Version 1 (modified by wouter, 5 years ago) ( diff )

--

AccountManager

The accountmanager project contains software to manage user accounts. Users can create an account, log in, and reset their password.

This is a bare-bones system, the idea is that personal data is stored separately and that this is just for the account management.

The central class is CurrentUser. Any user that starts using your system starts as an anonymous CurrentUser(dbcon, mailer). dbcon is the connectino with the accounts database and mailer is handling notification mails to the user.

Account management

The software provides the main functionality register, login, resetpassword

  • register takes name, password and an optional email address. The user can enter anything here and nothing is checked by default, allowing the user to start quickly and work anonymously which is important in some use cases.
  • The login procedure takes the name and password. It does not require any cookies to work, so that it automatically complies with the cookie laws.
  • The reset-password function allows a user to enter just his user name and request a reset of his password. A new password is then mailed to the mail address that he provided. This reset is only possible if the user entered a working email address.

Security

All passwords are stored only after salting and hashing with 512 bit MD5. This follows 2020's standards for this.

Usage

When a new user arrives, your server program creates CurrentUser, typically with a call new CurrentUser(new DBConnection(), new DefaultMailer()).

To check if a user is logged in you call currentUser.getId(). It can only be non-null if the user has logged in because calling currentuser.login(NamePassword) is the only way to get an id.

The userID is a UUID and generated uniquely for each new user. All users also have unique user names.

Configuration

The database default database as created with

Note: See TracWiki for help on using the wiki.