Engelsystem: Enhancing security in registration form

My first impression when looking at the PHP application (Engelsystem) was that it is a well-built MVC app. It seems to have everything an event manager could want. But the security implemented in the registration form was not good.

Registration forms are a great way to follow up people’s interest in what you are offering on your website and with these tools you are able to make sure it is done right. Unfortunately, registration forms can be a large source of a sender acquiring bounced addresses and Spam Traps which could cause your business to spam a hosts mailbox without proper validation of addresses. This can reflect poorly in your SendGrid internal reputation as well as reflect poorly upon your business. Fortunately, there are many helpful techniques that can help a sender avoid many of the issue that can come up through their registration form.

A registration from should ask for complete information about the user to ensure that the user registering for the service is not fake.

Sometimes in the registration process, a person makes a mistake in entering their email such as [email protected] or [email protected]@domain.com. By entering the email address twice and having a system in place that checks that the addresses match up, the person entering their email address has a much smaller chance of accidentally entering an invalid address.

A good technique in protecting your registration form from bots is placing a required Captcha in the form:

04

A Captcha is a test to ensure that form is filled out by a human being as opposed to a bot. The image is not replicable by a bot but easily replicated by a human being.

One common issue that arises with email registration forms is people registering false or fake addresses. To prevent this, the form can say that the service is not granted unless they confirm via email that they would like the service. This can be done with a Double Opt-In Email, confirming that their address exists. A double opt-in email not only helps ensure that there is an actual human being registering but also validates that the recipient did indeed sign up for your registration.
There are many great techniques available to protect your registration form but a balance must be created between user friendliness and security. Some forms have many required fields in registering as well as checks to make sure that the form is filled out correctly. Too many fields can drive away potential interest in your site or product. One way to balance out the registration process is to have other information about the person be collected on a landing page after the registration form is done. This serves to be both user friendly as well as allow you to collect valuable information.

In my first week, I enhanced the registration form, adding new fields and marking some fields as important.

05

Development: https://github.com/fossasia/engelsystem                                           Issues/Bugs:https://github.com/fossasia/engelsystem/issues