rejetto forum

How can users of my side can be allowed to change their passwords once created

0 Members and 1 Guest are viewing this topic.

Offline nrthombare

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
How can users of my side can be allowed to change their passwords once created

PL specify how?


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
we are working on this feature.
the default template doesn't include it yet.
only few did it.


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1297
  • ....... chut ! shh!
    • View Profile
   
For that the user will change his password ...

One condition:
Use a recent beta version of HFS:

In the default template for that version, add:

For the menu, add the blue line:

{.if not| %user%          | <li><a href="~login"><img src="/~img27"> Login</a></li> .}
{.if| %user%          | <li><a href="/~selfpasschanger?remotefolder=%folder%"><center>{.!Change Password.}</center></a></li> .}
{.if| {.get|can upload.}  | <li><a href="~upload"><img src="/~img32"> Upload</a></li> .}


Then add the following before the section [special:strings]:

Code: [Select]
[selfpasschanger]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style>
  <br/>
<title>{.!Change my Password.}</title>
</head>
<body>
<div id='body'>
<img src="/~img27"><font size="3" color=555"> {.!Welcome.} %user% !</font size>
<br/><hr color=555"> </b>
<br/>
- {.!To use this function, simply enter your.} <b>{.!New Password.}</b>.<p>
- {.!Then.} {.!click on.} <FONT COLOR=firebrick><b>{.!Change.}</b></FONT COLOR=firebrick>.
  <br/>
  <br/> 
  <p>
  <br/>
<form method=post action="/~selfpasschange?remotefolder={.?remotefolder.}">
  <table>
  <tr><td align=left><b><font size="4">{.!Username.}</font></b><td><b><font size="4"> &nbsp;</b><INPUT READONLY NAME="name" value="%user%" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25">
  <tr><td align=left><b><font size="4">{.!New Password.}</font></b><td><b><font size="4"> &nbsp;</font></b><span style="background-color: #000000"><input name="newpass" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25"></span>
  <tr><td align=left><font size="4"><td align=center><br/><input type=submit value="{.!Change.}">
  </tr></table>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>

[selfpasschange]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style> 
  <br/>
<title>{.!Pass Changer.}</title>
</head>
<body>
<div id='body'>
{.set account|{.postvar|name.}|password={.postvar|newpass.}.}
<img src="/~img27"><font size="3" color=555"> %user% </font>
  <br/>
  <hr color=555">
  <br/>
<p><font size="4">{.if|{.get|account|{.postvar|name.}|{.postvar|newpass.}.}|<b>{.!The new password is.}/if.} </b>: <font size="4" color=555"><INPUT READONLY NAME="name" value="{.postvar|newpass.}" style="text-align:center; font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="35"></font></p>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>


It is possible to do better... like to demanding the old password for verification before accept the new one... but the required changes are not yet included in the official "beta".
« Last Edit: March 31, 2009, 12:45:26 PM by SilentPliz »


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
Nice, but would it be possible to ask the user the new password twice and check for consistency?
Life is what happens to you while you are busy making other plans


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1297
  • ....... chut ! shh!
    • View Profile
   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving.  :)

But perhaps you used an imput type "password"?
« Last Edit: April 01, 2009, 11:30:19 PM by SilentPliz »


Offline TCube

  • Tireless poster
  • ****
    • Posts: 445
    • View Profile
Nice, but would it be possible to ask the user the new password twice and check for consistency?


Let me change one thing in my signature : " .... someone will make a better idiot"

 ;D

I'm out .....
Make it idiot-proof and I will make a better idiot


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving.  :)

But perhaps you used an imput type "password"?

Yes I used the type "password" so that the text entered by the user is not visible.
I searched for a simple peace of code to do the comparison between two text/password fields, but I google was not giving me a solution :(
Any hint?
Life is what happens to you while you are busy making other plans


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
you should first duplicate the field.
since the password field is named "newpass", this duplicate should be named "newpass2".

Then you should have in the other page a code like this
{.if|{.{.postvar|newpass.} = {.postvar|newpass2.}.}
|{:{.set account|%user%|password={.postvar|newpass.}.}:}
|the two passwords don't match, retry
/if.}

Please, notice i changed {.postvar|name.} with %user% here, because the version posted by SP is very dangerous. Any skilled user can remove the "readonly" thing and change the passwords of other accounts. Using "firebug" plugin (for firefox) is very easy.



finally and optionally, you may use a javascript code that will prevent submitting if the two passwords are different.

this can be done by adding to the submit button this value

onclick="if (document.newpass.value != document.newpass2.value) { alert('Error, please retype your passwords'); return false; }"

(this code is untested, may require some fixing)


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
Thanks for the hint: I'll try to use the java code  ;)

Life is what happens to you while you are busy making other plans


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
I completely forgot that I already solved the problem with the following function:
Code: [Select]
<script type="text/javascript">
function validatePassword(form){
if (form.pass1.value != form.pass2.value){
alert("Password mismatch: please enter again.");
return false;
  }
 return true;
}
</script>

and in the form the code

Code: [Select]
<form method=post action="/~userpasschange" onsubmit="return validatePassword(this);">
  <table>
  <tr><td align=left><b><font size="4"><font size="4">New Password</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass1 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><b><font size="4"><font size="4">Type Password again</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass2 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><font size="4">Click <a href="/">here</a> to return to HOME.</font><td align=center><input type=submit value="Change">
  </tr></table>
</form>

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password
Life is what happens to you while you are busy making other plans


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
you may decide to use my version in case you want it to be compatible with no javascript. it's up to your needs.

Quote
What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile

Quote
What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?

Just in case the 2 passwords entered do not match ;)
Life is what happens to you while you are busy making other plans


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
Thanks for the hint ... I'll try
Life is what happens to you while you are busy making other plans


Offline luca69

  • Occasional poster
  • *
    • Posts: 95
    • View Profile
you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();


It does not work :( If you put that peace of code, the password is ALWAYS changed (even if pass1 != pass2)
Life is what happens to you while you are busy making other plans