Re: [nyphp-talk] The user table

Fri, 04 Mar 2011 12:15:17 -0800 

 On 3/4/2011 2:30 PM, Gary Mort wrote:



Oh, and get rid of that password as well.  It doesn't need to be in 
that table and because it is assumed to be there, I have to do some 
really hackish things when one wants to authenticate in some other way.



    I've kept the password in a separate table for a long time.  This 
makes it easy to send somebody (like a developer) a copy of the database 
with the password redacted.



    In the latest system I've built I have a 'credential' table that 
can represent credentials of different kinds.  This can be a password 
for local login or it can be whatever information is needed to validate 
someone as a Facebook Connect,  Twitter or OpenId user.  Users can have 
multiple credentials.  I think that user-facing web sites in 2011 and 
beyond are going to want to have the option of federated login.



Keep an aka table and timestamp it.  Everytime a username is set, mark 
it in the aka table with a start time and a null end time.  Get in the 
habit of checking the also known's when checking user data.   Oh, and 
to make things not take forever, when a user updates their username, 
set their new name immediately and fire off a queue process to check 
through the database and clean up existing data.



    I think you should always use the internal id in anything that 
appears in the database,  although you might show the username in the UI 
at times.  If changing the username involves anything other than 
changing one column in the table,  there's malpractice going on.  (Like 
the hard-coded URLs in Wordpress)





Lastly, in there is one problem with getting rid of userid's.   When a 
dumb American is trying to troubleshoot a user problem, sometimes it 
is very difficult over the phone to get correct spelling.   But that 
is easily handled by the aka table.   Assign everyone an identifier in 
that table for those times when you need something short and easy.  
Just make sure if you do that to make it something easily communicated 
over the phone.

    My eight year old has a lisp,  so I've trained him in the 
international phonetic code (Alfa, Bravo, Charlie, ...)  People always 
understand what you're saying,  and if you're speaking and can't 
remember the word you can ad-lib it.

_______________________________________________
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/Show-Participation























					Reply via email to