2005-01-14
jcarroll
New install of DokuWiki on Fedora Core 3, Apache 2.0, PHP 4.3.10.
I set up the ACLs the way I want (ie, anyone can read, but you need to be logged in to create/edit).
Discovered that when a user registers, a randomly generated password gets e-mailed. Preferred to use a password I can remember (something you know) and not a piece of paper (something you have).
Found the wiki:tipsandtricks:resetpassword page and applied all the changes there (except the very last one, ie, disabling e-mailing the password).
Now for the interesting behaviour.
First I removed my name by hand from users.auth then registered the same name as I was using before. Selected the password myself, and it was e-mailed to me. (Not sure if this was the desired behaviour.) Login after that was successful. Logged out.
Then I wondered what would happen if I tried to register the same username again, so I tried it. Even though I specified my same (memorable) password, it e-mailed me a new (random generated) password. Sure enough, when I tried to login with my chosen password, it failed, and when I tried the random one, it worked.
I checked users.auth just to verify that there was only one entry for my username, which there was.
Again I tried to register the same name while specifying my chosen password. Again it e-mailed me a random password.
Next I removed myself by hand from users.auth.
I tried again to register with a chosen password, and was successful (verified by receiving an e-mail with my chosen psasword and logging in).
I suspect the desired behaviour would be:
- if the user chooses a password, don't e-mail it, and don't change it to a random password
- if the user doesn't choose a password, e-mail a random one
I did take a look at wiki:tipsandtricks:allowusertosetpassword but felt it would be better to be able to reset it hence the choice of the other tip.