Oh yeah, sorry. That would be an even better idea.callumacrae wrote:DavidIQ did not say that a password would be generated, he said a hash would be generated that would slow them to set their password (like resetting it does). It's a far better approach.Unknown Bliss wrote:+1DavidIQ wrote:Password could be left blank I think. Upon account creation if the password is not provided the email address that was assigned would receive a hash for activation at which point a password assignment is required.
So the admin can set the password or one can be generated.
[RFC] Create a new user account through the ACP
Re: [RFC] Create a new user account through the ACP
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] Create a new user account through the ACP
Yes that is exactly right. I kind of meant a link with a hash in it but whichever approach taken should be fine. Right now password reset does not force you to change the generated password so that logic might need a little massaging.callumacrae wrote:DavidIQ did not say that a password would be generated, he said a hash would be generated that would slow them to set their password (like resetting it does). It's a far better approach.Unknown Bliss wrote:+1DavidIQ wrote:Password could be left blank I think. Upon account creation if the password is not provided the email address that was assigned would receive a hash for activation at which point a password assignment is required.
So the admin can set the password or one can be generated.
Re: [RFC] Create a new user account through the ACP
And maybe while its being done adapt password reset to get you to change the password?DavidIQ wrote:Yes that is exactly right. I kind of meant a link with a hash in it but whichever approach taken should be fine. Right now password reset does not force you to change the generated password so that logic might need a little massaging.callumacrae wrote:DavidIQ did not say that a password would be generated, he said a hash would be generated that would slow them to set their password (like resetting it does). It's a far better approach.Unknown Bliss wrote:+1DavidIQ wrote:Password could be left blank I think. Upon account creation if the password is not provided the email address that was assigned would receive a hash for activation at which point a password assignment is required.
So the admin can set the password or one can be generated.
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
- imkingdavid
- Registered User
- Posts: 1050
- Joined: Thu Jul 30, 2009 12:06 pm
Re: [RFC] Create a new user account through the ACP
IMO that would be a separate RFC since it would be a part of other features than this one (i.e. password reset)Unknown Bliss wrote:And maybe while its being done adapt password reset to get you to change the password?
Re: [RFC] Create a new user account through the ACP
So an email confirmation would be sent out to the new user regardless if the admin chose the password or not, and explain the admin of "such and such board" has created your account or something like that.
-Jonah
- imkingdavid
- Registered User
- Posts: 1050
- Joined: Thu Jul 30, 2009 12:06 pm
Re: [RFC] Create a new user account through the ACP
Here's the flow as I see it now:jsbean wrote:So an email confirmation would be sent out to the new user regardless if the admin chose the password or not, and explain the admin of "such and such board" has created your account or something like that.
- Admin goes to new section in ACP to add a new user
- Admin fills out the form with registration details (i.e. email, username, optional password), sets profile info (including custom fields), and chooses user's group (defaults to newly registered group), etc.
- Email is sent to user informing them that the account was created. If the administrator entered a password, it will be displayed in the email (not sure if this is good, since that would be insecure if someone else accessed that email). Otherwise, a link is provided with an activation key.
- The user visits the link and is required to enter a new password.
Re: [RFC] Create a new user account through the ACP
Yes, if you want to do this please do it separately.imkingdavid wrote:IMO that would be a separate RFC since it would be a part of other features than this one (i.e. password reset)Unknown Bliss wrote:And maybe while its being done adapt password reset to get you to change the password?
Re: [RFC] Create a new user account through the ACP
Do we currently email users their passwords in any circumstances?imkingdavid wrote: [*]Email is sent to user informing them that the account was created. If the administrator entered a password, it will be displayed in the email (not sure if this is good, since that would be insecure if someone else accessed that email). Otherwise, a link is provided with an activation key.
Re: [RFC] Create a new user account through the ACP
Maybe a setting to set where the user requires email activation or will be automatically activated (especially for boards with admin activation)?
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: [RFC] Create a new user account through the ACP
Can't of course as it is stored hashed, not encrypted. The only time the password is emailed is when a reset is requested where a generic password is generated and stored (after email link is clicked on) and we used to email the password with the account creation but that was removed 2 or 3 versions ago.Oleg wrote:Do we currently email users their passwords in any circumstances?imkingdavid wrote: [*]Email is sent to user informing them that the account was created. If the administrator entered a password, it will be displayed in the email (not sure if this is good, since that would be insecure if someone else accessed that email). Otherwise, a link is provided with an activation key.