Re: [Semanticscuttle-devel] Git on sourceforge filled / release task for Eric
Brought to you by:
cweiske
Menu
▾
▴
Re: [Semanticscuttle-devel] Git on sourceforge filled / release task for Eric
|
From: Christian W. <cw...@cw...> - 2011-01-22 22:02:44
|
Hi Mark, > 1) alter user table to include "privateKey" as varchar(32) with > unique index Yep. > 2) alter user db model to include new column I don't know if it's necessary; the user model is not used much yet IIRC. > 3) alter user service, specifically function getCurrentUserId() to > include looking at URL for &privatekey= > 4) alter api/* scripts to include privatekey auth Changing www/api/httpauth.inc.php should suffice, and the rss.php file. Maybe it should also just use the httpauth.inc.php file, but not require authentication (unlike the api files do); only use it to get login data if they are passed. > 5) alter template/profile.php and template/user.php to allow user to > see and possibly alter the 32 length key. Validation is definitely > required (len=32 and unique) I would not let the user manually enter a new key. Regenerating it is a better alternative. md5() returns 32 char strings. If you combine time() + rand() + a salt, you'll get pretty unique keys :) > 6) create upgrade script to fill new column with values perhaps you can get mysql to do that automatically and just add the SQL command to doc/upgrade.txt > I'm assuming it'll need to be alpha(upper and lower)+numeric value? md5 only returns numbers + lowercase letters, so this suffices. PS: Please send the mail to the list only, so everyone can participate and I don't get doubles :) -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
