Jump to content

Creating a complicated registrationsystem - how?

Terminaxx

By Terminaxx
in PHP Coding Help

 Share
Go to solution Solved by Psycho,

Recommended Posts

Terminaxx Regular Member

Terminaxx

Posted
Posted

Hey guys,

 

My website has an admin area. I want to make it possible, that Administrators are able to register new users.

The Administrators fill out a formular, which includes "Name" and "E-Mail".

As soon as they press "send formular", the registered user gets an E-Mail which includes his username and his password.

 

So my question is: how can I make it possible, that the system creates an username (which consists of 6 random numbers) + a password (which consists of 4 random numbers) and send it directly by email?

The username also should be unique.

 

 

Thanks for any help and sorry if you find any grammatically mistakes - english is not my first language.

Link to comment
Share on other sites
Terminaxx Regular Member

Terminaxx

Posted
  • Author
Posted

Can't they just use the normal registration system and fill in the user's information there?

Hey requinix,

 

for my website it is only possible to do it this way. It would be a longer story to explain why. An other more detailed way would be, that every person can register on their own but then i would have the problem how to make it possible, that an administrator first has to accept the Registration. Also I would still have the problem, on how to create a random username, which consists of 6 random numbers.

 

Thanks for any help

Link to comment
Share on other sites
benanamen Prolific Member

benanamen

Posted
Posted

An other more detailed way would be, that every person can register on their own but then i would have the problem how to make it possible, that an administrator first has to accept the Registration. 

 

This is very simple. When they register you set a flag in your is_approved column to false. When the admin changes it to true they can log in.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Instead of the process creating a username that the user will likely never remember, I would suggest a process where the administrator sends an invite that allows the person to register. This way, only the people that have been approved can create accounts.

 

 

Here is a rough breakdown of the logic:

 

1. Form for admin to enter an email address and send an invite. Upon submission, a random key is generated. The email address, key and date are saved to a table and an email is sent to the email address with a link to register. The link will also include the key

 

2. Upon clicking the link, the key in the url is validated against the record in the database. The date can be used to limit the time that the key is good for. Once validated, the user is presented with a form to create their user ID and password (and any other needed details). Upon submission, system will validate that user ID is available and create the new user - else provide an error for user to submit a different user ID.

Link to comment
Share on other sites
Terminaxx Regular Member

Terminaxx

Posted
  • Author
Posted

This is very simple. When they register you set a flag in your is_approved column to false. When the admin changes it to true they can log in.

 

 

Instead of the process creating a username that the user will likely never remember, I would suggest a process where the administrator sends an invite that allows the person to register. This way, only the people that have been approved can create accounts.

 

 

Here is a rough breakdown of the logic:

 

1. Form for admin to enter an email address and send an invite. Upon submission, a random key is generated. The email address, key and date are saved to a table and an email is sent to the email address with a link to register. The link will also include the key

 

2. Upon clicking the link, the key in the url is validated against the record in the database. The date can be used to limit the time that the key is good for. Once validated, the user is presented with a form to create their user ID and password (and any other needed details). Upon submission, system will validate that user ID is available and create the new user - else provide an error for user to submit a different user ID.

Thanks guys.

 

I would still like to know how to achieve the first thing I asked.

 

@Psycho

The site is built like a Transactionscenter, if I'm allowed to translate it like that. Therefore it makes really sense to create various usernames, which are difficult to remember. 

It's a bit hard to explain, why I need it exactly like that, but i would be pleased, if someone can solve it.

 

Thanks once again.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Your original request is really vague in that you seem to be asking for us to provide the entire solution as to having a specific problem. So, I'll give a generic answer.

 

1. Create a form for the admin to submit a request with the name and the email address.

 

2. Upon submission of the form, generate a random User ID and Password.

 

3. Attempt to save the record to the appropriate table. Not knowing the current table structure I cannot provide any details on how to save to the table. If the update fails, check the failure to see if it was due to a duplicate. If so, generate a different User ID and attempt again.

 

4. Once the DB insert succeeds, send the email to the user with the username and password.

Link to comment
Share on other sites
Terminaxx Regular Member

Terminaxx

Posted
  • Author
Posted

Your original request is really vague in that you seem to be asking for us to provide the entire solution as to having a specific problem. So, I'll give a generic answer.

 

1. Create a form for the admin to submit a request with the name and the email address.

 

2. Upon submission of the form, generate a random User ID and Password.

 

3. Attempt to save the record to the appropriate table. Not knowing the current table structure I cannot provide any details on how to save to the table. If the update fails, check the failure to see if it was due to a duplicate. If so, generate a different User ID and attempt again.

 

4. Once the DB insert succeeds, send the email to the user with the username and password.

 

Yes. My Problem is Number 2.

How can I solve this?

 

@benanamen

let me explain it like that:

The side is based on an other side's projekt. The mainside includes thousands of users. My projekt includes something similar to a bankingsystem. People can transfer money to other users, use the shop to buy items from the mainside and many more things. As I said, it's a bit difficult to explain. My only problem is, to register new users. Because if they're free to register themselves, I cant prove if it is really the same user from the mainside. Because if not, it will cause problems later on. To understand this, you will have to know what the mainside is about.

 

The "easiest" solution is the solution I am asking here. Therefore every user from the mainside has to connect an Administrator to be able to register.

The Administrator will write his Mainside-name and his E-Mail to the formular.

But of course we dont want to select the password for the users, thats why i want to generate it randomly and send it directly per e-mail

 

 

Hope you had a chance to understand why I need it this way.

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted (edited)

WTF is this? You manage money with 4-digit-passwords? Do you know how easily those can be guessed? You manage thousands of users with 6-digit random names? Do you realize that this results in a 50% collision chance after only ~1,000 users?

 

And those numbers are even worse when you use time-based toy functions like rand(). There's a great visualization which shows that rand() shouldn't be used for anything but the most trivial features.

 

Critical random numbers are in the 128-bit range (32 hexadecimal numbers) and must be generated with an actual random number generator.

Edited by Jacques1
  • Like 2
Link to comment
Share on other sites
Terminaxx Regular Member

Terminaxx

Posted
  • Author
Posted (edited)

WTF is this? You manage money with 4-digit-passwords? Do you know how easily those can be guessed? You manage thousands of users with 6-digit random names? Do you realize that this results in a 50% collision chance after only ~1,000 users?

 

And those numbers are even worse when you use time-based toy functions like rand(). There's a great visualization which shows that rand() shouldn't be used for anything but the most trivial features.

 

Critical random numbers are in the 128-bit range (32 hexadecimal numbers) and must be generated with an actual random number generator.

It is not based on real money but thanks for your comment.

 

Thanks @Psycho

Edited by Terminaxx
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.