27 Sep
2001
27 Sep
'01
10:10 p.m.
Toh Wanda writes:
.... I want users to be able to change their passwords, but only their own one. So they have to enter their username and password to get to a page with a form where they can enter the new password, if the given password for the username was correct.
How: I try to check this (as described in the book) with: <dtml-if expr="acl_users.getUser(REQUEST.form['Name']).authenticate(REQUEST.form['Passwort'],REQUEST)"> "acl_users.getUser" requires "Manage users" permission (usually owned only by the Manager) and "authenticate" is almost surely private to make it more difficult to use brute force to get a user's password.
Use an External Method... Dieter