Support » Developing with WordPress » Authenticating without a password

  • Hi – I have limited web programming experience and even more limited WordPress development experience.

    Yet, I’d like to think I could solve the following problem with a little bit of help. At least, I’d like to understand whether it is solvable with WordPress.

    We sell digital books to schools via their booklist. This means only students or teachers from those schools that we’ve provisioned in our system should have access to a WooCommerce shopping page (schools will be provisioned via their name, web domain, and a few other attributes).

    My question is whether I could control the access by creating a WP Group for a school and place all students under it as users of that group. If so, can I create a login page without a password to let them access the shop page using only their email address?

    Or could there be a more elegant solution?

    There is also a scenario where students may buy a physical copy of the book from a shop. We call these Bundle schools. In that case, we offer free digital access if students provide proof of purchase. This means, in the above screen, we would need to detect a Bundle school and ask for an image upload along with the email to manually review their application. After the application has passed we send them the shopping page via email and they will only see the $0 version of the digital-book to buy.

    In both cases, it would be great to use the existing WP infrastructure rather than having to set-up a DB just for this.

    Thank you for your help…

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    To offer free digital access to certain students, I recommend asking in the dedicated support channel of your e-commerce plugin.

    As for authentication without passwords, that is possible, but I’d be concerned about security. It wouldn’t be hard for someone to guess at a valid email address and pose as a student for some sort of malfeasance. WP logins pass through the “authenticate” filter. If your filter callback returns a WP_User object, they’ll become logged in by WP. Return a WP_Error object to fail the login, or return null to let the default process do the authentication. Thus not all users can necessarily login with just an email. It all depends on your callback’s logic.

    Alternately, there are several single sign-on (SSO) plugins that authenticate users through some common scheme like Google or Facebook logins. I’d be surprised if there’s a plugin that will allow logins with just an email address. That may need to be custom coded.

    Thanks bcworkz. That’s a great comment.

    I’d agree with you that the email can be guessed or a friend’s email can be used to buy the books from another school.

    We are able to absorb the occasional mishaps (after all they are buying our book) but we are concerned to have that widespread. Making it difficult to access will make it acceptable if we can build a quick and dirty solution.

    As you say, it can also be implemented as part of the e-commerce solution but that would probably be more involved. We don’t want them to even see the product if they are not allowed to.

    You gave me the following idea:

    1) Create a WS Group for each School using the Group plugin.
    2) Load student and teacher emails against each school as users. Set the user name to <Group Name>-<User Email> when loading.
    3) Challenge the visitor with a page where they see a list of all schools and an email field. They select a school and enter their email. The combination forms the WP user name.
    4) Change the WP authenticate filter to return a valid WP_User if the WP user name matches. It also returns a property that indicates whether it is a “Bundle” school or not. (I wonder whether this can be loaded as a Group Property when loading the groups)
    5.1) For Bundle schools, deny the login and ask the student, on the same page, to upload the proof of purchase for the hard copy. Then they are told to wait for an email. Upon manual approval, they receive an email with a link to the shopping page.
    5.2) For non-Bundle schools, allow the student (or the teacher) to pass through to the Shopping page based on their email
    6) Associate the related products for each School using WooCommerce Group plugin so they only see the relevant product (each school has a different expiry date for each book)
    7) Student buys the book and obtains a download email

    Moderator bcworkz

    (@bcworkz)

    TBH, just about any scheme you can imagine is possible. But it may need to all be custom developed. To use existing plugins, you’d want to work as much as possible with their established methods. It is possible in many cases to customize plugins with a bit of custom coding so they are a closer fit to your needs. This usually means less custom work is needed, but some compromises may be necessary.

    If you are using WooCommerce, they have tons of extensions to meet various needs. It’s worth poking around and seeing what might be useful.
    https://woocommerce.com/products/

    There are also a fair number available through the WP repository.
    https://wordpress.org/plugins/search/woocommerce/

    There are also various user management plugins that let you manage which users see what.
    https://wordpress.org/plugins/search/membership/

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.