views:

726

answers:

3

I write the code for my own website as an educational/fun exercise. Right now part of the website is a blog (like every other site out there :-/) which supports the usual basic blog features, including commenting on posts. But I only have comments enabled for logged-in users; I want to alter the code to allow anonymous comments - that is, I want to allow people to post comments without first creating a user account on my site, although there will still be some sort of authentication involved to prevent spam.

Question: what information should I save for anonymous comments? I'm thinking at least display name and email address (for displaying a Gravatar), and probably website URL because I eventually want to accept OpenID as well, but would anything else make sense?

Other question: how should I modify the database to store this information? The schema I have for the comment table is currently

comment_id       smallint(5)       // The unique comment ID
post_id          smallint(5)       // The ID of the post the comment was made on
user_id          smallint(5)       // The ID of the user account who made the comment
comment_subject  varchar(128)
comment_date     timestamp
comment_text     text

Should I add additional fields for name, email address, etc. to the comment table? (seems like a bad idea) Create a new "anonymous users" table? (and if so, how to keep anonymous user ids from conflicting with regular user ids) Or create fake user accounts for anonymous users in my existing users table?

Part of what's making this tricky is that if someone tries to post an anonymous comment using an email address (or OpenID) that's already associated with an account on my site, I'd like to catch that and prompt them to log in.

+3  A: 

The whole point of anonymous comments is that users don't have to login, right?

My personal taste is to not force the user to enter anything, not even their name! The only requried field is the comment text itself. If they don't want to give out their name or email, fine, who cares?

If they provide an email that already exists, there's a chance that they registered a looong time ago and don't even remember their password.

Again, don't force the user to login in that case. Just give them a choice to either login or leave email field blank (or change its content). Or, just show a warning box telling them that the comment will be sent without the email address, with "ok" and "cancel" options.

So, what to store with the anonymous comment?

I'd say store their name and email (of course, don't display their email to the public), but make them optional fields, not mandatory.

You can also store their website, although I personally don't know what's the point of that, other than maybe self-advertising for the anonymous poster!

hasen j
Well, I'll need the email address anyway to send a verification message, so I figure I might as well store it - of course it wouldn't be displayed directly ;-) But I kind of like the idea of just being able to leave a comment without any other information.
David Zaslavsky
The confirmation email is also a source of annoyance for users, sometimes it's necessary (subscription/registration confirmation, for example), but leaving a comment certainly doesn't need an email verification.
hasen j
A: 

No question, you enter the "username" on the comment table. And you copy the value in your user table to that field for logged in users. This way if a user is deleted, their comments still have a name attached to them. Comments are usually hierarchical making it difficult to just delete one in the middle of a comment tree.

If they leave it blank, you enter your "anonymous_user" text in the table.

jmucchiello
A: 

if an anonymous user wants to make a comment, present her with a captcha and explain her that it would be easier for her to make comments if she had an account. then ask her only the necessary like 'subject' and 'comment' and store eigher 0 as user_id or store the IP as user_id so you have a little extra information which you can get without asking for it. in that way the user is not bothered and you still have a possibility to temporarily block certain IPs if you should experience abuse.

tharkun
traditional image captchas are annoying! see http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches
hasen j
I don't find them annoying.
tharkun
most users do! that's what matters
hasen j