Brent Royal-Gordon > WWW-Kontent > WWW::Kontent::Class::User

Download:
WWW-Kontent-0.02.tar.gz

Annotate this POD

View/Report Bugs
Source  

NAME ^

WWW::Kontent::Class::User - User page class for Kontent

SYNOPSIS ^

        # Attributes
        kontent:class=user
        kontent:version=1
        user:givenname=User's first name
        user:surname=User's last name
        user:email=User's e-mail address
        user:profile=Visible content of user's page
        user:proftype=text/x-kolophon
        user:salt=Short, random string hashed with the password
        user:password=Hashed and salted password value

DESCRIPTION ^

User is a class representing a user's page.

Within Kontent, a "user" is simply a page somewhere in your Kontent instance; users are usually indicated in revision attributes by storing the path to their user page. User pages are responsible for authenticating the users they represent, so different user pages can authenticate in different ways; for example, a hypothetical AdminUser class could use challenge-response authentication for additional security, while a hypothetical LDAPUser class could authenticate against an LDAP server. Any page that can intelligently handle the 'login' mode can act as a user page.

This User class uses a simple hashed and salted password for authentication. It keeps a user's given name, surname and e-mail address as attributes; these can be used as the site's administrator pleases. Future versions of User will include a feature to send an e-mail message to a user, but this is not yet implemented; for now the mode for this simply returns an empty skeleton.

Attributes

user:givenname

The user's given name (first name).

user:surname

The user's surname (last name).

user:email

The user's e-mail address. This is not currently used by the system.

user:profile

The user's profile; this is displayed when the user page is in 'view' mode.

user:proftype

The MIME type of the user's profile. By default this is text/x-kolophon.

user:salt

A short, random hexadecimal string which is hashed with the user's password. The salt is important to password security; it makes it much harder to perform so-called "dictonary attacks" against a stolen Kontent store to retrieve passwords.

The salt should be guarded as jealously as the password itself. It may or may not change when the password changes; this should be considered an implementation detail, and the value of the salt should not be depended upon for anything but password processing. In particular, it is not a user ID number of any kind.

user:password

The hashed password. Note that the password is hashed along with the salt and some other data, so this is not just a hash of the password. This is stored in Kontent's standard hash format (hash type, colon, Base64 hash); see WWW::Kontent::Hash for more details.

Modes

view, history, email, login, create, edit

SEE ALSO ^

WWW::Kontent, WWW::Kontent::Foundation, WWW::Kontent::Hash

syntax highlighting: