Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

Users changing passowrd

May 7, 2000, 3:09 PM
David Meade
Novice (22 posts)
May 7, 2000, 3:09 PM
Post #1 of 2
Views: 995
Shortcut
Quote Reply
Users changing passowrd
I am going to use dbman as a searchable database of users. So, I have just put into place the one record per user mod (option #4).

I would like the users to be able to change their password on the modify record form.

I tried to figure out how to do this....and failed. ;-)

I have created a modify_record_form sub procedure. This (currently) is nearly identical to the add_record_form as discussed in the MOD.

I have also added in the db.cgi sub modify_record:
Code:
#-------------------------------------------------------------------
$in{'login'} = 1;
$db_uid = "";
$in{'userid'} = $in{$db_cols[$auth_user_field]};
($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) = &auth_check_password;
if ($status eq "ok") {
db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/;
}
#--------------------------------------------------------------------

as this code was needed in the sub add_record, I thought it would be needed here too.

What do I need to do to achieve the following:
1) in the modify form, the password field should auto-populate with it's current value
2) submission of the modify form will update the users password (and UserID if changed).

Thanks for any help,
David Meade
david@davidmeade.com


------------------
May 7, 2000, 3:30 PM
JPDeni
Veteran / Moderator (8669 posts)
May 7, 2000, 3:30 PM
Post #2 of 2
Views: 960
Shortcut
Quote Reply
Re: Users changing passowrd In reply to
Take out the code you added to sub modify_record. That code is to log the user in after he adds the record. He should not be able to have access to the modify form unless he is already logged in.

You cannot autopopulate the password field with the current value. The passwords are encrypted and there is no way to decrypt them.

You should never -- and I repeat *NEVER* allow the users to change their userid once they have an account. There is too much that is associated with the userid.

------------------
JPD