Username Login instead of (and in addition to) Email based Users

We are building an App for Parents and Children. Parents will have the standard Email login, but we also want Children to be able to Login to their part of the App, and for this to be controlled by the parents.

So they would need a separate “Username” to login, and a password that is set and managed by the parent.

Has anyone done anything similar ? I am worried about storing the Child’s password on the database in “clear”.

I would be inclined to try and user the built in user type for the child accounts and see what ways it can be manipulated.

Failing that, salt and hash the password yourself before storing it in the db. sha256 as a minimum. You could probably write a plugin to do.

Thanks. Yes, I think you can do it by appending the username to the email or something, or creating dummy emails and linking them to the main account.

Easy to write down how you could do it … but when it comes to having to do it yourself ?

The issue with that method is, I think, the password reset method.

For email address you could use the + method for the dummies e.g.

If the parent email address is john@the-smiths.com set the dummy account to john+1@the-smiths.com, keep a counter on the parent account and increment it for each child account created. It is still a valid email address and messages would still go to the parent account email.

The issue with that is setting the passwords on the child account.

It is also going to be tricky with people (like me) who tend to use Gmail Aliases to track account signups anyway.

So john+thing+1@the-smiths.com starts to get tricky.

Currently looking at “Dovecot” which seems to be a way to store hashed and salted passwords.

Isn’t there an action to create an account for someone else?

Yes, but then you can’t set the password that easily.

So I think what I am going to do is use an external https function to do the hash and salt on the password. The store that in the “Dovecot” format.

This topic was automatically closed after 70 days. New replies are no longer allowed.