Quick Sign up/login

Printable View

Oct 23rd, 2004, 12:34 PM
Magiaus

Quick Sign up/login

On the website I am working on we have a need/desire for a quick sigh-up/login. This is easy enough and I have one. It takes a e-mail address and password and puts it in my user table. THere are four types of users. The quick sign-up is only for one kind of user. When the user signs up using the quick method (there is another method where an employee sets up the acount) a problem is created.

There is Company information associated with a user, actually the user is associated with the company and one company can have several users on the site. The problem comes from the fact that we don't want the one company knowing about the other companies. There is some theroy about the companies ganging up on us or something. It's a security measure.

What I am thinking of doing is just creating a dummy company when they sign up and letting them fill in the information in the user settings area. But, this creates a posible violation of the security. How do I make sure I only have one company record for multi users without showing them company information that is in the db.

Meaning. What If they type in "Your Company Store" and there is a "Your Company Store inc."? This is fine if they are with your "Company Store inc.", I show the info they say yep that's me. But, if they happen to be "Your Company Store ent." or just "Your Store" or close enough to be LIKE they get to see information on other companies....

The worst part is the primary users of this section are in china and speak/read little english.

Anyone got any ideas besides lettting the company info be duplicated? I am also considering having an employee have to fill in the info for a quick sigh up. I don't know.

Thanks for any ideas.
Oct 23rd, 2004, 02:09 PM
jhermiz

Re: Quick Sign up/login

WHAT ?:confused:

What about constraints? Primary keys????

Seems like this is more a db problem than anything...
If I understood your question I'd answer, how about posting DDL or sample data ?

You can create primary keys, not allow nulls, and add unique constraints if thats what you're after.

If youre also worried about duplicates you have to present whats in the db first to the end user and then allow them to enter something in. Your DB constraints should not allow duplicates. If you are worried about "close" to being duplicates you will need to design another database with all possible entries and then do a LIKE query to see if the end user typed something similiar.
Oct 23rd, 2004, 02:59 PM
Magiaus

it is a db issue

the issue is that there is a company table. and a user table. the user table has a many to one realtion with the company table. The problem is I had to add this quick sign up thing and it broke the db and the way they want the site to work because of the need to cotrol who can see what.

One company can't see any information for another company but I have to find away to do this quick sign up withou break data integrity.

I guess I should have posted in db section... but it seemed like a web design thing to me because the quick front page register created the problem. It wasn't in the original plan. They just decided they want it.
Oct 23rd, 2004, 04:06 PM
jhermiz

To me
your company is not thinking correctly. If a user is dependant on a "site" or whatever you refer to it. Than your quick sign up feature NEEDS to encompass this thing. I dont think it is difficult at all and I dont see your problem. Of course you will have a problem by not allowing the user to specify where they are from, thats just plain stupid.

Add a ddl (drop down list / combo) in the quick sign up to allow the user to select a site where they are from. That way your save will encompass this. We have the same situation using a ClientID.

Jon
Oct 23rd, 2004, 11:00 PM
Magiaus

I agree it's the owners of the website who have the problem.
I'm probably just going to say to hell with thier parinoa and do this in the correct way but it's frustrating. They don't listen to me when I tell them about this type of thing. Or they don't understand about primary keys.

The system was design for users to be added by an employee.

It's hard to explain without going into the full details of the site and I can't do that. It works in a fashion like e-bay though, and then again it's not. There are four sets of users all working togethor in a process.

But, due to the nature of what the site is doing and the desire to have information only seen by one set of uses it's a bit tricky to do some of the things that have to be done to keep data integrity without comprimising the security they want and need.

I don't know maybe I designed a bad db and I should be so strict about this company info but the way the site is designed to work it is correct. The user isn't the key to the site the company is and the company doesn't relate to a website at all. We just happen to run our company using the web to exchange info and store it to the db.

When a employee sets up a user they simply select a company or create one. No problem. The problem comes with this sign up system and the desire to keep the chiniesse from seeing info about the other bidders. On the old site the Chinesse would work togethor to a degree to get the bid price high and then the would
disband thier friendship and bid down by 1 cent. This and the fact that a smart one could change the query string and see other bids caused money to be lost.

If you understand that at all you see the problem. A major part of my job is to keep them from doing this ever again. It's crazy they would apparently call each other and use the security flaw of the query string to keep the price high enough to make very good profit and only win by a single cent. I had 100% resolved this **** until they wanted this quick sign up because the chinnease can't get through the full sign up process where they have to enter in complete information.

The second problem. If I start getting data and popping it up again and saying is this your company. There is a chance they won't understand what is going on and want be able to get through the sign up.

I mean they could fill out a damn form with thier name and password and now I need them to put in thier name password and company? I doubt it happens.
I'll be getting hundreds of e-mails in chinnesse every day saying. "Web Page no work. I filled out form and it showed me three companys and want to know wich one I with...... I already told it. I with Chung Textiles, why it ask me if I whith Hung Textiles? I tell it I with Chung Textiles. Then when I login I see quotes for Hung Textiles. What is wrong with your webste. I with Chung Textiles 800,000 ceramic pot $0.75 cent each with pumpkin face. I make. Chung Testiles beat Hung Textiles $0.76 cent quote we make for you."

Are you seeing my problem?
Oct 23rd, 2004, 11:38 PM
jhermiz

Sorry,

That whole process is just wrong. Which idiots do you work for ?
Screw the chinese...or anyone else for that matter.
Do it the right way, even if they dont like it. Im sorry I dont have much more to add, because the system is a little strange if you ask me.

Jon
Oct 28th, 2004, 06:29 AM
Magiaus

the system is a little strange. I think I should have not tried to make the database so streamlined and strict though.

I did it right though and the chiniese are having trouble they can't get in. and the owner of the site freaked all out. I had to tell him look if the damn chiniese can't do it "YOU" are going to have to do it. You are driving me crazy with this just use your damn admin form to set the guy up.

the idiot made nearly three milion last year and I get a nice percent of that for building his website but it's a nightmare.

It's is in the top two for most frustrating jobs I've ever had. They want the benifits of the strict database rules and relations but they don't want to have to enter any data the are freak'n lazy bastards.

Thank god I'm almost done and I get my percent as long as they use the site.