Hello there,
I’m looking to authenticate a list of users in the frontend of my client’s site. A simple email/pass login form that will create them a user session to give them access to an otherwise inaccessible page. The passwords are already created and not encrypted, so it’s more like a coupon system. The catch is the list of users amounts to over 10K users, so adding them as users to the Panel manually is not an option. But somehow I need to make the list editable in the Panel anyway.
(You could argue Kirby was not made for such scale, but… I just love Kirby too much! [and it’s too late to migrate to another CMS 
]
The list of users exists as of now in the proprietary software of my client’s provider database, but it can easily be exported to some sort of spread sheet or CSV file. Since top security is not such a thing in our scenario, I had envisioned to simply use some sort of API (e.g. Zapier) to compare the inserted values with those in a, say, Google Sheet. However it seems that can’t be done without some crucial drawbacks (file must be public, or API call won’t send data back immediately after the request). Any ideas towards this third party approach are more than welcome, but basically I’ve moved to search for the solution within Kirby itself.
So, to have all 10K+ users able to authenticate, each would need to have a .php file in the /site/accounts/ directory, right? With Zapier I can have a PUT/POST/GET request fired every time a new row is added to a Goggle Sheet. If I could somehow program my own API to have a new user created in Kirby every time it receives a request send by Zapier… I just get a bit lost there… wouldn’t the request have to authenticate before performing such action (creating a new user)? Is this a realistic option at all or is it just to complicated? Where should I get started with documentation?
Another idea was to not use the Kirby user system for authentication (or not the proper way), but rather compare the inserted user/pass with values from a text field in the Panel containing the whole CSV-formatted list pasted into it. Would this be too vulnerable to being hacked? If so, where would be the breach exactly? Once I’ve authenticated the user, could I somehow take advantage of Kirby’s user system by assigning every authenticated person a sort of reusable account (with an actual .php file in /site/accounts/)? So that I can still use the Kirby user methods and not have to code my own.
Any guidance is welcome. Thanks in advance!