Access Control: User Self-registration and Management

run example

overview   applications   limitations   structure diagram   files   details

Overview

This is an example that allows a user to register information that is placed in the contacts template that can be used for subsequent access control etc. Passwords are generated by the system and automatically emailed to the user as verification that the email address is correct. Facilities provided in the example enable the user to edit their details, change their password and have a new password emailed to them if they have forgotten it. This example works in conjunction with the previous Programmatic Verification application.

The contacts management application in example one lets you set up the names, passwords and communities/OUs if required for this example.

Applications

This example application is applicable to all sites requiring user self-registration. It is especially easy to add this to an existing, static web site.

Limitations

This example is not meant to be an illustration of best practice for high security. Rather it is the type of user registration mechanism that would typically be provided by an application wishing to collect user details.

The Contacts Template works with one-way password encryption, it is not possible to recover a password from the template once it has been entered.

Structure Diagram

Application

Files  

Application

1 index.html HTML Page that points to registration and lost password pages.

2 session.inc

3 prefs.inc

Pattern page that is included by some of the other pattern pages, providing functions for easier addition/retrieval of Session data. Prefs.inc contains Global constants used by several of the other pages.

4 register.rhtm

Pattern page that allows a user to self register their name, email, security question/answer and preferred login name. If the username does not exist in contacts, the user is created and a password generated and emailed to the user.

5 lostpassword.rhtm

This pattern page takes as an input an email address, then looks up the matching user against the contacts template. If found, the security question (entered during registration) is presented and the answer entered; if matching the registered answer.a new password is generated and saved, and a confirmation email sent to the user.

6 edituser.rhtm A protected pattern page that allows a logged in user to edit their details against the contacts template. It allows for changing of the password.
7 privatefile.rhtm An example protected page.
8 publicfile.rhtm

Unprotected page.

9 noaccess.html

Used for re-direction when failed to loggon.

 

Details

This is an example of user self-registration using the contacts template and email template (an email is sent to the registered user with their generated password and confirmation of their username)

The registration page takes as input a name (contact name), a username (which is the unique Name used to login with) password and confirmation question and answer. All this information is stored in the contacts data. After checking to see if the requested login name is available, a password is generated and set on the contact, and a confirmation email is generated and sent to the user.