[Zope] Password 2nd Posting

Martijn Pieters mj@antraciet.nl
Fri, 29 Oct 1999 19:54:45 +0200


At 17:48 29-10-99 , Daniel G. Rusch wrote:
>I've posted this before and got no reponses, so either it can't be done,
>or it's so trival no one has bothered to responed? Are all of you
>manually maintaining users?
>
>I'm trying to build an interface to allow users to change their
>passwords (only their passwords not roles of course).
>I have no problem getting the new password and changing the old one.
>
>The problem is a professional site would ask the user to enter their
>current password and verify it is correct before they allow the user to
>change their password.
>
>The question then is does anyone have any ideas on how to compare a user
>entered password to what Zope has stored as the password?

You can't access the password from DTML, but you can from en external 
method. Just call _getPassword on a userobject.

Better would be using the authenticate(password, request) method on the 
User object. Just pass in the (cleartext) password and the REQUEST object, 
and it will check both the password and the domain spec, if the User object 
has one.

All this and more can be found in lib/python/AccessControl/User.py.


--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------