This page describes the Emmet user interface, as exemplified by the demo pages in the vanilla Danno WAR file. A "real" deployment of Emmet is likely to re-skin, restrict, hide from view or even entirely remove some or all of these pages.
Account creation is a two step process. In the first, you enter your preferred username, email address and some user details into the 'Self-Registration' page and click the "Register Account" button. If the information provided is acceptable, an account will be allocated for you, and you will be sent an email message (at the email address provided) that contains a link for activating your account.
The second step of the process is to load the link from the email into your browser. This will take you to a page which asks you to set a new password to activate the account. If you decide not to proceed, or if you don't activate the account within a specified period, the account registration will be canceled automatically.
The 'Change Password' page requires you to enter your current password and your new password (twice) into text boxes. The passwords that you enter will be obscured to hide them from other people who may be looking at your screen.
When you click "Change Password" the following things occur:
This page is restricted to users who are currently logged in. The requirement to enter your current password is to protect against someone changing your password if you leave a logged in session unattended.
Password expiry and quality checks are not yet implemented.
The 'Reset My Password' page can be used to reset your password in the event that you forget it. This is a two step process as with self registration.
The first step is to fill in your username of your account and click the "Reset My Password" button. This will send an email to your account's registered email address containing a link that can be used to complete the password reset process. (Provided that there is only one account associated with your email address, you can give your email address instead of your account name to reset the password.)
The second step is to load the link from the email into your web browser. This will take you to a web page that allows you enter a new password. If you do not complete the process, your original password will be left unchanged.
Note that this process relies on your registered email address being correct and on your email account being secure. If your email address is incorrectly recorded, you won't get the email containing the reset email. On the other hand, if someone else can get into your email account, they can reset your password and (with a bit more work) lock you out of your account.
This functionality is not yet implemented.
This functionality is not yet implemented.
This functionality is not yet implemented.
The 'User Account Creation' page allows the administrator to create new user accounts. The process is straightforward. First you enter the userName and user details into the form, then you click the "Create New User Account" button.
All form fields apart from the "userName" field are optional, but it is recommended that you fill in as much information as you can. In particular:
In the future, we will extend the account creation functions so that the administrator can use the account activation mechanism used when self registering.
The 'Change User Password' allows the administrator to change a user's password. You simply need to enter the account name and the new password (twice) into the form fields and then click the 'Change Password' button.
This function currently does not give you the option of emailing the new password to the user. You can do this by hand if you need to.
This functionality is similar to the 'Reset My Password' page, except that the administrator can choose to send the "reset password" email to any email address. This should only be done if you have definitive evidence that the alternative email address really belongs to the person who owns the account being reset.
In addition to the caveat above, the administrator should avoid using this procedure unless specifically requested by the user, as it encourages people to think that it is "safe" to click on links they receive in the email; e.g. it makes them vulnerable to "phishing".
When the administrator locks an account, the user from is prevented from logging in using the account, or changing the account's password. Apart from that, the details of the account (including the current password) are preserved. Unlocking the account allows the user to login once more.
This functionality allows the administrator to resend an account's activation email.
Currently, the 'Activate account' function just sets an account's "activated" flag without giving the user the opportunity to set their password. To do the latter, the administrator needs to set an initial password (using 'Create User Account' or 'Change User Password') and either email the password to the user, or use 'Reset User Password' to generate and email a password reset link to the user.
The caveat above about "phishing" also applies here.
There are currently three ways to list accounts and there details.
This functionality is not yet implemented.