# ISSUE Modifying the Signup functionality to address some potential problems

[AlexiusTatius]

Two problems were pointed out in the current Signup method. The problems are listed below:

1. Problem1: What if a student decides to create an account with his/her own email, while signing up as a teacher. Currently there is no restriction of such regard. Anyone can create his/her own account as a teacher, by providing his/her @nitj.ac.in email.
2. Problem2: Let's say that we fix the problem1. How would we ensure that the teacher is really a teacher? This problem can be elaborated as follows: Consider a case where a new teacher just joins the faculty and he/she hasn't created his/her account as a teacher on the website. What if a student (who knows the new faculty's email) decides to create an account using the faculty's email? This is also a potential threat as the student can misuse the teacher's email.

Here are the potential solution to above problems respectively:

1. Solution for Problem1: The webmaster would maintain a database of all the faculty. Whenever a new person tries to signup. The logic would first check whether the person who is trying to signup exists in the webmaster database or not.
2. Solution for Problem2: We can send an authentication token to the respective mail of the teacher. (A logic similar to the one of reset password & nodemailer). When the teacher clicks on the link, the authentication will happen and then Signup will happen successfully.

I would encourage you to look at the overall workflow of the signing up. Check out this below image:

I would like you to make a single pull request with 2 commits. Where each commit solve the respective problem..