[pmwiki-users] PmWiki standard AuthUser

StefCT stefct4 at gmail.com
Wed Jul 2 22:38:26 CDT 2014


On 07/02/2014 03:56 PM, Crisses wrote:
> Right now, an admin has to change passwords in AuthUser.  Some people
> don't want to tell the admin their password.

To avoid e-mailing passwords in plain text, you can always ask users to
encrypt their password with action=crypt and then email the resulting
string to you.

Anyway, I agree that some more sophisticated user/password management
tools would be great.

--StefCT


> 
> I am working on a membership site where members will log in and need
> edit permissions to their own profile information (name, contact info,
> description, etc.), can change their own passwords, are in a group
> @members so that permissions can be doled out around the website, some
> members can be @admin (or other permission group) privileged.  And I'd
> like to avoid using a database.
> 
> I'm looking through PmWiki documentation, recipes, etc.  So many recipes
> are old, haven't been maintained in 4+ years, are not PHP5 (much less
> 5.5) compatible, etc.  I was trying to get .htpasswd files working,
> spent a whole day on that, got it working -- but the recipe I was going
> to use to handle password updating and group management
> is http://www.pmwiki.org/wiki/Cookbook/HtpasswdForm -- and it's broken
> (and too complicated for an easy fix).  I put the (:command:) in the
> page, and the page comes out blank when it should come up with password
> updating and group permissions forms.
> 
> In all honesty, I love the simplicity of AuthUser.  It would be lovely
> if PmWiki finally got -- a little -- more sophisticated on user/password
> management.  Here's my thought on how it can be set up for users to edit
> their own password:
> 
> Similar to SiteAdmin there could be a locked-down group, perhaps (to
> keep with $BaseName tactics) "Profile-Data".  This would be a PmWiki
> data page hidden from the world.  In it could be profile data (page
> $Name = username, crypt'd password, email address, phone number, member
> expiration date, whatever...).
> 
> What I need:
> 
> I would like to be able to tell SiteAdmin/AuthUser to use
> Profile-Data/{$username}$:passwd for username/password auth.  So just
> like it would grab a username/password from the SiteAdmin/AuthUser page,
> I want it to grab the passwd: <encrypted password> from their
> Profile-Data page.
> 
> I also need a way to set group access attributes so that only
> id:{*$Name} (i.e. the current wiki page name) could edit their own pages
> (plus admins of course).  That might be configurable already via
> local/Profiles.php 
> 
> This I can probably do, although I'm rusty:
> 
> The user corresponding to the Profile, when logged in, can either
> directly edit their Profile-Data page, or (when one has edit
> permissions) there can be a form for updating their
> Profile-Data/$username data that saves data and the encrypted password
> to the corresponding Profile-Data/$Name page (cf how PmForm saves data
> to another page) while visiting their own Profile.
> 
> Then the only case in which an admin is needed is if a user forgets
> their password, not if they just want to change it.  This means admins
> can set an initial password and the users can change their own password
> after their first login.
> 
> Crisses
> 
> 
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
> 




More information about the pmwiki-users mailing list