[wp-hackers] "commenter" user role

Hikari lists at hikarinet.info
Sat Mar 6 04:33:37 UTC 2010


----- Original Message ----- 
From: "Mike Schinkel" <mikeschinkel at newclarity.net>
Sent: Friday, 05 March, 2010 10:11 PM



| What is a "user", really?  Isn't a user merely a human that interacts
| with the site?  Any other definition is merely one person's individual
| preference.

a user for me in this context is somebody that needs his data stored in database to do some interaction with the site

would you like if each and every site you visit asks you to register and pass some of your personal data just to be able to read an 
article, arguing that you are a user?

I really don't like when a site forces me to register to be able to simply comment in a post



| Commenters as users make perfect sense.  It opens up the ability to
| have pages for each commenter showing the posts they've commented
| on, and more.

You can do that using email as index, since ATM users already use their email as an indentification basis for their (Gr)avatar

just create a plugin for it




| Honestly, having the ability to have a person categorized and tagged
| would solve real worlds needs for most sites I've been involved with.

force them to register to be able to comment then


| One major site that I developed was a NASCAR sponsorship site for a local Fortune 100 company.  Had
| users been in wp_posts of type "user" (or better,  "person") then each team member could have easily
| had their name, bios, "fun facts" using custom fields such as favorite food, favorite TV show, first car, etc.
| and tagged with various attributes like "driver", "pitcrew", "manager", "enginetuner", etc. Having
| "people" as accessible as "posts", "pages" and other custom data types would open up WordPress'
| usefulness even more.


That's a great idea and I'd love it. But would you use wp-posts JOIN wp-postmeta for login, rules, permissions and security matters?

I'd rather hook an action upon user creation, which would automatically create a custom typed post, and design a profile page where 
he'd fill his profile, which would be stored in his post's metadata, and have the "post" filled automatically.

One of these metadata would be wp-users PK.



| If Grandma can type a comment in a post box she can handle a dialog
| that points how she has been inconsistent and asks her what to do. Or
| we can simply put up with the inconsistency by storing it in post_meta.

but... if we are gonna deal with same users having different names, emails and urls... isn't it better if we don't store these data 
in 2 or 3 metadata rows for many comments... why don't we simply add 2 or 3 fields to wp-comments table and bind user data to each 
comment?




| On Mar 5, 2010, at 6:30 PM, Brian Layman wrote:
| > With the trends for linked social communities being what they are and
| > with remembered social app auth needs, the desire for registered users
| > is going to go up.
|
| +1
|
| I bet if you can survey the top 25 high traffic blogs on WordPress that haven't already implemented similar custom user/commenter 
functionality most would prefer commenters be recorded as users because of the additional user engagement opportunities that would 
provide them.


This need can be solved with a plugin with a new wp-commentators table, and linking each comment to its rows.

Currently registered users? Add a field to wp-commentators that FK wp-users, or simply the plugin uses wp-users and gets the 
responsibility for it.



----- Original Message ----- 
From: "William Canino" <william.canino at googlemail.com>
Sent: Saturday, 06 March, 2010 12:22 AM


| Guys, let's not fret about the security implications here.  Any
| blogger who wants this is already using the  "Only registered users
| may comment" feature.

But the original suggestion was not to develop a plugin with an enhanced feature. If it was, I at least would love it.

The problem is that the original suggestion was to take wp-comments's comment_author, comment_author_email and comment_author_url 
fields off the table, and use its user_id field to point the commentator's account at wp-users. And have it into core! That's 
something freting about! :P


| > but sites that most commentators add only 1 comment and never come back, even to read the answer
| (I have some of those in my sites
| > and I hate it!), and a bunch visitors that add 2 or 3 comments only, it would just flood wp-users with
| useless data that hackers and
| > spam comments could use to hijack the site
|
| With better tools to enable and encourage comments (which this could be the base of), there might be
| fewer one time commenters...


I doubt it. Most visitors my sites have come from Google, searching for a specific subject which my article talks about.

When I used to follow Google Analytics I saw that very very few ppl came back, and even ppl that comment criticizing my articles 
come back to see my answer.

Once they are gone, they are gone, unless they bookmark it to come back or are spammed to remember about it. They are not coming 
searching for a new yorkut or youtube to "live" and interact, they are just searching for a text to read some of its parts.

It would require much more creativity to attrack random visitors to have average Wordpress sites as somewhere to always comeback, 
then just the site giving them an account and filling their name and url when they fill their email :P



But don't take me wrong, I'd love a plugin with more features related to commentators. As long as I'm not forced to share my 
wp-users with them :P

I understand some sites wanna have users account and stuff, but some sites also don't.



| > I'd really not feel confortable having commentators sharing the same user table I use, with a little
| database query being enough to
| > let they do anything they want
|
| How does a record in a database make a site less secure?  It's only less secure if the site enables them to
| login using that database record which by default should be disabled, right?


But... why use wp-users if they won't login?...
If it's just a matter of "the same commentator should always use the same name, email and url, so I don't want these data being 
duplicated, I want them stored in their own table and just FK them to each comment", then wp-users is really not the best place to 
do it.

Because wp-users is not simply "a table to store users and visitors data", it's to store data from users that are *more than 
guests*, that should be remembered when they come back, and that potencially can have their account promoted to a bigger rule in the 
site.

What's the problem with that? 2.9.2 as I remember was released to fix a security bug related to sites that let commentators have 
accounts...



| > ATM my wp-comments have 561KB with 491 comments, wp-posts have 9MB with 281 posts, and wp-
| users have 4KB with me
| >
| > if 150 of those comments would generate 4KB in wp-users, it would be 150 users that I can't delete and
| that will never come back,
| > bloating it with 600KB, exactally the size of wp-comments today
| >
| > how much would wp-comments shrink with the change? 80KB?
|
| Is 600KB really a concern? Does your web host charge for disk space by KB?   600KB is many orders of
| magnitude less than a low end machine running MySQL can handle.


Nice, if that's not a concern, leave wp-comments alone, with each comment storing its commentator data, and with Wordpress dealing 
with cookies so that this data is remembered when he comes back wanting to make another comment.

I thought the original need behind this idea was to shrink space from wp-comments with not duplicating data from the same 
commentator :P

I just said that moving this data from wp-comments to wp-users would increase database size instead of decreasing it :D



| A major client of mine and a fortune 100 company demanded we require all people to create an account
| *before* they could comment *and* their goal of the site was to drive social engagement, LOL!  Let me tell
| you how frustrating *that* was! :-)

I hate multiply and blogging sites like that. I google something, am thrown to a post on a blog on it, wanna comment, and they want 
me to register. And have a blog there so I can comment! And the incredible thing is that there are ppl blogging there! Even more 
interesting is that most of those bloggers, are old aunties, something like Betie we're talking :P

But... your client is paying you to do what he wants. Your job is to identify wrecking ideas before they are implemented and warn 
your client about it. If he insists, it's his responsibility :P 



More information about the wp-hackers mailing list