Hello. Is it possible to store user data with the role of "admin", requiring a password during authentication and users who do not require registration and authentication. For these users, it is necessary to store temporary data that they paid for an hour of testing on the site. The user table structure follows:

  1. id (not null)
  2. name (not null)
  3. pass (null)
  4. role (default "guest")
  5. status (integer payment statuses, for example 0,1,2, etc.)

The fact is, to solve the specified task, I make the pass field not mandatory in the table, but I will check it for sure when authenticating the administrator. Do I go right? And what will you advise me?

Thank.

  • it is possible to take out the role label separately and make the link label, then you can add more than one role to the user - zb '

3 answers 3

Two different entities emerge: users - authorized system users, such as administrator (s), testers, etc. depending on the role; and customers are customers with a completely different set of fields and processing logic. You do not need to push them into one table, you will never need both entities in the same sample.

  • never say never and when it is needed it will be too late. - zb '
  • I understand you advise the opposite? In general, I would like to know your opinion. - Samat Zhanbekov
  • Yes, I advise you to keep one user entity and enter it into groups, by asking which group you can always find out the admin or not. there is no point in separating these users into different tables, properties are usually specified in a related table. My example is proved by the device ACL in operating systems. - zb '
  • I do not fully understand what you mean by groups. (Separate table of groups?) As for the variant of the table in question, is it correct? Or what's wrong there? - Samat Zhanbekov
  • one
    everything is fine if the application does not intend to create roles from the application itself. - zb '

Non-registered users are temporary users. (The question is why it is unnecessary to clog the base of any rubbish, this is basically necessary only for visitor statistics, and then it will eventually be removed) Imagine 7,000,000,000 users in the world (all of a sudden they went to the site) and if all this is translated into 1 kilobyte or more, it will take the right place with delicate things. So, that administrators and not for registered users should definitely be in different columns.

The question is different, if you are trying to make one form for administrators and users (registered), as an option you can use one table only to specify the user level: administrator, moderator, user, subscriber or someone else as implemented in wordpress

    I would advise you not to mix one with the other.

    Store all users in one table, and in a separate table, store roles. Log in through the usual password authentication (or without it, but IMHO it is not correct). Check on whether the user is an admin, do, using the data from the second table. So less chance that someone will be able to get admin access.

    And the most reliable way is to have an admin panel (client part), access to which is limited to the list of users stored in a separate table and not related to the first one.

    • one
      and the meaning of the fruit of the essence? - zb '
    • Could you give references to materials where you can read about it in detail? - Samat Zhanbekov
    • one
      Still, I will ask: Why, if the roles are stored in a separate table, is it harder to get admin access? Why is tying roles in the same user table worse? - Samat Zhanbekov
    • At least in terms of security. If you managed to get access to the user table, then you will need to get to the table with admins data. And when it is all in one - not long and admin access to get. In general, you do whatever you like, but if you develop the project, sooner or later you will come to this :-) - Johny
    • 2
      @Johny and how is it more difficult? Explain is not abstract, if I can do "SELECT * FROM USERS" why I can not do "SELECT * FROM admins"? IMHO is just an imaginary security, a false path. It is much easier to track user rights if there is one clear way to get information about them anywhere in the code. Imagine that there are admins, moderators, managers, users, guests ... each sign? - zb '