By sucu on

We are currently setting up Drupal for a university society. As such signups need to be restricted to university members, defined as those with a university username (and hence email address).

The way we did this on our home-grown system was to force their username to be their university username, and then we'd email their password to the associated email address, which they'd change when they first logged in.

We've been able to add the extra data fields that we and our Students Union requires using the profile module. However we cannot work out how to restrict the registration as described above without hacking user.module, which to ease future upgrades we'd like to avoid.

Without rewriting it, is there any way to force the user registration to take a username and construct an email address from it (appending the university domain)?

Also, is there any way to give people a "Display Name" option so that this, rather than their university username can show next to posts they make?

Thanks!
The SUCU web team

Categories: Drupal 4.7.x

Comments

markus_petrux’s picture

markus_petrux commented

You could probably do this by writing a custom authentication module, though I'm not sure if there is documentation on how.

There are already some contrib modules you could look into such as LDAP integration, Pubcookie, Webserver auth and maybe others.

Also, there is a patch that if applied could allow authetication with local databases without the need to hack the user module.

I hope that helps.

Doubt is the beginning, not the end of wisdom.

sucu’s picture

sucu commented

While your suggestion makes sense we cannot go this route because the university do not provide a central authentication server for use by societies, only by their own services.

This approach would also allow anybody at the university, rather than just members of the society to log in..?

markus_petrux’s picture

markus_petrux commented

With an authentication module you could validate against a DB or simply apply more complex rules than those provided by access control » account rules (as suggested by Richard).

Doubt is the beginning, not the end of wisdom.

sucu’s picture

sucu commented

Ah OK, I misunderstood you the first time. I'll investigate this further.

Thanks!

sillygwailo’s picture

sillygwailo
Location Toronto, ON
commented

If all you need is to verify that they have a university email address, then you can use account rules (access rules in 4.7).

  1. Click administer » access control » account rules tab (access rules tab in 4.7).
  2. Click the add rule sub-tab
  3. Select "deny", then "E-mail"
  4. Type in % (that is, the percent sign)
  5. Click the "Add rule" button
  6. Click the add rule sub-tab again
  7. Select "Allow", then "E-mail"
  8. Type %@example.edu replacing example.edu with how email addresses end for your university
  9. Click the Add rule button

Test out the rules with the check rules sub-tab, to see whether people entering an acceptable and unacceptable email address. As markus_petrux suggests, authenticating against an exisiting user database is probably the best way to go long-term, but at least with the method described above, you can implement a simple authentication scheme.

(Username formerly my full name, Richard Eriksson.)

sucu’s picture

sucu commented

Thanks Richard, we will investigate this approach!

lias’s picture

lias commented

I hadn't used access rules until now and they're nifty : )
Lsabug

Stomper’s picture

Stomper commented

For the first step, the deny rule. What's the difference between "%" vs "%@%"? Same thing, right? Is one better than the other?

Also, if access rules are created by the site admin (user 1), is it impossible to lockout/deny access to the site admin?

Also for those who lock themselves out (admin or uid 1) you can get back in by deleting the rule from the "access" table using PHPMyAdmin. I am not sure if this is the best idea, but if the admin is using an email that is being denied by an access rule, make an access rule to allow that specific email address.