?
[quote user="Nandurius"]It sounds like the invitation system is not
up for debate, and I'd think that it's pretty sound. After all, it's
pretty much along the lines of the various invitation-only services
that pop up online every now and then.What you could consider is
reverse-invitations. Rather than having the instructor give the student
an invitation code, the student gives the instructor his system
username. The instructor goes to the course administration page, clicks
on 'add student', and the given account is added. Since registration is
open to anyone, the students can register in advance, and it's much
easier than doing it the other way around. [/quote]I'm
not too keen this idea of reverse-invitations, for the following
reason. If the instructor wants John Doe to enroll in an invitation
only course, he has to ask John Doe for his username. If John Doe isn't
registered with the system, he has to tell John Doe to first register
with the system, then send his username to the instructor once
registration is complete. Once the instructor gets John Doe's
username, he can then use it to add John Doe to the course. With the
current system, the instructor has to tell John Doe, "Hey, I think
you'd like this course I'm teaching. Go to www.TheSite.com and enroll
in it. It's invitation only, so here's a code you can use to get in."
After that, the instructor is done. That seems easier, at least for
the instructor, that the reverse-invitations system. However, I might just be misunderstanding what you meant.
If so, please let me know. [quote user="Nandurius"]Is there any point in adding users that don't have an account with the system?[/quote]I'm not quite sure what you mean.[quote user="Nandurius"]
If you insist on doing invitation 'passwords', then your current scheme will work just fine.I
can think of a whole bunch of ways of generating shorter keys, and no,
I wouldn't want to write down an UUID someone is reading to me either.Since
the objective is to make the passwords non-predictable, you'll have to
use some kind of random or hashing function. As far as hashes go, MD5
is pretty standard, but not much better than UUIDs. CRC32 seems
perfect, because it's short and not too complex. Crypt() might also
work, but it'll be ugly as well. You can has the current
date/time, but you have to make sure that the function doesn't run
faster than the resolution of the timer. You can avoid that by using
the current time, as a string, with numbers from 1 to X appended to it.
If the hash function is any good, the one character difference will be
more than enough.As for random words, this is really fun. Just
generate a list of adjectives and one with nouns. Pick one from each,
until you have enough. Words like OrangeBadger, Jollyllama or shinycar
are trivially easy to say, write down, and remember.
[/quote]Thanks for the ideas! Seriously, I positively never would have thought of the Adjective/Noun idea on my own!