WWW::Kontent::Class::User - User page class for Kontent
# Attributes kontent:class=user kontent:version=1 user:givenname=User's first name user:surname=User's last name user:email=User's e-mail address user:profile=Visible content of user's page user:proftype=text/x-kolophon user:salt=Short, random string hashed with the password user:password=Hashed and salted password value
User is a class representing a user's page.
Within Kontent, a "user" is simply a page somewhere in your Kontent instance; users are usually indicated in revision attributes by storing the path to their user page. User pages are responsible for authenticating the users they represent, so different user pages can authenticate in different ways; for example, a hypothetical AdminUser class could use challenge-response authentication for additional security, while a hypothetical LDAPUser class could authenticate against an LDAP server. Any page that can intelligently handle the 'login' mode can act as a user page.
This User class uses a simple hashed and salted password for authentication. It keeps a user's given name, surname and e-mail address as attributes; these can be used as the site's administrator pleases. Future versions of User will include a feature to send an e-mail message to a user, but this is not yet implemented; for now the mode for this simply returns an empty skeleton.
The user's given name (first name).
The user's surname (last name).
The user's e-mail address. This is not currently used by the system.
The user's profile; this is displayed when the user page is in 'view' mode.
The MIME type of the user's profile. By default this is
A short, random hexadecimal string which is hashed with the user's password. The salt is important to password security; it makes it much harder to perform so-called "dictonary attacks" against a stolen Kontent store to retrieve passwords.
The salt should be guarded as jealously as the password itself. It may or may not change when the password changes; this should be considered an implementation detail, and the value of the salt should not be depended upon for anything but password processing. In particular, it is not a user ID number of any kind.
The hashed password. Note that the password is hashed along with the salt and some other data, so this is not just a hash of the password. This is stored in Kontent's standard hash format (hash type, colon, Base64 hash); see WWW::Kontent::Hash for more details.
view, history, email, login, create, edit