Terminaxx Posted April 10, 2017 Share Posted April 10, 2017 Hey guys, My website has an admin area. I want to make it possible, that Administrators are able to register new users. The Administrators fill out a formular, which includes "Name" and "E-Mail". As soon as they press "send formular", the registered user gets an E-Mail which includes his username and his password. So my question is: how can I make it possible, that the system creates an username (which consists of 6 random numbers) + a password (which consists of 4 random numbers) and send it directly by email? The username also should be unique. Thanks for any help and sorry if you find any grammatically mistakes - english is not my first language. Link to comment Share on other sites More sharing options...
requinix Posted April 10, 2017 Share Posted April 10, 2017 Can't they just use the normal registration system and fill in the user's information there? Link to comment Share on other sites More sharing options...
Terminaxx Posted April 10, 2017 Author Share Posted April 10, 2017 Can't they just use the normal registration system and fill in the user's information there? Hey requinix, for my website it is only possible to do it this way. It would be a longer story to explain why. An other more detailed way would be, that every person can register on their own but then i would have the problem how to make it possible, that an administrator first has to accept the Registration. Also I would still have the problem, on how to create a random username, which consists of 6 random numbers. Thanks for any help Link to comment Share on other sites More sharing options...
benanamen Posted April 10, 2017 Share Posted April 10, 2017 An other more detailed way would be, that every person can register on their own but then i would have the problem how to make it possible, that an administrator first has to accept the Registration. This is very simple. When they register you set a flag in your is_approved column to false. When the admin changes it to true they can log in. Link to comment Share on other sites More sharing options...
Psycho Posted April 10, 2017 Share Posted April 10, 2017 Instead of the process creating a username that the user will likely never remember, I would suggest a process where the administrator sends an invite that allows the person to register. This way, only the people that have been approved can create accounts. Here is a rough breakdown of the logic: 1. Form for admin to enter an email address and send an invite. Upon submission, a random key is generated. The email address, key and date are saved to a table and an email is sent to the email address with a link to register. The link will also include the key 2. Upon clicking the link, the key in the url is validated against the record in the database. The date can be used to limit the time that the key is good for. Once validated, the user is presented with a form to create their user ID and password (and any other needed details). Upon submission, system will validate that user ID is available and create the new user - else provide an error for user to submit a different user ID. Link to comment Share on other sites More sharing options...
Terminaxx Posted April 10, 2017 Author Share Posted April 10, 2017 This is very simple. When they register you set a flag in your is_approved column to false. When the admin changes it to true they can log in. Instead of the process creating a username that the user will likely never remember, I would suggest a process where the administrator sends an invite that allows the person to register. This way, only the people that have been approved can create accounts. Here is a rough breakdown of the logic: 1. Form for admin to enter an email address and send an invite. Upon submission, a random key is generated. The email address, key and date are saved to a table and an email is sent to the email address with a link to register. The link will also include the key 2. Upon clicking the link, the key in the url is validated against the record in the database. The date can be used to limit the time that the key is good for. Once validated, the user is presented with a form to create their user ID and password (and any other needed details). Upon submission, system will validate that user ID is available and create the new user - else provide an error for user to submit a different user ID. Thanks guys. I would still like to know how to achieve the first thing I asked. @Psycho The site is built like a Transactionscenter, if I'm allowed to translate it like that. Therefore it makes really sense to create various usernames, which are difficult to remember. It's a bit hard to explain, why I need it exactly like that, but i would be pleased, if someone can solve it. Thanks once again. Link to comment Share on other sites More sharing options...
benanamen Posted April 10, 2017 Share Posted April 10, 2017 You might want to explain why you want it the way you want it so we can weigh that against our knowledge. Link to comment Share on other sites More sharing options...
Psycho Posted April 10, 2017 Share Posted April 10, 2017 Your original request is really vague in that you seem to be asking for us to provide the entire solution as to having a specific problem. So, I'll give a generic answer. 1. Create a form for the admin to submit a request with the name and the email address. 2. Upon submission of the form, generate a random User ID and Password. 3. Attempt to save the record to the appropriate table. Not knowing the current table structure I cannot provide any details on how to save to the table. If the update fails, check the failure to see if it was due to a duplicate. If so, generate a different User ID and attempt again. 4. Once the DB insert succeeds, send the email to the user with the username and password. Link to comment Share on other sites More sharing options...
Terminaxx Posted April 10, 2017 Author Share Posted April 10, 2017 Your original request is really vague in that you seem to be asking for us to provide the entire solution as to having a specific problem. So, I'll give a generic answer. 1. Create a form for the admin to submit a request with the name and the email address. 2. Upon submission of the form, generate a random User ID and Password. 3. Attempt to save the record to the appropriate table. Not knowing the current table structure I cannot provide any details on how to save to the table. If the update fails, check the failure to see if it was due to a duplicate. If so, generate a different User ID and attempt again. 4. Once the DB insert succeeds, send the email to the user with the username and password. Yes. My Problem is Number 2. How can I solve this? @benanamenlet me explain it like that: The side is based on an other side's projekt. The mainside includes thousands of users. My projekt includes something similar to a bankingsystem. People can transfer money to other users, use the shop to buy items from the mainside and many more things. As I said, it's a bit difficult to explain. My only problem is, to register new users. Because if they're free to register themselves, I cant prove if it is really the same user from the mainside. Because if not, it will cause problems later on. To understand this, you will have to know what the mainside is about. The "easiest" solution is the solution I am asking here. Therefore every user from the mainside has to connect an Administrator to be able to register. The Administrator will write his Mainside-name and his E-Mail to the formular. But of course we dont want to select the password for the users, thats why i want to generate it randomly and send it directly per e-mail Hope you had a chance to understand why I need it this way. Link to comment Share on other sites More sharing options...
Psycho Posted April 10, 2017 Share Posted April 10, 2017 Yes. My Problem is Number 2. How can I solve this? rand() and str_pad(). Use rand() to generate a random number between 1 and 9999 (or 999999) then use str_pad() to add 0's to the left if the result is less than 4 (or 6) characters. Link to comment Share on other sites More sharing options...
Jacques1 Posted April 10, 2017 Share Posted April 10, 2017 WTF is this? You manage money with 4-digit-passwords? Do you know how easily those can be guessed? You manage thousands of users with 6-digit random names? Do you realize that this results in a 50% collision chance after only ~1,000 users? And those numbers are even worse when you use time-based toy functions like rand(). There's a great visualization which shows that rand() shouldn't be used for anything but the most trivial features. Critical random numbers are in the 128-bit range (32 hexadecimal numbers) and must be generated with an actual random number generator. Link to comment Share on other sites More sharing options...
Terminaxx Posted April 10, 2017 Author Share Posted April 10, 2017 WTF is this? You manage money with 4-digit-passwords? Do you know how easily those can be guessed? You manage thousands of users with 6-digit random names? Do you realize that this results in a 50% collision chance after only ~1,000 users? And those numbers are even worse when you use time-based toy functions like rand(). There's a great visualization which shows that rand() shouldn't be used for anything but the most trivial features. Critical random numbers are in the 128-bit range (32 hexadecimal numbers) and must be generated with an actual random number generator. It is not based on real money but thanks for your comment. Thanks @Psycho Link to comment Share on other sites More sharing options...
Jacques1 Posted April 10, 2017 Share Posted April 10, 2017 It is not based on real money [...] Which doesn't change anything about the fact that your application is broken by design. Good luck. You'll need it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.