[wp-hackers] "commenter" user role

Mike Schinkel mikeschinkel at newclarity.net
Sat Mar 6 05:55:33 UTC 2010


On Mar 5, 2010, at 11:33 PM, Hikari wrote:
> would you like if each and every site you visit asks you to register and
> pass some of your personal data just to be able to read an 
> article, arguing that you are a user?
> 
> I really don't like when a site forces me to register to be able to simply
> comment in a post

Have you been reading my replies, or just skimming them?  I (and others) have said that storing commenters in the wp_users table with a role of "commenter" would not require registration or login in order for someone to comment. The user experience would be (almost) identical to what it is now.

> | Commenters as users make perfect sense.  It opens up the ability to
> | have pages for each commenter showing the posts they've commented
> | on, and more.
> 
> You can do that using email as index, since ATM users already use their email as an indentification basis for their (Gr)avatar

Yes, but not nearly as elegantly.

> just create a plugin for it


Sure, but then you don't get said pages nicely themed with the off-the-shelf themes most people are using these days.

3rd party themes almost never come with templates for obscure plugins.  But themers often theme all functional aspects of WordPress core.  This is something that would benefit from themers attention and thus for a developer and not a designer it is something I very much would like to see themers add to their themes.

> | Honestly, having the ability to have a person categorized and tagged
> | would solve real worlds needs for most sites I've been involved with.
> 
> force them to register to be able to comment then

You are not listening...  I have not suggested that anyone be required to register in order to be able to comment (that'd be foolish, in most cases.)  

However, your comment above was conflating two discussions; storing comments in wp_posts and storing users in wp_posts.  

> | One major site that I developed was a NASCAR sponsorship site for a local Fortune 100 company.  Had
> | users been in wp_posts of type "user" (or better,  "person") then each team member could have easily
> | had their name, bios, "fun facts" using custom fields such as favorite food, favorite TV show, first car, etc.
> | and tagged with various attributes like "driver", "pitcrew", "manager", "enginetuner", etc. Having
> | "people" as accessible as "posts", "pages" and other custom data types would open up WordPress'
> | usefulness even more.
> 
> That's a great idea and I'd love it. But would you use wp-posts JOIN wp-postmeta for login, rules, permissions and security matters?

Maybe; that would be up for discussion.  I was just proposing it for the idea and if adopted the community would figure it out.
> 
> I'd rather hook an action upon user creation, which would automatically create a custom typed post, and design a profile page where 
> he'd fill his profile, which would be stored in his post's metadata, and have the "post" filled automatically.

The downside there is you have to maintain parallel synchronized records.  Not a huge issue, but they can get out of sync when exporting or in other edge cases. But when you look at it there really isn't a need for a separate user table, a user is just another type of content.

OTOH, I can see the downside of deprecating wp_users. Still, if I had a option I'd prefer to move them to wp_posts.

> | If Grandma can type a comment in a post box she can handle a dialog
> | that points how she has been inconsistent and asks her what to do. Or
> | we can simply put up with the inconsistency by storing it in post_meta.
> 
> but... if we are gonna deal with same users having different names, emails and urls... isn't it better if we don't store these data 
> in 2 or 3 metadata rows for many comments... why don't we simply add 2 or 3 fields to wp-comments table and bind user data to each 
> comment?

This debate is circular.  Yes, any of those things can be done.  But why have the extra tables when the core wp_posts table works so well for it and adds all the features that is adds?

BTW, I didn't say different emails, email would be the PK.

> | I bet if you can survey the top 25 high traffic blogs on WordPress
> | that haven't already implemented similar custom user/commenter 
> | functionality most would prefer commenters be recorded as users
> | because of the additional user engagement opportunities that would 
> | provide them.
> 
> This need can be solved with a plugin with a new wp-commentators table, and linking each comment to its rows.

What can be solved with a plugin?  I didn't specify anything other than to say that I believed (and we could survey) high traffic would not be concerned about adding "bulk" to the wp_users table and instead would prefer  the "freebie" benefits that would come with having all commenters in the wp_users table.  My guess is they wouldn't be concerned about growing there user table by the amounts that would be required. Yes I could be wrong hence if "bulk" is the reason not to we should ask the people it would affect the most if they care about said bulk.

> Currently registered users? Add a field to wp-commentators that FK wp-users, or simply the plugin uses wp-users and gets the 
> responsibility for it.

Adding a wp_commenters table would not be smart.  That reminds me of QuickBooks with separate Vendors and Customers which is truly a nightmare when your vendors are also your customers (which is exactly how a business I ran for 12 years operated.)  Having multiple tables for people is just a bad idea, period.  I have too much painful experience to ever want to go through that again without putting up a serious fight.

