tags:

views:

61

answers:

2
Q: 

How could I create two levels of authentication for registration on my site?

I already have a simple registration system in place using php and mysql. It operates well enough. However, when people visit my site and register, I would like for them to register as part of a particular group. So, I was thinking that registration would happen like this:

Visitor lands on index.php, clicks on "Group Registration" link.
Visitor supplies group name and group password. [A new table is created for that group where all user data will be stored for that particular group]
Visitor then is prompted for typical registration data--name, email, etc.--and that data is stored in the newly created group table.

Any subsequent visitors associated with that group would click on "User Reg"
The visitor would be prompted for group name and password
If correct, then he would be prompted for typical reg data, to be stored in his group's table.

What I don't know how to do is implement the group authentication prior to allowing user registration. Can someone help me with that?

+1  A: 

What you want to end up with is a table for your users and another (single) table for your group information. The user table will have a foreign key field to link it to a group. When a user joins a group, you will enter a value in that field. Users not in groups will have a null value in that field. If users can create groups, they will simply be adding a new row to the groups table.

If your users can be in multiple groups, set up your tables like this.

USER
- id
- username
- password
- etc...

GROUP
- id
- name
- password (?)
- etc...

USER_GROUP_CR
- fk_user
- fk_group

The USER_GROUP_CR table is a "cross reference" or "link" table that will allow you to create a many to many relationship. This way you can have users in multiple groups without creating extra tables. When a user joins a group, add a row to the USER_GROUP_CR table with the id of the user and the id of the group. You can query this table to find out which groups a user belongs to, or to find out which users are in a group.

You should not create a new table for every group.

Scott Saunders  2010-06-28 14:14:56
And just to add onto Scott's outstanding solution, if your users will only be able to be in one group (ever) you could put a field called "GroupId" into the User table and link the tables there (eliminating the user_group_cr table) Either way, this is definitely a better solution than making many many duplicate tables.
bpeterson76  2010-06-28 15:21:55
+1  A: 

If the visitor is entering a group name and password, then you can authenticate the same way you are doing the users. You just need to first ask yourself if the group name needs to be unique or the group/password combination.

As for your idea to add a new table for each group, that is a bad idea. Imagine if you have 100 groups. Then you will have 100 tables just for groups. If you get up to 1000 groups, then you will have 1000 tables. Try managing that. It will get really frustrating really fast. Instead, what you should do is to first create a "Group" table with all the associated data (group name, password, etc). Then add a field to your User table that will hold the associated id from the Group table. That way, whenever you look up the user, you can easily check what group the user is in simply by joining the two tables rather than trying to figure out what table to look at as in your original plan.

Joseph  2010-06-28 14:19:05
The problem is that the group tables will only exist for a couple months at a time, and I want users to register separately for each group they are in.
David  2010-06-28 15:01:40
That is fine. You still don't want to create a table for each group. If you want each user to be able to register for only one group, then there are no issues with what I suggested. If each user can be part of more than one group, then there are additional things you can do as well. There is no problem that I see with groups only existing for a couple months at a time. Perhaps you can explain how that is a problem?
Joseph  2010-06-28 15:20:18
Also if u need to eliminate some record created for group after some time, then you could do that with **cronjob**
Eugene  2010-06-28 15:48:54
It would be better to add a `disabled` field into the group or user and run a disable check on login. This may not be the most efficient on extremely large sites, but on small to medium sites, this is more effective as there are fewer points of failure.
Joseph  2010-06-28 15:58:39
What is so bad about having hundreds of tables if queries are only ever run against specific tables, not across the whole database?
David  2010-06-29 12:16:57
Two questions: 1 - How do you know which table to run the query on? When a user logs in, which table to do you go to in order to verify their login information? 2 - If you need to look for a specific user, but you don't know which group they are in, how are you planning on finding that user?
Joseph  2010-06-29 13:37:45
Joseph's reasons for not using multiple tables are excellent. There are also security issues. Your web app now needs to be able to create and delete tables, so that MySQL user has to have those permissions. And your code to delete tables for groups that are disbanded will have to be incredibly tight and secure or you risk and SQL injection easily deleting all of your tables.
Scott Saunders  2010-06-29 14:14:39
Are you saying that I authenticate a person with two concurrent sessions, first with group/pass, then with user/pass?
David  2010-06-29 17:29:15
No. Why would you authenticate them with the group/pass? If the user is associated in the database to the group via the ID, like I recommended, then you will know what group they are part of, and the only authentication you would need would be the user/pass. The only reason for the group/pass at all that I can see would be to edit the details of the group itself. As for the concurrent session part of the question, you can have the two factor authentication, but use only one session once the user has been authenticated.
Joseph  2010-06-29 17:39:11
I want group members to be isolated, basically, and I don't want anyone to join a group they are not actually a part of. People come to the site for the purpose of establishing a temporary group presence on the site. The site fulfills a few minor administrative functions while the group exists, then it's over. So, every function that a user engages in on the site is group related. How do you suggest I accomplish this?
David  2010-06-29 18:00:16
My understanding is been that each member can be part of only one group and that the process of creating the group consists of two steps: 1) Create the group. 2) Create User accounts. Once the users are created, each user can log in to take care of any user-specific functions (communication between members, file-sharing, editing details, whatever your site is going to be used for), and whomever has the group login can log in as the group when editing those group specific functions (such as membership, name, and password).
Joseph  2010-06-29 18:14:54
Don't get hung up on each group being temporary. I understand that the groups will be short-lived, but think instead of the groups being around for 6 months or even longer. This may help things make more sense.
Joseph  2010-06-29 18:15:28
I think the issue is that I want whomever creates the group to have access to administrative functions for that group, and I want every other group member to be able to register with that group themselves, without any administrative approval.
David  2010-06-29 18:22:05
So can a user be part of more than one group?
Joseph  2010-06-29 19:17:42
I'm willing to say no.
David  2010-06-29 19:38:53
Ok. So User A creates a group and a user account at the same time. This sets a flag in the database that this user is the admin of the group (can be done in group table or user table). User B creates a user account and enters the information identifying the group they will belong to. This can be a unique identifier or using a group password. When the account has been created, the ID of the group is stored in the UserTable in the database with the account information. (continued)
Joseph  2010-06-29 20:27:53
When User A logs in, the flag is checked that identifies User A as the group admin and group admin functions are displayed. When User B logs in, the flag is checked, and the group admin functions are not displayed.
Joseph  2010-06-29 20:28:20
Would you recommend that I have a single-page registration form for the admin-user/group creator(containing fields for user and group variables) and a completely separate registration page for users registering with a pre-existing group?
David  2010-06-30 15:01:16
Have a single registration page. On the page, have an option that lets them choose between entering an existing group and creating a new one. The fields for creating the new group can either be on a new page or the same page.
Joseph  2010-06-30 16:00:21

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL