GriffinSauce
commented
9 years ago Idea for adding users:
Ask the admin how many users (s)he would like to add, generate a token and save the token + groupid + amount to db. Provide a link with the token.
When the link is used to join successfully, the amount is --'d, when it reaches 0 the token is invalid and joining refused.
This means the Group is only vulnerable to brute-forcing while the invitation is open. With a big enough token this should be pretty safe. We can even handle errors intelligently, giving a different response to non-existent tokens and invalidated tokens.
Adding / removing users from an existing group