[Mapbender-dev] Setting the user's password when creating a new user
Verena Diewald
verena.diewald at wheregroup.com
Fri Jul 17 10:35:49 EDT 2009
Hi list,
I would like to outline an additional way for the work flow of setting the
user's password in Mapbender's administration application (gui).
The way it works now: The administrator user is the one who creates a new user
and defines the new user's password by typing in a password. This is not a
good process as in most use cases the administrator user should not know the
password of her users.
My proposal is as follows:
- the administrator user creates a user without manually setting the
password -> A generated one-time password is created dynamically and stored
in the password field.
- When the new user's data is written to the mb_user table simultaneously a
ticket number for that new user is written into table mb_user (new field)
- An e-mail is sent to the new user which contains a link (ticket number of
this user is sent as a parameter) to a new Mapbender module (for example:
mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form where
the user is requested to insert her new password (twice for confirmation, as
we already have it).
- If the ticket number is not valid the module returns an error (you are not
authorized, please request a new ticket, etc.) The ticket in the table
mb_user is deleted.
- If the ticket number is valid, the new password will be saved in db and the
ticket number of this user will be deleted
The new module could be based on or be an enhancement of the
module "ForgottenPassword" which does some related things.
What do you think? Any suggestions concerning that topic?
Best regards
Verena
More information about the Mapbender_dev
mailing list