[Mapbender-dev] Setting the user's password when creating a new user

Astrid Emde astrid.emde at wheregroup.com
Mon Jul 20 02:59:09 EDT 2009

On Fri, July 17, 2009 4:35 pm, Verena Diewald wrote:
> Hi list,
> I would like to outline an additional way for the work flow of setting the
> user's password in Mapbender's administration application (gui).
> The way it works now: The administrator user is the one who creates a new
> user
> and defines the new user's password by typing in a password. This is not a
> good process as in most use cases the administrator user should not know
> the
> password of her users.
> My proposal is as follows:
> - the administrator user creates a user without manually setting the
> password -> A generated one-time password is created dynamically and
> stored
> in the password field.
> - When the new user's data is written to the mb_user table simultaneously
> a
> ticket number for that new user is written into table mb_user (new field)
> - An e-mail is sent to the new user which contains a link (ticket number
> of
> this user is sent as a parameter) to a new Mapbender module (for example:
> mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form
> where
> the user is requested to insert her new password (twice for confirmation,
> as
> we already have it).
> - If the ticket number is not valid the module returns an error (you are
> not
> authorized,  please request a new ticket, etc.) The ticket in the table
> mb_user is deleted.
> - If the ticket number is valid, the new password will be saved in db and
> the
> ticket number of this user will be deleted
> The new module could be based on or be an enhancement of the
> module "ForgottenPassword" which does some related things.
> What do you think? Any suggestions concerning that topic?

Hello  Verena,

your idea sounds good to me.

1. But still it should be possible to set the password by the creator of 
a new user. Sometimes you have user representing a group of user (demo, 
kataster, citymap) only to generate a link to another application. Here 
you want to set the password by yourself to a defined word.

2. The user should be able to set the password by himself if the 
selfgenerated is too ugly

Best regards astrid

More information about the Mapbender_dev mailing list