[Moin-devel] [ moin-Patches-638372 ] username/password authentication w/ SHA

[SourceForge.net]

Patches item #638372, was opened at 2002-11-14 13:44
Message generated for change (Comment added) made by thomaswaldmann
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=308482&aid=638372&group_id=8482

Category: None
Group: None
>Status: Closed
Resolution: None
Priority: 5
Submitted By: Bernhard Rosenkraenzer (bero)
Assigned to: Jürgen Hermann (jhermann)
Summary: username/password authentication w/ SHA

Initial Comment:
Hi,
I've noticed the earlier user/password authentication
patch posted here, and liked the idea (though not all
aspects of the implementation).

Here's a new patch (based on the older one) that
- works with CVS of about a week ago (didn't try today's)
- doesn't store plaintext passwords anymore (uses SHA
hashes)


----------------------------------------------------------------------

>Comment By: Thomas Waldmann (thomaswaldmann)
Date: 2003-11-19 18:07

Message:
Logged In: YES 
user_id=100649

merged into current CVS

----------------------------------------------------------------------

Comment By: Bernhard Rosenkraenzer (bero)
Date: 2003-03-21 17:45

Message:
Logged In: YES 
user_id=15538

Patch updated to current CVS 

----------------------------------------------------------------------

Comment By: Bernhard Rosenkraenzer (bero)
Date: 2002-12-04 17:31

Message:
Logged In: YES 
user_id=15538

Attaching yet another new version, adding a Sourceforge-like
Remember Me button determining the expiration time of the
login cookie.


----------------------------------------------------------------------

Comment By: Bernhard Rosenkraenzer (bero)
Date: 2002-12-04 16:19

Message:
Logged In: YES 
user_id=15538

I'm attaching another new version:
- Verified to work with today's CVS
- Allows users to change passwords
- Password repeat prompt when creating an account or
changing passwords
- shortens cookie expiration times - you typically don't
want non-expiring
  cookies for authenticated accounts

I'm not yet fully satisfied with the last part (cookie
expiration time); this should be configurable (like
Sourceforge's Remember Me checkbox, or maybe "if the user
has set a password, expire soon; if the user uses just the
ID cookie, don't expire") - but the rest of the patch should
be ok.


----------------------------------------------------------------------

Comment By: Bernhard Rosenkraenzer (bero)
Date: 2002-11-25 16:45

Message:
Logged In: YES 
user_id=15538

I'm attaching an updated version of this patch, fixing 1
typo and 1 thing I overlooked when porting the old patch to
current CVS (current.text -> _ in the user name already
exists error message)


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=308482&aid=638372&group_id=8482