[Zope] Re: Zope: .authenticate()
Dieter Maurer
dieter@handshake.de
Fri, 28 Sep 2001 00:10:12 +0200 (CEST)
Toh Wanda writes:
> ....
> I want users to be able to change their passwords, but only their own one.
> So they have to enter their username and password to get to a page with a
> form where they can enter the new password, if the given password for the
> username was correct.
>
> How:
> I try to check this (as described in the book) with:
> <dtml-if
> expr="acl_users.getUser(REQUEST.form['Name']).authenticate(REQUEST.form['Passwort'],REQUEST)">
"acl_users.getUser" requires "Manage users" permission
(usually owned only by the Manager) and
"authenticate" is almost surely private to make it more
difficult to use brute force to get a user's password.
Use an External Method...
Dieter