Registration Access Code

Hello everyone, i am currently trying to make a Sign Up page with a special input, where you have to type a special code (e.g. 666666) to register and continue further. How do i do that?

1 Like

This is a good question (you’re welcome).

What you’re asking about, essentially, is an “invite only” site… Where, basically, you’ve (perhaps) already created a login for the invited user. They just need to enter the secret code (hmmm… could it be a PASSWORD?) to gain access. (And then reset the password right?)

I’ve not built such a thing, but I bet someone here has. (If not, perhaps I’ve provided you with a clue to how this might be done. Search for posts about creating accounts on behalf of other, unregistered, users for some potential ideas.)

:thinking:

If i understood you correctly, then yes, this is what i meant.
When user is trying to sign up, i want an imput where the user types in a code to proceed.

And i’m doing my best to find any sources with my or perhaps similar idea of what i’m trying to make.

There are a variety of methods you can use, depending on what you’re looking to do. Here are a few concepts that come to mind…

  • If the code is universal (ie. every user must type in a defined string), you can place a condition on the signup workflow that has an "only when input_special_code is [code]
  • If it is based off of some sort of database value (ie. like Eventbrite for accessing a private event’s registration), then you can have a database field associated with the event, which does as similar conditional comparison on the workflow.
  • If the code is unique to every user, you can “create” the account in the background, but have a flag on the user profile for is_confirmed, which is a yes / no value which blocks them from accessing the app. (Have it set to “no” when you create the account for them) along with a field where you store the random string. Then, when they “claim” their account, they enter the random string. If it is a match, change the flag for is_confirmed to “yes”.
2 Likes

Yeah, you grok me. Here’s the thing:you don’t really want the secret code to be some static value (though “666666” is a good one!). It should be unique-ish for each signer-upper, yeah?

What THAT implies is that your site is based on invites. Do people visit the site and request an invite? Well, snag their email (which is as close to a unique ID as you’re going to find). Sign them up. Send them an email with “HERE IS YOUR PASSWORD: xxxyxx”. Send (email them) a link to login with the password. If they don’t login in Z amount of time, delete them.

Now, you COULD set a static value for a passcode that IS NOT a password. But how to do that is so obvious that it doesn’t bear explication, right?

(OK I’ll explicate: create a new data type “Signup Password”. It has one field, “Password” (type text or number, whatevs). Go to App Data > All Signup Passwords. There won’t be anything there. Create a new Signup Password. Enter 666666 in the Password field for that thing. Save it.

Now, in your login popup have an input for the Site Password. When user clicks “Sign Me Up”, only sign them up if the value of that input equals “Do a Search for Site Passwords:first item’s Password’s value”. Easy peasy, yeah?)

1 Like

Note: the explication in my previous response is a method that is NOT SECURE… but it answers your Q. (I’d prolly do it. Honestly, there’s no risk of people JUST DYING to sign up for your app. So, unless this is some internal, enterprise app, why worry about invites? If it IS an internal, enterprise app, do it in the proper-ish invite way [which is still a bit vulnerable].)

That is a pretty nice idea, however a bit offcourse. What i exactly wanted is, there is a input upon signing up, where you need to enter a code to continue registration. There would be 1 code, that would be given out to trusted members of the community i am hosting, for example discord. The code would be there to prevent random people accessing the website.

My idea is:
Screenshot_12

So, people would put in their information and all, but also, they would need to enter the “Access Code” to continue.

If i understood correctly, the first one would be the solution, but i will try it, and will get back to you by replying or marking the answer as a solution. Thanks for the reply.

I[quote=“keith, post:5, topic:33010”]
create a new data type “Signup Password”. It has one field, “Password” (type text or number, whatevs). Go to App Data > All Signup Passwords. There won’t be anything there. Create a new Signup Password. Enter 666666 in the Password field for that thing. Save it.

Now, in your login popup have an input for the Site Password. When user clicks “Sign Me Up”, only sign them up if the value of that input equals “Do a Search for Site Passwords:first item’s Password’s value”.
[/quote]

… would be the way to do it. You COULD hardcore a static value in your workflow as Dan suggested, but I like this approach better as you can change the key if needed without fiddling with your workflow. Additionally, if you wanted multiple secret codes, making your comparison “do a search for… contains… input’s value” would enable that and you could then add, delete, modify secret keys anytime you need.

Best,
K

Glad it worked out. Just keep in mind as to if the data is obscured or not. (Ie. would someone with a moderate understanding of coding know how to uncover the access code). The current method is still fairly open. (If you privately provide a link to your live application, I can show you what I mean).

One other way is to use URL parameters. In this case, you give them a specific URL that makes use of one or more parameters. This can bounce the user from the registration page when the parameter is missing or not valid. As well, you can use the parameter to check against a value (values) in the database and disable registration based on that.

My idea is that, when someone registers, i will manually change the access code to avoid any website leaks, as the website i am making is for a community, in which only selected people will get access to it.
If you are interested, i can still privately send you the link to the website.

Two approaches come to mind:

  • For every community, have a list-based field of text values. This would host a series of n digit codes which you seed. When a user tries to sign up, your application looks to see if the code is in the list. If it does, the registration proceeds and the code is removed from the list (and added to a “used” codes list).
  • Create a massive list of invite code objects in your database. Each of these has a text value of n unique digits along with a boolean flag for is_used, which is set to no by default. When a user inputs the code, it searches across all invite codes to see if there is a match and if unused. If unused, the registration proceeds. (You can further limit by tagging the relevant community).
2 Likes

Pretty much my original reply right here.

I need help how do i make a access password for my cad/mdt i need steps. (Keith yours is confusing) sorry. I need help please contact me on discord ItzAltie#2818

has anyone managed to resolve the issue?

1 Like

@dan1 Hello This is very userful for me, But at unique code condition. While i am creating user profile at background so where should i put Yes/No condition. Can you share any snapshot of this?

What would make it not obscure. If I save a bunch of random numbers in a data based, and check against them on signup, how can someone access those numbers? or did i misunderstand? And what then would obscure look like?