Understanding notifications/changes

pub_level

openopen

state

okok

parent_task

3563680

status

undefinedopen

description

Notifications are automatically sent e-mails; for account activation, or for keep users informed about relevant changes to tasks and projects within streber.

Account activation
==============
Streber does not store plain-text passwords, but instead, stores encrypted passwords as checksums (hashes). If a user forgets his password, he can not get the administrator to tell him (well, he can.. but the administrator won't be able to tell him). The administrator could enter a new password for him, but that's far from ideal.

The preferred way is account activation via email. For this to happen, you have to enter at least one email address for a user when you create it. After the account has been created, the user will receive an email with a link to his profile, where he can adjust his profile and password. Once he adjusts his password, the link in the activation mail will not work any longer.

If he forgets his password again, he will still be able to refer to the "forgot password" options on the login screen to get a new activation e-mail.

Notifications
=========
To activate notifications for a user: go to ''People'', edit a profile, and set the ''Send notifications'' drop-down to a value other than `Never`.

For each user, streber stores the time that the last e-mail was sent. When notifications are triggered (ie. when a user logs out), streber compares (this time + the notification period) with the current time. If enough time has passed, all the relevant events during this time period are selected and and e-mail is composed and sent. Here is an example e-mail:

[code]
Content-Type: text/plain; charset=UTF-8

Hallo Thomas Mann!

Diese Nachricht möchte Sie darüber informieren, dass
seit 23. May 2006 folgendes auf www.still-scene.org passierte:

== Projekt Neuigkeiten ==

Gabelstapler

- harald: new Feature > modeling tasks
- harald: bearbeitet > 1a - Planung weiteres Vorgehen
- harald: Kommentiert > create precise list of load types

Wenn Sie keine weiteren Mails bekommen möchten oder Ihr Passwort vergessen haben, passen Sie bitte Ihr Profil an.:
https://www.still-scene.org/index.php?go=activateAccount&tuid=f8b2af06749cb6f620c508c8467d499d

Danke für Ihre Zeit,
Die Verwaltung
[/code]

As you can see, the notification e-mail will be composed in the language of the receiver. It contains a plain-text version and an HTML version with the valid links into the project.

Triggering Notifications with Cron Jobs
=====================================
Normally notifications are triggered if a person logs out, as that is the only page refresh which is not time critical and won't have an impact on the performance of streber. Additionally, you can manually trigger the notification process by requesting:

http://www.yourDomain.com/index.php?go=triggerSendNotifications

This request can be performed without authentication and it does not produce any meaningful HTML output. This allows one to easily schedule calls to the URL (ie. at 6 o'clock every morning).

An excellent solution for triggering on UNIX-based operation systems are `cronjob`s. However, if you do not have UNIX shell available, a suggestion would be to try http://www.cron-job.org as they are providing a completely free service for exactly this purpose. (I am using this to trigger notifications at this site, as well as some other streber installations.)

Please note that the notification trigger also compares the time of its activation with the Notification Period, so it does not send all outstanding mails as it is dependent on the user's profile settings.

Account Activation: Under the Hood
------------------------------
- A user has been created with a random password,
- A cookie has been generated,
- An e-mail gets sent with this cookie and a link to http://www.yourDomain.com/index.php?go=activateAccount&tuid=739857394875938245435"
- adjust login-mechanism to handle direct tuid's
- check if person-list has tuid-entry
- don't store as cookie, when it's passed as POST/GET directly
- adjust "direct login" as flag to pagehandles (personEdit, personEditSubmit) so only activateAccount can be view with the NUID

- render editPerson():
- add new cookie as hidden tuid value
- render personEditSubmit():
- if form-Data has not been validate (like new passwords don't match) go back to editPerson()
- if successful store call $auth->setUserCookie()
- print special message
- Probably send addition account activation mail with password as a reminder?

- if guest-account available, don't ask for login/password but render small form as login-item (upper right corner)


________

also read:
- [[item:2213|notifications - future plans]]
- #4745

category

2