[pmwiki-users] Limiting Edit to Login with Username only (no password required)

Philip Yates phil at philipyates.com
Mon Feb 26 11:34:03 CST 2007 

Two questions:

1.  For registration, how do you turn off encryption of passwords from a 
login form that stores passwords in .htpasswd (or anywhere else)?
2.  How to require, for edit privileges, a Username but not require a 
password? 

Why do I care?

I spent the weekend learning about AuthUser and UserAuth, and now I've 
got a login page and registration page that takes a username and a 
password, and no one can edit now with entering a password and a login 
name.  However,  there's no reason to impose a password obligation to 
edit 99% of the wiki.  For those parts of the wiki that need protection, 
I like the password-only access philosphy of pmWiki.  But I want users 
to make posts using their real name, and I want an email address for 
each user.  (For a community wiki, it's important to know who's posting.)

After a user has already registered once, how can I force a user to 
enter a name and an email address, and have a cookie remember the name 
he/she used the last time, without forcing the entry of a password to 
make a simple edit?   

The desired effect: User browses page, never having edited or logged in 
before.  He clicks on edit.  He sees a prompt asking for a UserName in 
FirstnameLastname format, and a block for entering an email address 
(twice), as the password.  He enters his name and email address (twice) 
and makes his edit.  Next time he browses and tries to edit, he sees a 
prompt for his UserName only, with a cookie set to enter it for him.   
The system allows him to edit if his UserName is on the list of 
UserNames already registered.  There is some chance that somebody will 
mistakenly enter somebody else's name by mistake, e.g. two people with 
almost the same name, but in a small community wiki, but I don't think 
that is a significant risk.  On the other hand, it's not much trouble to 
enter an email address whenever you want to make an edit.  Anythoughts 
on the tradeoffs here would be appreciated from this novice wiki admin.

Whether or not I turn off the requirement to enter a password for an 
edit, if I'm going to use the user's email address for a password, I'll 
need to see the email address.  How do I turn off the encryption so the 
email address is stored in a readable format?

Any other ideas or suggestions? 

-- 
Philip Yates
515 High St.
Oregon City, OR 97045
(503) 570-8000 cell
(503) 656-1127 home

More information about the pmwiki-users mailing list