How do I change 'required' reg info fields (username/pass to email/dob)?

[rob1111]

Basically, with your help, I want to replace username and password with
e-mail address and DOB. I've searched the forums and come across posts
that help add/modify optional fields, but nothing like what I am looking for.

I know this will probably alter the db structure and the contents of the db
may be lost in the process, but I'm open to any ideas that can make this
happen. Where in the code are the data types defined? Can I change them
from inside phpmyadmin? How does this affect e-mail verification? -- actually,
I could disable account verification with this new setup.

I've been picking up PHP little by little the last 4 weeks, and I'm hoping to
keep at it and possibly "get" the big picture one day. Any help would be
greaty appreciated.


Best regards,
Rob

[Tranz]

I hate to be the p@rty p00p3r but in the security world, one of the big no-no's for passwords are dobs. http://www.darkhorse.to/password.php

[Joachim Müller]

does "dob" stand for date-of-birth? If yes, then I agree with Thu - this would definitely be a no-no.

[rob1111]

Thanks for that link. I agree with you 100%. I prefer the username/password,
but it's what the client says is "easier to remember" and "less of a hassle for
people registering". Really, is username/pass that much of a hassle?

Closely-related matter, though not sure if I should create a separate post,
but is it possible to set up a kind of "global" log-in so that the user can log-in
from the homepage and then not have to log-in to the gallery?

Here's the reason: the site is http://www.dnjnyc.com
On the homepage, there is a "members" form. Fill it out, get VIP passes, etc.
But the gallery has its own sign-up, and the client wants the two to be one.
I agree with him on this and envision it being where the user would only
need to register once to have access to everything.

Could I set up a registration form that would replace the gallery's default
registration form and have the log-in area on the homepage (separate from
the gallery module)?

[Joachim Müller]

Closely-related matter, though not sure if I should create a separate post,
but is it possible to set up a kind of "global" log-in so that the user can log-in
from the homepage and then not have to log-in to the gallery?

Here's the reason: the site is http://www.dnjnyc.com
On the homepage, there is a "members" form. Fill it out, get VIP passes, etc.
But the gallery has its own sign-up, and the client wants the two to be one.
I agree with him on this and envision it being where the user would only
need to register once to have access to everything.

Could I set up a registration form that would replace the gallery's default
registration form and have the log-in area on the homepage (separate from
the gallery module)?

That's what bridging is meant to be used for, please read it up in the docs. A login form could be anywhere on your page (has been asked and answered as well), pointing to coppermine's login page (or your other login form when bridged).

Thanks for that link. I agree with you 100%. I prefer the username/password,
but it's what the client says is "easier to remember" and "less of a hassle for
people registering". Really, is username/pass that much of a hassle?

Talk your client out of it - here's food for thought: given that even if your users don't know each other, so they can't guess their date of birth or find it out otherwise, the age of the site visitors will range between 0 and 100 years, with 365 possible dates for each year. This sums up to only 36,500 possible "passwords", which is much less secure than a regular password with only 3 characters (if you only allow alphanumerical entries, you have 26 lower case plus 26 uppercase plus 10 numerical digits which totals in 62 possible combinations per character) - a password that is only 3 chars long has 62 x 62 x 62 = 238,328 possible combinations. Computers are pretty fast, so running a brute force attack against a site with only 36,500 possible passwords will result in a hacked password in minutes. One could argue that it doesn't matter that much if a user account is being hacked, but if the attacker gains access to an admin account, the whole site is doomed.

[rob1111]

Good news, I talked the client into making 'date of birth' just a required field and then
keeping the username/password for log-in. I have the documentation now, so a big
thank you to everyone who pointed me in the right direction. You're the best!!

The rest of the work is on me now. Wish this programming-newbie some luck.