Mail password to users?

Discuss news styles, css code, and other Coranto customizations in here...the possibilities are endless, so have at it!

Moderator: Spunkmeyer

Mail password to users?

Postby Pirate Elf » Thu Apr 19, 2007 10:05 pm

Is this doable? If so what combo of addons would be needed for this to become a reality, because the number one thing I hear a lot is "I forgot my password" and would like a way to automate this process.
Nichts ist für dich
Nichts war für dich
Nichts bleibt für dich
Für immer
Pirate Elf
 
Posts: 732
Joined: Wed Jan 31, 2007 9:45 pm

Postby Alexv » Mon Apr 23, 2007 1:23 am

This is a feature which is very convenient, and is omnipresent amongst Coranto's competitors. This has been discussed in the past, and every time the conclusion was that it's best to do it in core (not with an addon). The reason behind it is (or was anyway, perhaps the policy has changed since) to make sure no addons are loaded until the user is logged-in. There are simply no addon hooks in that area (there was at one time, when Lawrence accidentally added one, but was quickly removed in a subsequent release). The fear was that a rogue addon could bypass Coranto's security by adding a backdoor or something. Of course one must realize that even if we don't load addons until a user is authenticated, once a user is in, an addon can do absolutely anything. That is, any addon could just modify the code in crcore.pl or coranto.cgi and insert a permanent backdoor.

The toughest challenge would probably be figuring out how to send the e-mail. Some server's don't have sendmail, some force you to authenticate, some users will be overwhelmed by the complex terminology, etc... Perhaps it's best to have an option to enable/disable e-mail features (similar to the way Coranto currently enables/disables features depending on whether the install is "Private" or "Public").
aka on ctus: alexv, aerosoul, billgates
Alexv
 
Posts: 33
Joined: Wed Jan 10, 2007 4:47 pm

Postby Parahead » Sat Apr 28, 2007 9:13 pm

The Coranto passwords are saved encrypted, not clear text. Thus it is not possible to submit the current password, but of course a new one can be created and sent when the user needs it. Just like this forum works...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden


Return to Customization

Who is online

Users browsing this forum: No registered users and 2 guests

cron