[dokuwiki] Re: Allow users to only change password
- From: Chris Smith <chris@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Thu, 29 Jun 2006 16:20:22 +0100
Oliver Geisen wrote:
Hello,
i want my users to change their password in the userprofile page, but
not the other fields (email, etc). Is this possible, and how ?
What is the place to start looking (in source) ?
Oliver, you need to find a multi file search program. Thats what I use
to locate things. Examine the form and choose one of its field names
(the more likely to be unique the better) and then find all its occurences.
Most dokuwiki action processing happens in either inc/action.php or
(acl/user stuff) in inc/auth.php
Your simple (insecure) solution is simply to alter the generated forms
to either (or both)
- remove "name" property from elements that shouldn't be processed
- set disabled property on those elements
- make them hidden
Its insecure as the form could be modifed and submitted with values for
those items. If you locate the handling function, ensure the incoming
data can't be used to alter the the fields you don't want changed.
For why, are you not allowing your users to alter their email address or
names?
If those particular fields are never set from DokuWiki, disable the
modification of them in the ACL handler class you are using.
Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts: