I've posted this before and got no reponses, so either it can't be done, or it's so trival no one has bothered to responed? Are all of you manually maintaining users? I'm trying to build an interface to allow users to change their passwords (only their passwords not roles of course). I have no problem getting the new password and changing the old one. The problem is a professional site would ask the user to enter their current password and verify it is correct before they allow the user to change their password. The question then is does anyone have any ideas on how to compare a user entered password to what Zope has stored as the password? Thanks, DR
At 17:48 29-10-99 , Daniel G. Rusch wrote:
I've posted this before and got no reponses, so either it can't be done, or it's so trival no one has bothered to responed? Are all of you manually maintaining users?
I'm trying to build an interface to allow users to change their passwords (only their passwords not roles of course). I have no problem getting the new password and changing the old one.
The problem is a professional site would ask the user to enter their current password and verify it is correct before they allow the user to change their password.
The question then is does anyone have any ideas on how to compare a user entered password to what Zope has stored as the password?
You can't access the password from DTML, but you can from en external method. Just call _getPassword on a userobject. Better would be using the authenticate(password, request) method on the User object. Just pass in the (cleartext) password and the REQUEST object, and it will check both the password and the domain spec, if the User object has one. All this and more can be found in lib/python/AccessControl/User.py. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
Thanks for the reply, Before I posted my question, I crawled around lib/python/AccessControl/User.py, I saw both the _getPassword and authenticate methods. But, getPassword raises the NotImplemented exception as noted below: def _getPassword(self): """Return the password of the user.""" raise NotImplemented and authenticate calls the getPassword method, as noted below: def authenticate(self, password, request): passwrd=self._getPassword() Am I missing something? DR
Using Zope 2 with ZODBCA on NT 4.0 /IIS 4.0 via pcgi The data is in Visual FoxPro tables on another NT server connected via 100mbit ethernet. All the SQL statements except Create Table work fine. When I use a Create Table statement, the table is created on the machine runnig Zope and not the database machine. If I then issue an SQL Insert statement it gives me an ODBC error stating the file doesn't exist. For example: - I have an ZODBC connection to the \atidb\data directory on the database machine. - "create table test1 (name char(30), phone char(20))" returns normally and actually creates the test1 table in my Zope directory on the Zope machine - "insert into test1 (name, phone) values ('Fred', '123-456-7890')" returns a file doesn't exist ODBC error Anybody got any ideas? Is this a ZODBCDA problem or an ODBCA problem? __________________________________________________________________ Jim Sanford ^ Database Engineer ^ ^ ^ Accelerated Technology, Inc. ^ ^ 720 Oak Circle Drive East ^ ^ ^ Mobile, AL 36609 ^ ^ ^ Voice: 334-661-5770 fax: 334-661-5788 ^ ^ E-Mail: jsanford@atinucleus.com Web: http://www.atinucleus.com Source Code, No Royalties, Any CPU...It just make sense ! __________________________________________________________________
On Fri, 29 Oct 1999, Daniel G. Rusch wrote:
Thanks for the reply,
Before I posted my question, I crawled around lib/python/AccessControl/User.py, I saw both the _getPassword and authenticate methods.
But, getPassword raises the NotImplemented exception as noted below:
def _getPassword(self): """Return the password of the user.""" raise NotImplemented
Am I missing something?
Your looking at the base class BasicUser which defines the API. The userobjects you actually get will be of another class which uses this as a base clas, and will have overriden these methods. (eg. if you look further down this file you will find the User class which is the BasicUser implementation returned by the default acl_users folder (UserFolder). ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
At 22:20 29-10-99 , Daniel G. Rusch wrote:
Thanks for the reply,
Before I posted my question, I crawled around lib/python/AccessControl/User.py, I saw both the _getPassword and authenticate methods.
But, getPassword raises the NotImplemented exception as noted below:
def _getPassword(self): """Return the password of the user.""" raise NotImplemented
and authenticate calls the getPassword method, as noted below:
def authenticate(self, password, request): passwrd=self._getPassword()
Am I missing something?
Yes, the BasicUser class is an interface definition. Actual User objects are instances of the User class, which inherits from BasicUser, and defines a proper _getPassword method. It doesn't have to implement the authenticate method, it just inherits this from BasicUser. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
participants (4)
-
Daniel G. Rusch -
Jim Sanford -
Martijn Pieters -
Stuart 'Zen' Bishop