Manage users/60/en: Difference between revisions
From LimeSurvey Manual
(Importing a new version from external source) |
(Importing a new version from external source) |
||
Line 1: | Line 1: | ||
'''Things to watch out for:''' | '''Things to watch out for:''' | ||
* To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code> | * To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>'use_one_time_passwords' => true</code>]] has to be added in config.php (it is 'false' by default). | ||
* The passed username has to exist in LimeSurvey | * The passed username has to exist in the LimeSurvey ''users table''. | ||
* The one-time password (which can be set via an external application) has to be stored as [https://secure.php.net/manual/en/function.md5.php MD5 hash] in column ''one_time_pw'' of table ''users''. | * The one-time password (which can be set via an external application) has to be stored as [https://secure.php.net/manual/en/function.md5.php MD5 hash] in the column ''one_time_pw'' of table ''users''. | ||
* | * The passed plain text password will be hashed using the sha256 function and will then compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match. | ||
* After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in | * After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in with that respective password a second time. | ||
Latest revision as of 17:38, 3 May 2022
Things to watch out for:
- To enable this login method, the line
'use_one_time_passwords' => true
has to be added in config.php (it is 'false' by default). - The passed username has to exist in the LimeSurvey users table.
- The one-time password (which can be set via an external application) has to be stored as MD5 hash in the column one_time_pw of table users.
- The passed plain text password will be hashed using the sha256 function and will then compared to the stored hash in column one_time_pw of table users. Both passwords have to match.
- After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in with that respective password a second time.