Setting up access with a modifiable password

Problem

You want questionnaire respondents to have the ability to change their login password.

Solution

Use the "Password" type of "# Survey Type".

Discussion

The "Password" "# Survey Type" is the only one that allows CallWeb to distinguish between a user name and a password, and to extend respondents the ability to change their password at will. Several other instructions affect how this survey type works. All of these considerations are listed below.

  • The password is stored in the _password field in the CallWeb data base [1]. It is encrypted in such a way that CallWeb has no way to reverse-engineer the name of the password. Therefore, if a user looses their password, that field must be blanked out by the CallWeb administrator and the user must choose a password upon re-entry.
  • By default, respondents are offered the possibility to change their password. This can be denied by adding the # Password change in type 7 = no instruction.
  • Several pound instructions determine the text shown on the login screen:
    • # Access request password in type 7 contains the text displayed to request a password. The default is "Your password, please."
    • # Access request new password in type 7 contains the text displayed offer the entry of a new password. The default is "If you want to change your password, enter the existing password above, then type a new password below twice."
    • # Access bad telkey pattern in type 7 contains the text displayed upon finding a password which does not conform to the pattern defined in # Access telkey pattern (see below). The default is "The password does not follow the expected pattern."
  • Some system messages also affect text on screen:
    • Message 39: "You must supply the same new password twice." is displayed if the respondent did not type the same new password in the two boxes.
    • Message 40: "You must supply a new password twice in the boxes below." is displayed when the _password field of the data base is empty (i.e., when a case password is not defined).
  • Upon prepopulation, the _password field of the CallWeb data base is prepopulated with the encoded value of _password field in the prepopulation data file. If a _password value is empty or if there is no _password field in the prepopulation file, the _password value is left empty in the data base and the next rule kicks in.
  • When the respondent accesses their case using their _telkey, they must supply their password. If the _password field is empty for that case in the data base, the respondent must immediately supply (in duplicate) a password to replace the empty value.
  • If you want to set passwords upon prepopulation, it is best to prepopulate the password twice (in _password and in a regular field) to be able to quote the password in an invitation e-mail message. The regular field could be blanked out using a CALCUL question upon initial entry in the questionnaire.
  • The questionnaire designer can define rules for the new passwords entered by respondents (these rules are not enforced by cwprepop.cgi when prepopulating _password) and place them in the # Access telkey pattern pound instruction. The rules take the form of regular expressions that must match then entire password [2]. If there are several rules (hence, several regular expressions), they must be separated by three consecutive dashes. For example, the following instruction contains three rules which state that there must be at least 6 characters in the password, that the password must contain at least one special character, and at least one number:
    # Access telkey pattern = ......+ --- .*[+-*&?%$@!].* --- .*[0-9].*
    The default pattern is .+ which means that there must be at least one character.
  • The values of _password are extracted by cwextr.cgi only in the .tcw file (that can be used to recreate a project integrally) since they are not meaningful in the other contexts.

[1] The _password field is available only after a new compilation. Existing projects compiled before the availability of this field can be converted simply by accessing each project using any of the administrative modules.

[2] I.e., when used, these regular expressions are surrounded by the characters "^" and "$". References to regular expressions: 1, 2

Setting up access with a modifiable password

Problem

You want questionnaire respondents to have the ability to change their login password.

Solution

Use the "Password" type of "# Survey Type".

Discussion

The "Password" "# Survey Type" is the only one that allows CallWeb to distinguish between a user name and a password, and to extend respondents the ability to change their password at will. Several other instructions affect how this survey type works. All of these considerations are listed below.

  • The password is stored in the _password field in the CallWeb data base [1]. It is encrypted in such a way that CallWeb has no way to reverse-engineer the name of the password. Therefore, if a user looses their password, that field must be blanked out by the CallWeb administrator and the user must choose a password upon re-entry.
  • By default, respondents are offered the possibility to change their password. This can be denied by adding the # Password change in type 7 = no instruction.
  • Several pound instructions determine the text shown on the login screen:
    • # Access request password in type 7 contains the text displayed to request a password. The default is "Your password, please."
    • # Access request new password in type 7 contains the text displayed offer the entry of a new password. The default is "If you want to change your password, enter the existing password above, then type a new password below twice."
    • # Access bad telkey pattern in type 7 contains the text displayed upon finding a password which does not conform to the pattern defined in # Access telkey pattern (see below). The default is "The password does not follow the expected pattern."
  • Some system messages also affect text on screen:
    • Message 39: "You must supply the same new password twice." is displayed if the respondent did not type the same new password in the two boxes.
    • Message 40: "You must supply a new password twice in the boxes below." is displayed when the _password field of the data base is empty (i.e., when a case password is not defined).
  • Upon prepopulation, the _password field of the CallWeb data base is prepopulated with the encoded value of _password field in the prepopulation data file. If a _password value is empty or if there is no _password field in the prepopulation file, the _password value is left empty in the data base and the next rule kicks in.
  • When the respondent accesses their case using their _telkey, they must supply their password. If the _password field is empty for that case in the data base, the respondent must immediately supply (in duplicate) a password to replace the empty value.
  • If you want to set passwords upon prepopulation, it is best to prepopulate the password twice (in _password and in a regular field) to be able to quote the password in an invitation e-mail message. The regular field could be blanked out using a CALCUL question upon initial entry in the questionnaire.
  • The questionnaire designer can define rules for the new passwords entered by respondents (these rules are not enforced by cwprepop.cgi when prepopulating _password) and place them in the # Access telkey pattern pound instruction. The rules take the form of regular expressions that must match then entire password [2]. If there are several rules (hence, several regular expressions), they must be separated by three consecutive dashes. For example, the following instruction contains three rules which state that there must be at least 6 characters in the password, that the password must contain at least one special character, and at least one number:
    # Access telkey pattern = ......+ --- .*[+-*&?%$@!].* --- .*[0-9].*
    The default pattern is .+ which means that there must be at least one character.
  • The values of _password are extracted by cwextr.cgi only in the .tcw file (that can be used to recreate a project integrally) since they are not meaningful in the other contexts.

[1] The _password field is available only after a new compilation. Existing projects compiled before the availability of this field can be converted simply by accessing each project using any of the administrative modules.

[2] I.e., when used, these regular expressions are surrounded by the characters "^" and "$". References to regular expressions: 1, 2