> 
> From: "William Canino" <william.canino at googlemail.com>
> | Guys, let's not fret about the security implications here.  Any
> | blogger who wants this is already using the  "Only registered users
> | may comment" feature.
> The problem is that the original suggestion was to take wp-comments's comment_author, comment_author_email and comment_author_url 
> fields off the table, and use its user_id field to point the commentator's account at wp-users. And have it into core! That's 
> something freting about! :P

You fret, I rejoice.  

> | With better tools to enable and encourage comments (which this could be the base of), there might be
> | fewer one time commenters...
> 
> I doubt it. Most visitors my sites have come from Google, searching for a specific subject which my article talks about.
> 
> When I used to follow Google Analytics I saw that very very few ppl came back, and even ppl that comment criticizing my articles 
> come back to see my answer.
> 
> Once they are gone, they are gone, unless they bookmark it to come back or are spammed to remember about it. They are not coming 
> searching for a new yorkut or youtube to "live" and interact, they are just searching for a text to read some of its parts.

Then you are not doing a very good job of creating a loyal readership, you are just being SEO opportunistic, not a great long term strategy as content farms work to capture more and more SEO traffic (see http://www.readwriteweb.com/archives/content_farms_impact.php)

Sorry but your current traffic pattern isn't a reason to limit use of best practices in the core. 

> But don't take me wrong, I'd love a plugin with more features related to commentators. As long as I'm not forced to share my 
> wp-users with them :P

Other than superstition I haven't heard a reason from you why having commenters in wp_users is bad.
And it's not commentators, see http://dictionary.reference.com/browse/commentator.

> I understand some sites wanna have users account and stuff, but some sites also don't.

Commenters don't have to appear in the default user list in the admin, so why is it a problem?  We store things in a database where they make the most sense and then create a UI that makes the most sense; one does not have to drive the other.

> | > I'd really not feel confortable having commentators sharing the same user table I use, with a little
> | database query being enough to
> | > let they do anything they want
> |
> | How does a record in a database make a site less secure?  It's only less secure if the site enables them to
> | login using that database record which by default should be disabled, right?
> 
> But... why use wp-users if they won't login?...
> If it's just a matter of "the same commentator should always use the same name, email and url, so I don't want these data being 
> duplicated, I want them stored in their own table and just FK them to each comment", then wp-users is really not the best place to 
> do it.

By putting commenters in wp_users you get to use wp_usermeta to allow you to start storing information relevant to commenters, i.e. cached_avatar, last_comment_date, number_of_comments, twitter_screen_name, facebook_url, linkedin_url and whatever else some plugin wants to add about a commenter. The new authors template becomes usable for commenters.  And all plugins for users with a tiny bit of tweaking (or none at all) become usable with commenters too, i.e. "Bind user to category", "Users to CSV", "Extended User Profile", "User Theme", etc.

Note that wp_commentmeta relates to a comment, not to a user so it isn't he equivalent of wp_usermeta. 

> Because wp-users is ... to store data from users that are *more than guests*,
> that should be remembered when they come back, and that potencially can
> have their account promoted to a bigger rule in the site.

By whose decree?  The point is that AFAIK there isn't a defining requirement that the wp_users table be for "more than guests"; why should it be?  That's what you've believed it to be and that's what you prefer it to be (because it's been that way thus far?) but it doesn't have to stay that way.

> What's the problem with that? 2.9.2 as I remember was released to fix a security
> bug related to sites that let commentators have accounts...

Good thing they fixed that bug then, problem solved. ;-)

> Nice, if that's not a concern, leave wp-comments alone, with each comment storing
> its commentator data, and with Wordpress dealing with cookies so that this data is
> remembered when he comes back wanting to make another comment.

I don't care about the space, I care about the newly enabled functionality.
> 
> I thought the original need behind this idea was to shrink space from wp-comments
> with not duplicating data from the same commentator :P

But not my reason for supporting the idea.  Next...

> I hate multiply and blogging sites like that. I google something, am thrown to a post
> on a blog on it, wanna comment, and they want me to register. And have a blog there
> so I can comment! And the incredible thing is that there are ppl blogging there! Even more 
> interesting is that most of those bloggers, are old aunties, something like Betie we're talking :P

On this we can agree today. :)
> 
> But... your client is paying you to do what he wants. Your job is to identify wrecking ideas
> before they are implemented and warn your client about it. If he insists, it's his responsibility :P 

Actually, my client (Interactive Agency) was paying me to implement what their client (local Fortune 100) wanted. My opinion on that project never made it to the big client because my client only wanted to do what their client asked for, nothing more. OTOH, they paid me well, and the site doesn't have many commenters so, whatever.

-Mike


More information about the wp-hackers mailing list