rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: nrthombare on March 30, 2009, 05:26:34 AM

Title: How can users of my side can be allowed to change their passwords once created
Post by: nrthombare on March 30, 2009, 05:26:34 AM

How can users of my side can be allowed to change their passwords once created

PL specify how?

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on March 30, 2009, 10:49:44 AM

we are working on this feature.
the default template doesn't include it yet.
only few did it.

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: SilentPliz on March 30, 2009, 02:28:47 PM

   
For that the user will change his password ...

One condition:
Use a recent beta version of HFS:

In the default template for that version, add:

For the menu, add the blue line:

{.if not| %user%          | <li><a href="~login"><img src="/~img27"> Login</a></li> .}
{.if| %user%          | <li><a href="/~selfpasschanger?remotefolder=%folder%"><center>{.!Change Password.}</center></a></li> .}
{.if| {.get|can upload.}  | <li><a href="~upload"><img src="/~img32"> Upload</a></li> .}


Then add the following before the section [special:strings]:

Code: [Select]

[selfpasschanger]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style>
  <br/>
<title>{.!Change my Password.}</title>
</head>
<body>
<div id='body'>
<img src="/~img27"><font size="3" color=555"> {.!Welcome.} %user% !</font size>
<br/><hr color=555"> </b>
<br/>
- {.!To use this function, simply enter your.} <b>{.!New Password.}</b>.<p>
- {.!Then.} {.!click on.} <FONT COLOR=firebrick><b>{.!Change.}</b></FONT COLOR=firebrick>.
  <br/>
  <br/> 
  <p>
  <br/>
<form method=post action="/~selfpasschange?remotefolder={.?remotefolder.}">
  <table>
  <tr><td align=left><b><font size="4">{.!Username.}</font></b><td><b><font size="4"> &nbsp;</b><INPUT READONLY NAME="name" value="%user%" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25">
  <tr><td align=left><b><font size="4">{.!New Password.}</font></b><td><b><font size="4"> &nbsp;</font></b><span style="background-color: #000000"><input name="newpass" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25"></span>
  <tr><td align=left><font size="4"><td align=center><br/><input type=submit value="{.!Change.}">
  </tr></table>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>

[selfpasschange]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style> 
  <br/>
<title>{.!Pass Changer.}</title>
</head>
<body>
<div id='body'>
{.set account|{.postvar|name.}|password={.postvar|newpass.}.}
<img src="/~img27"><font size="3" color=555"> %user% </font>
  <br/>
  <hr color=555">
  <br/>
<p><font size="4">{.if|{.get|account|{.postvar|name.}|{.postvar|newpass.}.}|<b>{.!The new password is.}/if.} </b>: <font size="4" color=555"><INPUT READONLY NAME="name" value="{.postvar|newpass.}" style="text-align:center; font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="35"></font></p>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>


It is possible to do better... like to demanding the old password for verification before accept the new one... but the required changes are not yet included in the official "beta".

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 01, 2009, 01:21:23 PM

Nice, but would it be possible to ask the user the new password twice and check for consistency?

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: SilentPliz on April 01, 2009, 03:41:01 PM

   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving.  :)

But perhaps you used an imput type "password"?

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: TCube on April 01, 2009, 06:07:52 PM

Quote from: luca69 on April 01, 2009, 01:21:23 PM

Nice, but would it be possible to ask the user the new password twice and check for consistency?

Let me change one thing in my signature : " .... someone will make a better idiot"

 ;D

I'm out .....

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 02, 2009, 11:17:07 AM

Quote from: SilentPliz on April 01, 2009, 03:41:01 PM

   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving.  :)

But perhaps you used an imput type "password"?

Yes I used the type "password" so that the text entered by the user is not visible.
I searched for a simple peace of code to do the comparison between two text/password fields, but I google was not giving me a solution :(
Any hint?

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on April 02, 2009, 02:01:55 PM

you should first duplicate the field.
since the password field is named "newpass", this duplicate should be named "newpass2".

Then you should have in the other page a code like this
{.if|{.{.postvar|newpass.} = {.postvar|newpass2.}.}
|{:{.set account|%user%|password={.postvar|newpass.}.}:}
|the two passwords don't match, retry
/if.}

Please, notice i changed {.postvar|name.} with %user% here, because the version posted by SP is very dangerous. Any skilled user can remove the "readonly" thing and change the passwords of other accounts. Using "firebug" plugin (for firefox) is very easy.



finally and optionally, you may use a javascript code that will prevent submitting if the two passwords are different.

this can be done by adding to the submit button this value

onclick="if (document.newpass.value != document.newpass2.value) { alert('Error, please retype your passwords'); return false; }"

(this code is untested, may require some fixing)

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 03, 2009, 03:19:32 PM

Thanks for the hint: I'll try to use the java code  ;)

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 06, 2009, 12:54:34 PM

I completely forgot that I already solved the problem with the following function:

Code: [Select]

<script type="text/javascript">
function validatePassword(form){
if (form.pass1.value != form.pass2.value){
alert("Password mismatch: please enter again.");
return false;
  }
 return true;
}
</script>
and in the form the code

Code: [Select]

<form method=post action="/~userpasschange" onsubmit="return validatePassword(this);">
  <table>
  <tr><td align=left><b><font size="4"><font size="4">New Password</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass1 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><b><font size="4"><font size="4">Type Password again</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass2 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><font size="4">Click <a href="/">here</a> to return to HOME.</font><td align=center><input type=submit value="Change">
  </tr></table>
</form>

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on April 07, 2009, 02:10:18 PM

you may decide to use my version in case you want it to be compatible with no javascript. it's up to your needs.

Quote

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 14, 2009, 09:55:34 AM

Quote from: rejetto on April 07, 2009, 02:10:18 PM

Quote

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?

Just in case the 2 passwords entered do not match ;)

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on April 15, 2009, 03:13:12 PM

you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();

Title: Re: How can users of my side can be allowed to change their passwords once creat
Post by: luca69 on April 17, 2009, 07:34:47 AM

Thanks for the hint ... I'll try

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 21, 2009, 11:32:37 AM

Quote from: rejetto on April 15, 2009, 03:13:12 PM

you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();

It does not work :( If you put that peace of code, the password is ALWAYS changed (even if pass1 != pass2)

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on April 21, 2009, 07:21:48 PM

you asked for a code to clean&focus, so how can you say it does not work because the password is changed.
it has nothing to do with it. it's like complaning because it does not wash your car :)

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: luca69 on April 23, 2009, 01:32:17 PM

Quote from: rejetto on April 21, 2009, 07:21:48 PM

you asked for a code to clean&focus, so how can you say it does not work because the password is changed.
it has nothing to do with it. it's like complaning because it does not wash your car :)

Maybe you got me wrong.

Let's summarize once again:

This is the current peace of code:

Code: [Select]

<form method=post action="/~userpasschange" onsubmit="return validatePassword(this);">
  <table>
  <tr><td align=left><b><font size="4"><font size="4">New Password</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass1 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><b><font size="4"><font size="4">Type Password again</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass2 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><font size="4">Click <a href="/">here</a> to return to HOME.</font><td align=center><input type=submit value="Change">
  </tr></table>
</form>
It uses a java script called "validatePassword" to check that pass1 and pass2 match:

Code: [Select]

<script type="text/javascript">
function validatePassword(form){
if (form.pass1.value != form.pass2.value){
alert("Password mismatch: please enter again.");
return false;
  }
 return true;
}
</script>
It works fine. If pass1 != pass2 then there is a message box and the user has to enter the new password again.

But first the user must "clean" the fields pass1 and pass2.

Here it comes your hint and I modified the java code:

Code: [Select]

<script type="text/javascript">
function validatePassword(form){
if (form.pass1.value != form.pass2.value){
alert("Password mismatch: please enter again.");
return false;
    from.pass1.value = "";
    from.pass2.value = "";
  form.pass1.focus();
  }
 return true;
}
</script>
Now the message box pops up but the password is ALWAYS changed, even if the pass1 !=  pass2 !

Is it clear now?

PS: Sorry for such a silly questions, but I'm not a java expert :(

Title: Re: How can users of my side can be allowed to change their passwords once created
Post by: rejetto on April 24, 2009, 12:09:06 AM

try fixing "from." in "form."
and move my code before the alert()

Title: Re: How can users of my side can be allowed to change their passwords once creat
Post by: luca69 on April 24, 2009, 07:46:16 AM

Quote from: rejetto on April 24, 2009, 12:09:06 AM

try fixing "from." in "form."
and move my code before the alert()

DAMMIT!!! YOU ARE RIGHT !!!

...I'm getting old  :(

PS: It is working also without moving the code before the alert()  ;)