How can users of my side can be allowed to change their passwords once created

[nrthombare]

How can users of my side can be allowed to change their passwords once created

PL specify how?

[rejetto]

we are working on this feature.
the default template doesn't include it yet.
only few did it.

[SilentPliz]

   
For that the user will change his password ...

One condition:
Use a recent beta version of HFS:

In the default template for that version, add:

For the menu, add the blue line:

{.if not| %user%          | <li><a href="~login"><img src="/~img27"> Login</a></li> .}
{.if| %user%          | <li><a href="/~selfpasschanger?remotefolder=%folder%"><center>{.!Change Password.}</center></a></li> .}
{.if| {.get|can upload.}  | <li><a href="~upload"><img src="/~img32"> Upload</a></li> .}


Then add the following before the section [special:strings]:

Code:

[selfpasschanger]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style>
  <br/>
<title>{.!Change my Password.}</title>
</head>
<body>
<div id='body'>
<img src="/~img27"><font size="3" color=555"> {.!Welcome.} %user% !</font size>
<br/><hr color=555"> </b>
<br/>
- {.!To use this function, simply enter your.} <b>{.!New Password.}</b>.<p>
- {.!Then.} {.!click on.} <FONT COLOR=firebrick><b>{.!Change.}</b></FONT COLOR=firebrick>.
  <br/>
  <br/> 
  <p>
  <br/>
<form method=post action="/~selfpasschange?remotefolder={.?remotefolder.}">
  <table>
  <tr><td align=left><b><font size="4">{.!Username.}</font></b><td><b><font size="4"> &nbsp;</b><INPUT READONLY NAME="name" value="%user%" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25">
  <tr><td align=left><b><font size="4">{.!New Password.}</font></b><td><b><font size="4"> &nbsp;</font></b><span style="background-color: #000000"><input name="newpass" style="font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="25"></span>
  <tr><td align=left><font size="4"><td align=center><br/><input type=submit value="{.!Change.}">
  </tr></table>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>

[selfpasschange]
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <link rel="stylesheet" href="/~style.css" type="text/css">
<style fprolloverstyle>A:hover {color:#b30000; font-style: italic;}
</style> 
  <br/>
<title>{.!Pass Changer.}</title>
</head>
<body>
<div id='body'>
{.set account|{.postvar|name.}|password={.postvar|newpass.}.}
<img src="/~img27"><font size="3" color=555"> %user% </font>
  <br/>
  <hr color=555">
  <br/>
<p><font size="4">{.if|{.get|account|{.postvar|name.}|{.postvar|newpass.}.}|<b>{.!The new password is.}/if.} </b>: <font size="4" color=555"><INPUT READONLY NAME="name" value="{.postvar|newpass.}" style="text-align:center; font-size:10pt; font-weight:bold; color:7F7F7F; background-color:FFFFFF; border:3px solid #AB9F82;" size="35"></font></p>
  <br/>
  <hr color=555">
<center><a href="{.?remotefolder.}">{.!UP.}{.repeat|2|&nbsp;.}</a></p></center>
</form>
</body>
</html>

It is possible to do better... like to demanding the old password for verification before accept the new one... but the required changes are not yet included in the official "beta".

[luca69]

Nice, but would it be possible to ask the user the new password twice and check for consistency?

[SilentPliz]

   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving. 

But perhaps you used an imput type "password"?

[TCube]

Nice, but would it be possible to ask the user the new password twice and check for consistency?

Let me change one thing in my signature : " .... someone will make a better idiot"

 

I'm out .....

[luca69]

   
Yes, it probably possible, but in this present case, the new password is filled in the field in text mode (not *****) by the user.
It seems to me rather pointless to confirm twice what the user can visualize while writing.
   
And in addition the new password is displayed after it is created ... the user may copy it for archiving. 

But perhaps you used an imput type "password"?

Yes I used the type "password" so that the text entered by the user is not visible.
I searched for a simple peace of code to do the comparison between two text/password fields, but I google was not giving me a solution
Any hint?

[rejetto]

you should first duplicate the field.
since the password field is named "newpass", this duplicate should be named "newpass2".

Then you should have in the other page a code like this
{.if|{.{.postvar|newpass.} = {.postvar|newpass2.}.}
|{:{.set account|%user%|password={.postvar|newpass.}.}:}
|the two passwords don't match, retry
/if.}

Please, notice i changed {.postvar|name.} with %user% here, because the version posted by SP is very dangerous. Any skilled user can remove the "readonly" thing and change the passwords of other accounts. Using "firebug" plugin (for firefox) is very easy.



finally and optionally, you may use a javascript code that will prevent submitting if the two passwords are different.

this can be done by adding to the submit button this value

onclick="if (document.newpass.value != document.newpass2.value) { alert('Error, please retype your passwords'); return false; }"

(this code is untested, may require some fixing)

[luca69]

Thanks for the hint: I'll try to use the java code 

[luca69]

I completely forgot that I already solved the problem with the following function:

Code:

<script type="text/javascript">
function validatePassword(form){
if (form.pass1.value != form.pass2.value){
alert("Password mismatch: please enter again.");
return false;
  }
 return true;
}
</script>

and in the form the code

Code:

<form method=post action="/~userpasschange" onsubmit="return validatePassword(this);">
  <table>
  <tr><td align=left><b><font size="4"><font size="4">New Password</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass1 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><b><font size="4"><font size="4">Type Password again</font></b></font></b><td><b><font size="4">: &nbsp;</font></b><span style="background-color: #000000"><input name=pass2 type=password style="font-size:10pt; font-weight:bold; border:1px solid #88f" size="20" ></span>
  <tr><td align=left><font size="4">Click <a href="/">here</a> to return to HOME.</font><td align=center><input type=submit value="Change">
  </tr></table>
</form>

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

[rejetto]

you may decide to use my version in case you want it to be compatible with no javascript. it's up to your needs.

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?

[luca69]

What is still open is a peace of code that cleans the entered fields and set the focus on the first widget for the new password

when should such actions be taken?

Just in case the 2 passwords entered do not match

[rejetto]

you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();

[luca69]

Thanks for the hint ... I'll try

[luca69]

you can do something like
form.pass1.value = "";
form.pass2.value = "";
form.pass1.focus();

It does not work If you put that peace of code, the password is ALWAYS changed (even if pass1 != pass2)