Some notes to understand the waltz of the data at the registration/login time. Apply to 1.10
provpass, hash, password refers to the users_users columns.
register with (login, pass)
direct:
- the hash is generated from the login/pass (hash_pass function)
- password is set to pass if passwords are keep clear otherwise is empty
- provpass is set to empty
need user validation
- the password_sent sent to the user is randomly generated (genPass function)
- the hash is generated from user/password_sent (hash_pass function)
- provpass is set to pass (clear pass)
- password is set to the clear pass if passwords are kept in clear, otherwise set to empty
- when user validates: (function tiki-login_validate.php)
- the hash_pass of login, pass_received, hash is compared to hash - must be equal
- the hash is generated form login/provpass (hash_pass function)
- provpass is empty
- note the confirmation email can not be used another time
need administration validation:
- the process is very similar to ' need user validation' except that the info is sent to the admin and not the user
login
- check if hash matched the login/pass (function hash_pass)
- provpass and password are not used
remind password
- if passwords kept in clear, send provpass or password is provpass is empty.... why?
- otherwise, provpass is randomly generated (genPass function) and sent to the user
- notice: a user can still log in with its old password
change password
password_due
- only redirect to change password page
email_due
- provpass is generated by gen_pass and sent to the user
- when user validate, provpass is compared and if ok set to '' otherwise error
alias
Some notes to understand the waltz of the data at the registration/login time. Apply to 1.10
provpass, hash, password refers to the users_users columns.
!register with (login, pass)
!!direct:
* the hash is generated from the login/pass (hash_pass function)
* password is set to pass if passwords are keep clear otherwise is empty
* provpass is set to empty
!!need user validation
* the password_sent sent to the user is randomly generated (genPass function)
* the hash is generated from user/password_sent (hash_pass function)
* provpass is set to pass (clear pass)
* password is set to the clear pass if passwords are kept in clear, otherwise set to empty
* when user validates: (function tiki-login_validate.php)
** the hash_pass of login, pass_received, hash is compared to hash - must be equal
** the hash is generated form login/provpass (hash_pass function)
** provpass is empty
** note the confirmation email can not be used another time
!!need administration validation:
* the process is very similar to ' need user validation' except that the info is sent to the admin and not the user
!login
* check if hash matched the login/pass (function hash_pass)
* provpass and password are not used
!remind password
* if passwords kept in clear, send provpass or password is provpass is empty.... why?
* otherwise, provpass is randomly generated (genPass function) and sent to the user
* notice: a user can still log in with its old password
!change password
!password_due
* only redirect to change password page
!email_due
* provpass is generated by gen_pass and sent to the user
* when user validate, provpass is compared and if ok set to '' otherwise error
!alias
*(alias(How login is done?))