8.1. The [userdb ...] Tag
Interchange provides a [userdb ...] tag to access the UserDB functions.
[userdb function=function_name username="username"* assign_username=1 username_mask=REGEX* password="password"* verify="password"* oldpass="old password"* crypt="1|0"* shipping="fields for shipping save" billing="fields for billing save" preferences="fields for preferences save" ignore_case="1|0"* force_lower=1 param1=value* param2=value* ... ]
* Optional
It is normally called in an mv_click or mv_check setting, as in:
[set Login] mv_todo=return mv_nextpage=welcome [userdb function=login] [/set] <FORM ACTION="[process]" METHOD=POST> <INPUT TYPE=hidden NAME=mv_click VALUE=Login> Username <INPUT NAME=mv_username SIZE=10> Password <INPUT NAME=mv_password SIZE=10> </FORM>
There are several global parameters that apply to any use of the userdb functions. Most importantly, by default, the database table is set to be userdb. If another table name must be used, include a database=table parameter with any call to userdb. The global parameters (default in parentheses):
database Sets user database table (userdb) show Show the return value of certain functions or the error message, if any (0) force_lower Force possibly upper-case database fields to lower case session variable names (0) billing Set the billing fields (see Accounts) shipping Set the shipping fields (see Address Book) preferences Set the preferences fields (see Preferences) bill_field Set field name for accounts (accounts) addr_field Set field name for address book (address_book) pref_field Set field name for preferences (preferences) cart_field Set field name for cart storage (carts) pass_field Set field name for password (password) time_field Set field for storing last login time (time) outboard Set fields that live in another table outboard_key_col Set field providing key for outboard tables expire_field Set field for expiration date (expire_date) acl Set field for simple access control storage (acl) file_acl Set field for file access control storage (file_acl) db_acl Set field for database access control storage (db_acl) indirect_login Log in field if different than real username ('')
By default the system crypt() call will be used to compare the password. This is best for security, but the passwords in the user database will not be human readable.
If no critical information is kept and Interchange administration is not done via the UserDB capability, use the UserDB directive (described below) to set encryption off by default:
UserDB default crypt 0
Encryption can still be set on by passing crypt=1 with any call to a new_account, change_pass, or login call.
If you are encrypting, and you wish to use MD5 to encrypt the passwords, set the md5 parameter:
UserDB default md5 1