Manage users/60/en: Difference between revisions
From LimeSurvey Manual
(Importing a new version from external source) |
(Importing a new version from external source) |
||
Line 1: | Line 1: | ||
'''Things to watch out for:''' | '''Things to watch out for:''' | ||
* | * To enable this login method, the line [[Optional settings#Use_one_time_passwords|<code>$use_one_time_passwords = false;</code>]] has to be set <code>true</code> in config.php (it is 'false' by default). | ||
* The passed username has to exist in LimeSurvey's ''users'' | * The passed username has to exist in LimeSurvey's ''users table''. | ||
* The one time password | * The one-time password (which can be set via an external application) has to be stored as [https://secure.php.net/manual/en/function.md5.php MD5 hash] in column ''one_time_pw'' of table ''users''. | ||
* The passed plain text password will be hashed using | * The passed plain text password will be hashed using the sha256 function and will then be compared to the stored hash in column ''one_time_pw'' of table ''users''. Both passwords have to match. | ||
* After the first login with the one time password | * After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in anymore with that respective password a second time. |
Revision as of 20:20, 2 February 2018
Things to watch out for:
- To enable this login method, the line
$use_one_time_passwords = false;
has to be settrue
in config.php (it is 'false' by default). - The passed username has to exist in LimeSurvey's users table.
- The one-time password (which can be set via an external application) has to be stored as MD5 hash in column one_time_pw of table users.
- The passed plain text password will be hashed using the sha256 function and will then be compared to the stored hash in column one_time_pw of table users. Both passwords have to match.
- After the first login with the one-time password, it gets deleted from the database. The user won't be able to log in anymore with that respective password a second time.