[Zope] Re: Zope: .authenticate()

Dieter Maurer dieter@handshake.de
Fri, 28 Sep 2001 00:10:12 +0200 (CEST)


Toh Wanda writes:
 > ....
 > I want users to be able to change their passwords, but only their own one.
 > So they have to enter their username and password to get to a page with a
 > form where they can enter the new password, if the given password for the
 > username was correct.
 > 
 > How:
 > I try to check this (as described in the book) with:
 > <dtml-if
 > expr="acl_users.getUser(REQUEST.form['Name']).authenticate(REQUEST.form['Passwort'],REQUEST)">
"acl_users.getUser" requires "Manage users" permission
(usually owned only by the Manager) and
"authenticate" is almost surely private to make it more
difficult to use brute force to get a user's password.

Use an External Method...



Dieter