Click here to Skip to main content
15,867,756 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i right now have a register script where any person can log into. this register script is protected by recaptcha. but every person can still register to this website. I want to make sure that only people from the organisation can register to this website. any tips and ideas that would be handy?

What I have tried:

it tried looking up only but so far I only get recaptcha to stop bots.
Posted
Updated 28-Feb-23 2:38am

Unless the people trying to register have some way of proving that they are part of the organisation, then it is not easy. You could use a two part registration system by checking their email address is one that belongs to the organisation. Alternatively you would need a list of the people in your database.
 
Share this answer
 
Throwing another solution into the mix, you may also be able to integrate with an Active Directory provider using OAuth 2 or similar. Often times, within an organisation, people will have a company username and password they use to logon to the network, and this is typically powered by Active Directory (AD).

A common one for Microsoft accounts is Azure AD[^]. To allow users to be able to login using their Azure AD account you'd need:

  • Admin access to Azure AD to be able to setup your website as an authorised OAuth client
  • The website hosted somewhere so that the correct redirect and success URIs will be hit

Of course using AD can get quite complicated and may be overkill for your specific use-case, but just thought I'd throw this out there as an option. It's essentially the same as saying "If the user can log on to their company's computer network using these credentials, they can also login to X website using the same credentials"
 
Share this answer
 
Comments
Andre Oosthuizen 28-Feb-23 9:20am    
I like this and agree, might be complicated but the end result will be the perfect solution to the question. My +5.
1. Register an organization in your database with their name and domain name. Check the end part of an e-mail to see if it is the same as the email given in your registration form, below using php -
// Get the domain of the user's email address
    $email_parts = explode('@', $email);
    $email_domain = end($email_parts);


2. When setting up the organization, create an admin password that a user must submit before they can register. Compare the password entered to the given one, if it fails, they cannot register. (not best or secure way though)

3. Have an admin at the organization to enter a new user to your database. If they do not exist, they cannot register.

4. More advanced, get the I.P. address from where they want to register. This might however not be very reliable as some people might not be at the office or on the same network, this will then ultimately fail registration.

These are the ones that popped to mind, hope it helps.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900