Adding Extra Validation To WordPress User Registration - wordpress

I'm creating a members only Parent Directory for my son's high school International Baccalaureate website. This directory will contain contact information (names, street addresses, phone numbers, email addresses) of parents from each grade who have students currently enrolled in the IB program. I need to be able to authenticate a parents access to the directory against a valid student ID (which is a number).
I have a spreadsheet that contains the names of each student, their student ID, and their parent's names. There are some instances where a family has more than one student/student ID.
I'm trying to figure how I should be thinking about this, as a general approach. I have a few ideas but I need to distill them down to a more succinct inquiry.
One thought would be to bulk create wp subscriber accounts for all students. Their student IDs would somehow be appended to the user record. Parents would be directed to a login page, where they would login with the username of their child, password(which could be reset), and a fixed student id. If validation passes, they are redirected to the directory page.
Another thought would be to create user accounts on the fly that references a separate table which includes the student ID. So long as that unique student ID is part of the registration and it authenticates, anyone who has that number can register a profile.
In either scenario, once an account is created, the contact profile could either be pre-populated with the users info or updated at that time.
So my question is: Am I thinking about this in the right way? If so or if not, how can I better define this idea to get a more accurate scope? And then, ultimately, I need some direction on some possible options for getting it done in DIY way.
Sorry for the long word count. Your feedback is greatly appreciated. Below are some links that seem to be in the neighborhood of what I'm trying to do.
https://wordpress.stackexchange.com/questions/45900/adding-extra-authentication-field-in-login-page
Integrating wordpress authentication with an existing user database

Related

Using Active Directory to restrict access to data in webforms app (mainly through populating dropdowns)

Please review the scenario and solution I came up with. If it sucks please tell me so.
Scenario
Need to create an application for submitting & viewing accidents reports that will be used by 50 schools. When submitting a form, an employee will select their school from a dropdown. Likewise when viewing accident reports, the employee will select their school from a dropdown. Some employee's are to be assigned multiple schools. Thus the dropdown needs to be populated with each school they are assigned to. The IT department wants to control the population of the dropdowns using Active Directory.
Possible Solution
Within Active Directory, create an organizational unit called AccidentReportingSchools
Within the organizational unit, create a security group for each school.
Add an attribute called SchoolName to the security group
Add an attribute called SchoolID to the security group
Write an active directory query to return all of the security groups that are within the AccidentReportingSchools organizational unit (created from step 1) that the logged in employee is a member of.
When an employee logs into the application, create a session variable or cookie for storing the employee's schools. Populate it based on the results of the active directory query.
Use the cookie/session variable to populate the dropdowns.
Alternate Solution
Tell the IT department that Active Directory is not well suited in this particular situation and that a database table should be used for assigning employees to their schools.
It doesn't sound like a bad idea. Though I don't think you need to setup an attribute for SchoolName. You can just go by the name of the AD Group. I have something similar (though not nearly as large in scope.) I created a basic Intranet page for IT Trouble Tickets.
And for what it's worth, if you plan on doing this through ASP.net look at MVC rather than WebForms.

create unique and editable profiles

I am working on a web development project that will require keeping records for around 3-4,000 companies. If possible I want to use a wordpress plugin that enables a user to CREATE a unique user account / profile and update their profile with their up to date information at a later date. I tested profile builder but it wont let non admins initiate a new account (something I dont want to do 4,000 times).
Information also needs to be searchable (income range, location, etc.). This is not necessarily a deal breaker as I could develop a second app to search the DB.
Right now I am trying to choose between building a app where a user can create an account and interact with a UI (time consuming). I hate to ask such silly question but I am not having much luck.
Approximate wireframe:
Enable user registration and dispatch the 4 thousand emails inviting to open an account.
The default User Profile system remains as it is, just basic user info (it's easy to remove stuff from that page and give it a nice style).
Create a Custom Post Type for the big profile with all the searchable capabilities this offers.
Limit the number of posts the user can manage to One.
Ask new questions as the specifics arise.

Can I do this with Drupal and Organic Groups?

Basically I have a site in which I want my clients to be owners of a group, and then anonymous users can add nodes through their group and my clients will receive notification if someone adds a node in their group.
Basically the service is a lead generation service so in effect the content type is a landing page and when anonymous users go to put their details in, dependent on which group they do it through, the client will receive the notification.
i.e. My clients group is www.example.com/group1 and they send out a link with their URL to generate some leads.
example.com/group1/node/add/landing-page
Once this node has been created, will it be possible to notify the group1 owner (I assume if I set the correct Rules)?
On top of this, I want the group1 owner to be able to login and see a Views display of all the nodes that have been created in their group.
I assume Organic Groups is the wway to go here, but I may be mistaken - any hep would be appreciated.
Unless this has dramatically changed in D7, I don't think you're going to be able to let anonymous users post into Groups. The whole concept and structure of OG relies on users being logged in and identifiable.
In other words, I think you have to be a member of a Group to post in it, and anonymous (user 0) can never belong to a Group.

Stop users entering my competitions more than once

I'm having a problem with my Facebook competition where users are entering multiple times. The required fields to enter are first name, last name and email. They can not enter the same email more than once, but they are just using different email addresses. I can not delete their entries however because there is no way to "prove" that it's the same person, even though it's dead obvious (exact same first and last name, all entries within 30 seconds of one another).
Our terms and conditions say that only one entry is allowed per person, per competition but apart from the email validation I can't find a way to enforce this.
When a user likes our page (which is required to enter the competition) is the ID of that user available from the signed request? Would it be within the Facebook guidelines to store this ID along with their entry details?
Thanks
no, you need to authorize the users then you get the Facebook ID.
You then can display a diffrent page as you know this user already taken part in the competition - so you dont give them the change to submit more than once for one Facebook ID.
as this will probably to late know, you can store a cookie. but be aware that users can delete this cookie.

Filtering Repeater items based on user status/role

I have a tricky requirement where I need to categorise documents attached to a product, available for download, based on the status of the user viewing the product. I.e. my site displays a list of products, clicking on one displays a product details page, and this page includes a list a documents related to the product, such as data sheets, user manuals, etc.
I have been asked to group documents into three classes of availability, v.i.z. those available freely to all users, including anonymous; those available to logged on users; and those available to anonymous users that provide contact information before downloading the document, presumably to boost sales leads.
The anonymous and logged on availabilities are quite easy, but the third seems a bit tricky to me. My first question is, is there a way I can filter documents for only logged on users without hooking into ItemDataBound or something, and my second question is, what is recommended for the case where a user must supply contact information to download a document?
In the second question, it has crossed my mind to actually register the user, but without them having to visit the new user registration page, and then I have role based filtering of documents. Currently the new user registration process automatically adds the Member role to all new users. Users I register 'quietly', just so they can download a document, wont be assigned the Member role, distinguishing them from normally logged on members. What other approaches could I take?
A lot of this implementation will depend on exactly what you want to accomplish and how you go about doing it.
For example, if I don't have access to the document, should I see the link?
If your implementation is that all users should be able to see it, but that the actual act of 'getting it' is dependent upon the individual role or membership, you could solve it fairly easy by implementing a "handler" to download the secured documents, that way you are not presenting a direct file link. That handler could then validate security, if they were not allowed, it could then take them to the login or register page as needed.
If the users don't see the documents until they meet the requirement, I would then filter BEFORE you bind to your repeater.

Resources