell the admin their password.
To avoid e-mailing passwords in plain text, you can always ask users to encrypt their password with action=crypt and then email the resulting string to you. Anyway, I agree that some more sophisticated user/password management tools would be great. --StefCT > > I am working on a membership site where members will log in and need > edit permissions to their own profile information (name, contact info, > description, etc.), can change their own passwords, are in a group > @members so that permissions can be doled out around the website, some > members can be @admin (or other permission group) privileged. And I'd > like to avoid using a database. > > I'm looking through PmWiki documentation, recipes, etc. So many recipes > are old, haven't been maintained in 4+ years, are not PHP5 (much less > 5.5) compatible, etc. I was trying to get .htpasswd files working, > spent a whole day on that, got it working -- but the recipe I was going > to use to handle password updating and group management > is http://www.pmwiki.org/wiki/Cookbook/HtpasswdForm -- and it's broken > (and too complicated for an easy fix). I put the (:command:) in the > page, and the page comes out blank when it should come up with password > updating and group permissions forms. > > In all honesty, I love the simplicity of AuthUser. It would be lovely > if PmWiki finally got -- a little -- more sophisticated on user/password > management. Here's my thought on how it can be set up for users to edit > their own password: > > Similar to SiteAdmin there could be a locked-down group, perhaps (to > keep with $BaseName tactics) "Profile-Data". This would be a PmWiki > data page hidden from the world. In it could be profile data (page > $Name = username, crypt'd password, email address, phone number, member > expiration date, whatever...). > > What I need: > > I would like to be able to tell SiteAdmin/AuthUser to use > Profile-Data/{$username}$:passwd for username/password auth. So just > like it would grab a username/password from the SiteAdmin/AuthUser page, > I want it to grab the passwd: <encrypted password> from their > Profile-Data page. > > I also need a way to set group access attributes so that only > id:{*$Name} (i.e. the current wiki page name) could edit their own pages > (plus admins of course). That might be configurable already via > local/Profiles.php > > This I can probably do, although I'm rusty: > > The user corresponding to the Profile, when logged in, can either > directly edit their Profile-Data page, or (when one has edit > permissions) there can be a form for updating their > Profile-Data/$username data that saves data and the encrypted password > to the corresponding Profile-Data/$Name page (cf how PmForm saves data > to another page) while visiting their own Profile. > > Then the only case in which an admin is needed is if a user forgets > their password, not if they just want to change it. This means admins > can set an initial password and the users can change their own password > after their first login. > > Crisses > > > > _______________________________________________ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users