[wp-hackers] "commenter" user role
john.wp at onolan.org
Sat Mar 6 01:37:43 UTC 2010
It's not an important consideration so much as an annoyance /
inconvenience. I hate system emails at the best of times - and the one
mentioned would just be a pain.
Is there a reason why we couldn't just write the name to the DB once,
and then ignore the "name" field in the future if the email address
already exists in the DB?
On 6 Mar 2010, at 01:11, Mike Schinkel wrote:
> On Fri, Mar 5, 2010 at 11:29 PM, John O'Nolan <john.wp at onolan.org>
>> I like the idea - but unsure of email notifications, I for example
>> frequently leave comments with the same email but with different
>> either John, JohnONolan, or John O'Nolan - I (personally) would
>> find it
>> annoying if this triggered notification/verification emails.
> Just curious, but why would you/is it important to be able to leave
> comments with different names? Seems weird behavior to me, but
> maybe I just don't understand the rationale.
> On Mar 5, 2010, at 4:39 PM, scribu wrote:
>> On Fri, Mar 5, 2010 at 11:20 PM, Stephanie Leary
>> <steph at sillybean.net>wrote:
>>> Wouldn't that be a subscriber, essentially? It would just be a
>>> matter of
>>> creating the user when they comment.
>> In terms of capabilities, yeah, it would be identical to a
>> subscriber. It
>> remains to be seen if there are any technical reasons for adding a
> On Mar 5, 2010, at 5:53 PM, Aaron Jorbin wrote:
>> 1: A number of the security holes over the history of wordpress are
>> user escalation issues. By registering everyone who ever leaves a
>> comment, you are opening up a number of sites to these. While
>> an up to date installation is obviously the best route, restricting
>> registration is not a bad policy.
> Almost all related security concerns can be addressed by giving
> people with a role of commenters no login rights unless the admin
> has enabled creation of user accounts (actually, the rights should
> be changed to "allow commenters to login.")
>> Would you allow anyone to walk up
>> to your home computer and create an account?
> Sure, if the default account gave them no rights other than to login
> to a highly restricted sandbox.
>> 2. This would be a pretty big change. Up until now you had to
>> explicitly allow open registration. What you're proposing is
>> that option from site admins. I don't think the core should remove
>> restrict options.
> Nope, you are assuming one change without other correspondingly
> intelligent yet simple changes. See above.
> On Mar 5, 2010, at 5:44 PM, Otto wrote:
>> Commenters aren't users, they're commenters. They read it and they
>> leave comments. Whether their user data is real or not is irrelevant,
>> as I see it.
> What is a "user", really? Isn't a user merely a human that
> interacts with the site? Any other definition is merely one
> person's individual preference.
> The wp_users table is the perfect place to keep track of all humans
> that interact with a site and/or that the site needs to track (i.e.
> "actor"s in a "movie", "player"s on a sports "team", etc.)
> Commenters as users make perfect sense. It opens up the ability to
> have pages for each commenter showing the posts they've commented
> on, and more.
> All else that would be needed would be to create an optional
> automatically generated and related record in wp_posts. Or
> (godforbid!) deprecate wp_users and move users to wp_posts of
> post_type "user" (he says as he braces for the howls of
> Honestly, having the ability to have a person categorized and tagged
> would solve real worlds needs for most sites I've been involved
> with. One major site that I developed was a NASCAR sponsorship site
> for a local Fortune 100 company. Had users been in wp_posts of type
> "user" (or better, "person") then each team member could have
> easily had their name, bios, "fun facts" using custom fields such as
> favorite food, favorite TV show, first car, etc. and tagged with
> various attributes like "driver", "pitcrew", "manager",
> "enginetuner", etc. Having "people" as accessible as "posts",
> "pages" and other custom data types would open up WordPress'
> usefulness even more.
> On Mar 5, 2010, at 6:18 PM, Aaron Jorbin wrote:
>> What about a site that gets 100 comments per post, and 20% are one
>> time commenters? After 50 posts, there are now over 1k users. And I
>> think it would take at least two fields. Both nicename and
> Modern database systems like MySQL are surprisingly adept at
> handling 1000 records. Actually they don't generally have a problem
> until 3 or 4 orders of magnitude records beyond that.
>> That's a vastly different migration, as it didn't really affect
>> While developers and power users would know what's going on, what
>> about when Grandma goes to comment on the latest picture of little
>> Matty and enters Grandma Bettie instead of Grandma B that she
>> previously used. We've just now added an extra step for a user who
>> should have a very simple experience.
> Grandma Bettie can just pound sand.
> Okay, just kidding. ;-) Seriously though, I don't see why you'd
> even need to notify Mrs. Bettie of anything. If she changes her
> name after the first comment just store than alternate name in
> post_meta; same with any other comment fields. You could also
> provide a popup that asks if Grandma wants to replace her old name
> with the new name and only send the email if he says yes.
> If Grandma can type a comment in a post box she can handle a dialog
> that points how she has been inconsistent and asks her what to do.
> Or we can simply put up with the inconsistency by storing it in
> On Mar 5, 2010, at 6:30 PM, Brian Layman wrote:
>> With the trends for linked social communities being what they are and
>> with remembered social app auth needs, the desire for registered
>> is going to go up.
> I bet if you can survey the top 25 high traffic blogs on WordPress
> that haven't already implemented similar custom user/commenter
> functionality most would prefer commenters be recorded as users
> because of the additional user engagement opportunities that would
> provide them.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers