0

Hello, all.

I am doing a project, which supports users such as Administrators, teachers and students.
Since I will not always be available when they are registering, I want a user to create for themselves an account. However, the challenge is that, I do not want a user to register himself/herself as an administrator. If an administrator is registered, it has to be genuine, and I want to limit the number of administrators to only 2. ]

Please advice.

5
Contributors
11
Replies
13
Views
5 Years
Discussion Span
Last Post by Webville312
0

In the database in the members table or whatever you have named it, you could have a 'SiteRole' field that takes the value Student, Teacher or Admin. You could also specify Student as the default value for this field. Then inside the registration form do not allow the user to select their own site role as then the default role Student will be used. The downside is you will have to work out another way to register Teachers and Admin; this could just be done initially in a php script.

0

As this is a 'blind' registration system where you will not be intervening, perhaps setting up an invitation system?
If teachers -> send an email with a passcode e.g. a hash of say, 'iamateacher' along with their email address (the one you're using for them), using md5().

Simialrly to admins.

So on registration users must provide a username, a password, an email and for teachers/admins a unique passcode.

Include an email link for new teachers/admins to contact you via mailform to be sent passcodes.

THis may seem like overkill, but you must have full control of teacher/admin registration. If you do not set them up yourself or can intervene, perhaps have a trusted site admin to take care of it for you.

Just a thought.

0

Thanx ardav, for your reply.

Just to clarify a lil' bit; wen The application is launched, the users should be able to register themselves. However, I dod not want to risk someone registering themselves as an administrator. So How would you advice me to go about it.


I hope its more clearer now.

0

to repeat what ardav said
either allow users to register as a basic user and have a current administrator promote them after they've registered
or somewhat lacking in security have a common code that teachers or administrators can use when they register to identify them as power users

if you are ok with people being able to blind register themselves as teachers and your worry is only admins create a drop down for user type with the only choices being student/teacher

most annoying option
if you're in a school setting you should be able to get a list of faculty/students
pre-enter them and assign them based on what you know they are use names/dob or email address to match them

0

if you're in a school setting you should be able to get a list of faculty/students
pre-enter them and assign them based on what you know they are use names/dob or email address to match them

This is what I did. We used LDAP to map student accounts on the school network. However that was a labour of love and I NEVER want to do that again.

Adding maybe a hundred staff to a DB is no mean feat in itself, so I can understand the reticence to do this. Providing a dropdown (for example) for self-registration is asking for trouble. People just aren't that honest. I mean, I'd certainly give myself admin rights, just for the hell of it.

The best way (IMO) would be to enter all staff/admins yourself, but failing that use an email script as proposed. Anybody else registering via the form will be enrolled as a student as there is no way that they could get a hashed passcode (unique to every staff member).

Get a list of staff emails for bog-standard teachers and admins:

$teacherEmails = array('adavies@example.com','ewilliams@mysite.com'...);
$adminEmails = array('boss@theschool.com','biggerboss@the school.com'...);

foreach($teacherEmails as $t){
  $passcode = hash('md5','iamateacher'.$t .'iamalsoabully');
  
  //place the $t (email) and the $passcode into the body of a mail and send it
  //tell them that they need this particular email address and the passcode to register

}

foreach($adminEmails as $a){
  $passcode = hash('md5','iamaboss'.$a .'iamanevenbiggerbully');
 
  //place the $a (email) and the $passcode into the body of a mail and send it
  //tell them that they need this particular email address and the passcode to register

}

Test the script with a few of your own email accounts first of course!

<form...>
...username...
...password...
...confirm password...
...emailaddress... (could be mandatory if you want students to register emails too)
...passcode (teachers and admins)...
...submit...
</form>

In your form handling script you then:

$level = 'student'; //or =1 or whatever - this is the default
if(checkEmail($_POST['email']) && $_POST['passcode'] != ""){
  //checkEmail is just a custom function to validate an email address
  $passcode = $_POST['passcode'];
  $email = $_POST['email'];
 if($passcode == hash('md5','iamateacher'.$email .'iamalsoabully')){
    $level = 'teacher'; //or =2 or whatever
 }elseif($passcode == hash('md5','iamaboss'.$email .'iamanevenbiggerbully')){
    $level = 'admin'; // or =3 or whatever
 }else{
    //fail - send message stating that students should leave the passcode blank or that if they are a teacher or admin that they have entered the wrong passcode 
 }
}

Then use the $level in your SQL to assign to a group or to a userlevel field in the users table, depending on your setup.

Edited by diafol: n/a

0

This is what I did. We used LDAP to map student accounts on the school network. However that was a labour of love and I NEVER want to do that again.

I can imagine

I was thinking more along the lines of a simple table with names and type of user then just doing doing a quick match up when registering or even doing a lookup on a csv

though if there all being added to ldap anyway.....

0

I will suggest you create two tables

USERS
-user_id
-firstname
-lastname
-email
-password
-role

ACCESS
-access_id
-role

In the access table we have three kinds of roles which will be stored in the role field of the USERS table

1. Student
2. Teacher
3. Administrator

CONDITIONS
On registration the user choose either Student or Teacher and that value is stored in their record

Alternatively you could provide the pass code as someone earlier mentioned for users to register as teacher. In that case you will need another table

PASSCODES
-pass_id
-passcode
-redeemed
-user_id

Then you can include a script to generate passcodes to assign to give out. when a passcode is redeemed it should indicate on the table who used it and insert a value in the redeemed field to show that it has been use.

Only logged in users with administrative privilege can change role of teacher or student to administrator.

Hope this gives you an idea of how to go about your code.

0

For all the posts, I thank you.

I have been able to find a solution, and that is to allow users to choose their own usernames, however, passwords will be automatically generated, so that a user is sent an email containing the generated password.

Thank you all for the words of advice; they were really helpful.

Cheers!!

:icon_idea:

0

Ok... but how does that sort out the students from the teachers from the admins?

Well, I just spoke to my supervisor, and the advice was that at the moment, I shuold deal with the teachers, and the administrator ONLY.

Um, The administrator is to hand in a list of the teachers, so that when they use their ID numbers, they are not to be logged in as administrators, but rather as teachers.

At the moment, I think that will work. am just trying it NOW.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.