Tom Collins wrote:
I've got the core code working for a feature that I've wanted to see for some time, and I imagine it would be helpful to others as well.
I've been able to have QmailAdmin display a single screen that asks for email address, old password, new password and a second copy of the new password. It will then authenticate the user and change their password (with all requisite error checking of course, including whether the NO_PASSWD_CHNG flag is set).
Cool!
I'm wondering what behavior it should follow when the change is complete, and what sort of links should be present when attempting to make the change.
Assuming that it is a separate URL from the regular entry to qmailadmin I think there should be an escape link to returntext/returnhttp to allow them to back out. Since it is a separate, standalone function just for changing your password, that is probably all that should appear.
Maybe a link to the main qmailadmin login page... maybe not. I'm thinking if the person making the link to the password change page wants them in qmailadmin proper they can provide a link on the calling page themselves.
If the user changes their mind, should I show the returntext/returnhttp cgi parameters (as with the main code)?
Yes, as long as returntext/returnthttp exists. If not don't provide any links on the password change entry page. If an admin wants additional links there they can modify the templates.
After the change, should I display a temporary success screen and then meta refresh to the returnhttp URL if present?
Sounds perfect. Please include a link with the usual "If you are not returned to $returntext in 10 seconds, click here."
What if returnhttp/returntext isn't set?
If there is no returntext/returnhttp, I guess they'll just have to exit the browser, select a bookmark or otherwise go where ever they want to go next. Anyone providing a link to this special URL should be responsible for providing the return link.
If you want to work really hard, you might send them back to the referrer page they entered from, but I think if the person building the link to the password change page doesn't provide returntext/returnhttp you should just leave out the link and the meta refresh and leave them on the success page.
