[Mapbender-dev] Setting the user's password when creating a new user

Arnulf Christl arnulf.christl at wheregroup.com
Mon Jul 27 06:32:18 EDT 2009

Hash: SHA1

Astrid Emde schrieb:
> On Fri, July 17, 2009 4:35 pm, Verena Diewald wrote:
>> Hi list,
>> I would like to outline an additional way for the work flow of setting
>> the
>> user's password in Mapbender's administration application (gui).
>> The way it works now: The administrator user is the one who creates a new
>> user
>> and defines the new user's password by typing in a password. This is
>> not a
>> good process as in most use cases the administrator user should not know
>> the
>> password of her users.
>> My proposal is as follows:
>> - the administrator user creates a user without manually setting the
>> password -> A generated one-time password is created dynamically and
>> stored
>> in the password field.
>> - When the new user's data is written to the mb_user table simultaneously
>> a
>> ticket number for that new user is written into table mb_user (new field)
>> - An e-mail is sent to the new user which contains a link (ticket number
>> of
>> this user is sent as a parameter) to a new Mapbender module (for example:
>> mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form
>> where
>> the user is requested to insert her new password (twice for confirmation,
>> as
>> we already have it).
>> - If the ticket number is not valid the module returns an error (you are
>> not
>> authorized,  please request a new ticket, etc.) The ticket in the table
>> mb_user is deleted.
>> - If the ticket number is valid, the new password will be saved in db and
>> the
>> ticket number of this user will be deleted
>> The new module could be based on or be an enhancement of the
>> module "ForgottenPassword" which does some related things.
>> What do you think? Any suggestions concerning that topic?
> Hello  Verena,
> your idea sounds good to me.
> 1. But still it should be possible to set the password by the creator of
> a new user. Sometimes you have user representing a group of user (demo,
> kataster, citymap) only to generate a link to another application. Here
> you want to set the password by yourself to a defined word.
> 2. The user should be able to set the password by himself if the
> selfgenerated is too ugly
> Best regards astrid

following up on:

07:30:07  	seven:  	 verena: We can refine the idea in the Wiki.

The process is refined, it is even a little simpler now and contains all
the we need.

Best regards,

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Mapbender_dev mailing list