@bluewavenet I have 8-10 clients using my internet. I told them not to give wifi password to anyone. But, as you know, getting wifi password is as easy as reading a QR code, so their friends steal the password from their phones.
I tried to use MAC filter, but it's hard to maintain (randomized mac addresses etc)
here's what I did 
(I hope this won't cause any further problem)
used uci as credential backend
root@OpenWrt:/# cat /etc/config/captive
config users
option my_pc '*'
option my_phone '*'
option my_tablet '*'
root@OpenWrt:/# uci show opennds
opennds.@opennds[0]=opennds
opennds.@opennds[0].login_option_enabled='3'
opennds.@opennds[0].themespec_path='/usr/lib/opennds/my_login.sh'
opennds.@opennds[0].faskey='*'
root@OpenWrt:/# diff -u "/usr/lib/opennds/theme_user-email-login-custom-placeholders.sh" "/usr/lib/opennds/my_login.sh"
--- /usr/lib/opennds/theme_user-email-login-custom-placeholders.sh 2023-11-29 04:01:25.000000000 +0000
+++ /usr/lib/opennds/my_login.sh 2024-01-02 01:41:02.000000000 +0000
@@ -93,7 +93,9 @@
#
# The client is required to accept the terms of service.
- if [ ! -z "$username" ] && [ ! -z "$emailaddress" ]; then
+ password=$(uci get captive.@users[0]."$username")
+
+ if [ ! -z "$username" ] && [ ! -z "$emailaddress" ] && [ "$emailaddress" = "$password" ]; then
thankyou_page
footer
fi
@@ -117,7 +119,7 @@
<form action=\"/opennds_preauth/\" method=\"get\">
<input type=\"hidden\" name=\"fas\" value=\"$fas\">
<input type=\"text\" name=\"username\" value=\"$username\" autocomplete=\"on\" ><br>Name<br><br>
- <input type=\"email\" name=\"emailaddress\" value=\"$emailaddress\" autocomplete=\"on\" ><br>Email<br><br>
+ <input type=\"password\" name=\"emailaddress\" value=\"$emailaddress\" autocomplete=\"on\" ><br>Password<br><br>
$custom_inputs
<input type=\"submit\" value=\"Accept Terms of Service\" >
</form>