Account creation with email address *@domain.com

  • Hi,

    We’d like to create accounts so that anyone from a certain domain can log in with their own email address and a password of our choosing. For example anyone from @tlsllc9.com can log in with a password like TLS2018. Is this possible?

    We only restrict access to a certain part of our wordpress site and for that part visitors need usernames and passwords. I already know how to add users. What we want is to set it up so anyone from a certain domain can log in with their OWN email address and a password of our choosing. For instance, [email protected], [email protected], etc (*@example.com) all with the same password WITHOUT me having to set up individual accounts for each person. We will be looking at HUNDREDS, if not THOUSANDS of accounts and I don’t have time to create these all one by one OR having them self create and I approve.

    Is there a way to do this?

Viewing 5 replies - 1 through 5 (of 5 total)

  • There are plugins that let you create LOTS of email accounts using a list, the one I am familiar with seems to be no longer current, there are others.

    Thread Starter diannekrause

    (@diannekrause)

    I don’t want to create email addresses. I want to all users with a similar email address to log in all with the same password.

    Moderator bcworkz

    (@bcworkz)

    It’s possible to have user login “domain.com”, but let people login with their full email at that domain. A filter can be used to strip out the user portion before the request gets to authentication. Unless you add additional checks, they could actually login with just “domain.com” or “[email protected]”.

    It’s never really a good idea to have multiple users share the same login, even if the users think their user name is unique. I recommend letting people simply register themselves. The registration routine can be altered to only allow users with “domain.com” emails. WP verifies all registration emails anyway. You can choose to further screen or not. Everyone would have their own login and password, yet the pool of users is as restricted as with your scheme. In my mind, it’s not any more trouble screening registrations from a restricted pool than sending select people of that pool the common password. Maybe less trouble.

    You don’t want to get into the situation where a user becomes a problem, forcing you to change the one password and having to notify all other users. It’s not good and you should want to avoid this if at all possible. Just sayin’, it’s your site, you may do as you wish.

    Thread Starter diannekrause

    (@diannekrause)

    Ok now we are getting somewhere. How do I do both what you are explaining in your first paragraph and then what you are explaining in your second? I’m very much a newbie at WordPress and I get around and get things done but this is beyond my expertise. That’s why I’m here ??

    Moderator bcworkz

    (@bcworkz)

    Welcome to the WP community then!

    My two paragraphs are somewhat contradictory — shared login vs. individual login with self registration. What they have in common is ensuring “domain.com” is the only allowable email domain. If you are sticking with the shared login, checking the domain upon registration does not apply.

    Which ever way you choose, you need to understand hooking filters and actions. (Or find someone who does) This is crucial to customizing anything in WP, so it’s well worth one’s time to understand this. Here’s one resource: https://developer.www.ads-software.com/plugins/hooks/

    I suggest reading on through the Filters page, information after that is not currently important. The link is to inside the Plugins Handbook, but hooks apply equally to themes and WP core code.

    The code developed to pull this off needs to be protected from updates of both WP and your theme. This can be done with either a Child_Themes or a custom plugin. There’s a brief summary of hooks at that plugin link that could serve as a review after reading the Hooks link above.

    To check that a user login contains “domain.com” or whatever, use the “authenticate” filter. You are not actually authenticating, it’s more of a pre-check. So hook with a low priority number (<10) argument using the add_filter() function so your callback runs before the true authentication. Don’t forget to pass any other legitimate users besides those with “domain.com” emails. To pass the login on to true authentication, return null. To fail it, return a new WP_Error object, which will cause any subsequent authentications to pass on the error, preventing login.

    You cannot alter logins with “authenticate”, only approve, pass on or fail. To alter login credentials, use the “wp_authenticate” action, where the credentials are passed by reference so you can alter them directly.

    To ensure “domain.com” is the email domain for new registrations, use the “user_registration_email” filter. This is the actual user email, not the login name that may also be an email. Again, don’t forget to allow the emails of other legitimate users who may not be on “domain.com”. If you want to manage the actual user login, use the “pre_user_login” filter.

    I have the feeling this is all quite overwhelming. It’s not as bad as it sounds. If you have any kind of coding aptitude and are able to grasp how filters work, you are ahead of most users and can probably pull this off. Besides the relatively standard code for hooking filters, the part that actually checks for domain.com is a one liner. The code for hooking a filter could be 4 lines or less, one of which is }. Anyone can do this with a little help if they are motivated enough.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Account creation with email address *@domain.com’ is closed to new replies.