Brent Royal-Gordon > WWW-Kontent > WWW::Kontent::Class::User


Annotate this POD

View/Report Bugs


WWW::Kontent::Class::User - User page class for Kontent


        # Attributes
        user:givenname=User's first name
        user:surname=User's last name
        user:email=User's e-mail address
        user:profile=Visible content of user's page
        user:salt=Short, random string hashed with the password
        user:password=Hashed and salted password value


User is a class representing a user's page.

Within Kontent, a "user" is simply a page somewhere in your Kontent instance; users are usually indicated in revision attributes by storing the path to their user page. User pages are responsible for authenticating the users they represent, so different user pages can authenticate in different ways; for example, a hypothetical AdminUser class could use challenge-response authentication for additional security, while a hypothetical LDAPUser class could authenticate against an LDAP server. Any page that can intelligently handle the 'login' mode can act as a user page.

This User class uses a simple hashed and salted password for authentication. It keeps a user's given name, surname and e-mail address as attributes; these can be used as the site's administrator pleases. Future versions of User will include a feature to send an e-mail message to a user, but this is not yet implemented; for now the mode for this simply returns an empty skeleton.



The user's given name (first name).


The user's surname (last name).


The user's e-mail address. This is not currently used by the system.


The user's profile; this is displayed when the user page is in 'view' mode.


The MIME type of the user's profile. By default this is text/x-kolophon.


A short, random hexadecimal string which is hashed with the user's password. The salt is important to password security; it makes it much harder to perform so-called "dictonary attacks" against a stolen Kontent store to retrieve passwords.

The salt should be guarded as jealously as the password itself. It may or may not change when the password changes; this should be considered an implementation detail, and the value of the salt should not be depended upon for anything but password processing. In particular, it is not a user ID number of any kind.


The hashed password. Note that the password is hashed along with the salt and some other data, so this is not just a hash of the password. This is stored in Kontent's standard hash format (hash type, colon, Base64 hash); see WWW::Kontent::Hash for more details.


view, history, email, login, create, edit


WWW::Kontent, WWW::Kontent::Foundation, WWW::Kontent::Hash

syntax highlighting: