[Mapbender-dev] Setting the user's password when creating a new user

Verena Diewald verena.diewald at wheregroup.com
Fri Jul 17 10:35:49 EDT 2009

Hi list,

I would like to outline an additional way for the work flow of setting the 
user's password in Mapbender's administration application (gui).

The way it works now: The administrator user is the one who creates a new user 
and defines the new user's password by typing in a password. This is not a 
good process as in most use cases the administrator user should not know the 
password of her users.

My proposal is as follows: 
- the administrator user creates a user without manually setting the 
password -> A generated one-time password is created dynamically and stored 
in the password field. 
- When the new user's data is written to the mb_user table simultaneously a 
ticket number for that new user is written into table mb_user (new field)
- An e-mail is sent to the new user which contains a link (ticket number of 
this user is sent as a parameter) to a new Mapbender module (for example: 
mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form where 
the user is requested to insert her new password (twice for confirmation, as 
we already have it).
- If the ticket number is not valid the module returns an error (you are not 
authorized,  please request a new ticket, etc.) The ticket in the table 
mb_user is deleted.
- If the ticket number is valid, the new password will be saved in db and the 
ticket number of this user will be deleted

The new module could be based on or be an enhancement of the 
module "ForgottenPassword" which does some related things.

What do you think? Any suggestions concerning that topic?

Best regards


More information about the Mapbender_dev mailing list