[Mapbender-dev] Setting the user's password when creating a
new user
Arnulf Christl
arnulf.christl at wheregroup.com
Mon Jul 27 06:32:18 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Astrid Emde schrieb:
>
> On Fri, July 17, 2009 4:35 pm, Verena Diewald wrote:
>> Hi list,
>>
>> I would like to outline an additional way for the work flow of setting
>> the
>> user's password in Mapbender's administration application (gui).
>>
>> The way it works now: The administrator user is the one who creates a new
>> user
>> and defines the new user's password by typing in a password. This is
>> not a
>> good process as in most use cases the administrator user should not know
>> the
>> password of her users.
>>
>> My proposal is as follows:
>> - the administrator user creates a user without manually setting the
>> password -> A generated one-time password is created dynamically and
>> stored
>> in the password field.
>> - When the new user's data is written to the mb_user table simultaneously
>> a
>> ticket number for that new user is written into table mb_user (new field)
>> - An e-mail is sent to the new user which contains a link (ticket number
>> of
>> this user is sent as a parameter) to a new Mapbender module (for example:
>> mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form
>> where
>> the user is requested to insert her new password (twice for confirmation,
>> as
>> we already have it).
>> - If the ticket number is not valid the module returns an error (you are
>> not
>> authorized, please request a new ticket, etc.) The ticket in the table
>> mb_user is deleted.
>> - If the ticket number is valid, the new password will be saved in db and
>> the
>> ticket number of this user will be deleted
>>
>> The new module could be based on or be an enhancement of the
>> module "ForgottenPassword" which does some related things.
>>
>> What do you think? Any suggestions concerning that topic?
>
> Hello Verena,
>
> your idea sounds good to me.
>
> 1. But still it should be possible to set the password by the creator of
> a new user. Sometimes you have user representing a group of user (demo,
> kataster, citymap) only to generate a link to another application. Here
> you want to set the password by yourself to a defined word.
>
>
> 2. The user should be able to set the password by himself if the
> selfgenerated is too ugly
>
> Best regards astrid
Hey,
following up on:
http://logs.qgis.org/mapbender/%23mapbender.2009-07-20.log
07:30:07 seven: verena: We can refine the idea in the Wiki.
The process is refined, it is even a little simpler now and contains all
the we need.
Best regards,
Arnulf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkptgi0ACgkQhcSN09gHfZzX9wCgpvkOi0RcsAfvpaWmoKmfl2Qq
9tIAnitun46FCqqRWd+oUDJzE2QlR1hH
=QxQf
-----END PGP SIGNATURE-----
More information about the Mapbender_dev
mailing list