tags:

views:

95

answers:

5
+1  Q: 

Database schema design: What to do about unverified invitations?

I'm not quite sure how to approach this issue:

I am creating a web application that has an invite only registration system. An admin user sends an email invitation to a user, the user clicks the link, and takes them to a page where they can create an account that has been linked to their email address.

My initial idea was to insert a row into my users table, with the verified column marked false. The problem is I have username, and password as required fields and username must be unique. So I can't just insert an empty row to be filled out later.

Should I create a separate table for the invitations? What would be the best way to approach this type of scenario?

Update: The admin will enter the first name, last name, email address, and user role (permissions). So I will need to store all these things in the invitations table. I could also store date sent and update that value if the email ever needed to be re-sent.

+4  A: 

You have to consider scenarios where invitations get lost, get deleted by accident, or for a host of other reasons, are not usable and have to be re-sent.

Also, an invitation is a separate entity from a registration. I think you should create a separate table to track the invites vs. to see who registered (from which invite)

Raj More  2009-10-27 18:14:53
thanks for your answer. I hadn't thought about lost/deleted invitation emails until your answer.
Andrew  2009-10-27 20:08:37
A: 

Couple of ways to look at this. If you go the separate route where you create another table what happens when the evaluation phase is over, do you have to copy those evaluation users over to your real user table? User names can be defaulted to a specially crafted GUID that you've programmed to handle entry into your users table.

JonH  2009-10-27 18:14:59
what do you mean by eval phase?
Andrew  2009-10-27 18:16:40
i think jonh is assuming you are doing an invite only beta, like google is fond of doing, and that at some point your system would be open to all. I get the impression from your post that instead your system will always be invite only.
Peter Recore  2009-10-27 18:23:54
yes, this is a private, invite only system. never open to the public.
Andrew  2009-10-27 18:28:14
@Peter - yes that is what I meant :)@Andrew - sorry for the confusion
JonH  2009-10-27 18:54:43
A: 

I would recommend a separate table for invitations. It seems pretty clear to me that your invitation is basically a token allowing someone to register.

HackedByChinese  2009-10-27 18:15:44
token, exactly! A user can't register unless their email address (token) has been added to the list
Andrew  2009-10-27 18:29:42
hmm, in light of your recent update, i suppose my opinion has changed. before, it wasn't clear that there was a lot of account information specified when the invitation was sent. if the admin already knows their name, email, their roles, etc., then you might as well just create the User and go back to your `verified` column idea. You could always use their email address as their username, which you could allow them to change after verifying/completing registration.
HackedByChinese  2009-10-27 18:34:10
A: 

A separate table makes the most sense to me. That would allow you to maintain data integrity in the users table, and would provide a more readable data model. It is easier to say "invitations go in the invitations table" than "invitations go in the users table but with the verified column set to false".

MikeWyatt  2009-10-27 18:16:23
+5  A: 

Yes, you would make a separate table to manage invitations.

Then when an invitation is accepted, you have a few choices. First you'll want to decide if you need to maintain an association to the original invitation either for tracking or "family tree" or some other historical purposes.

Next, if so, you'll need to decide how you'll do that. Delete the invitation and store any relevant info w/the user record? Keep the invitation record and set a foreign key?

I might be able to give some more fine-tuned advice if I know more about the system you intend to create.

Peter Bailey  2009-10-27 18:16:26
I added an update to my question. If you have more specific questions, please ask.
Andrew  2009-10-27 18:27:01
Yeah, I really don't have anything to add. You're just going to ask yourself how must historical information you care about in terms of what you keep after the invitation -> registration process.
Peter Bailey  2009-10-27 19:03:36
thanks, I hadn't thought about what to do with the history until your answer.
Andrew  2009-10-27 20:06:59

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases