Topics

Anahita Atrium

Anahita Atrium's Topics

Peter Armenti

May 19 2010

Usernames & Profile URL's

1) Do you plan on sticking with username vs email address for login?

2) Are you planning on nice URL's for profiles example:

http://demo.anahitapolis.com/peter-armenti

instead of

http://demo.anahitapolis.com/profile/person/5442

I think this is very important for profile centric social communities, especially if you are hoping that people will use their profiles to promote themselves. All the current platforms provide this so I'm just curious. I only just realized today that this is missing here thus far. The new phpfox v2 even allows someone to change their username (limited to once or a configurable amount of times - or by admin approval only).

These little things can be very important to the users so just thought I'd ask. #anahita #social #networking #engine

1. not sure. usernames are quite handy. In many cultures around the world people wouldn't want real names publicly displayed.

2. Yes, we will have nice urls (I like the name "nice urls") those are last min touch ups :) system partially supports that concept, except that Joomla htaccess seems to have issues with having dots within usernames. We'll find a way.
Andy Nash
Andy Nash
September 30 2010 Permalink
Another way of doing this would be to create or use a separate (external to Anahita/Joomla) short url service (like bit.ly), using your own custom domain, which could be the domain of your site. Using a hostname such as [people/groups/events].yourdomain.com would ensure usernames didn't clash with website directories (assuming your site is www.yourdomain.com).

You could also register a dedicated domain for this if a short url was a priority.

That would only create user-friendly links for people to post elsewhere however.

This could be taken further by integrating such a service within Anahita core or as an extension, which would allow such 'friendly' profile URLs to be catalogued and listed in search engines.

Some might want to restrict this feature to members who have been active and contributed, so that the user who registers 'john' is not the first john, but the most deserving john...

Such a short url service could serve a dual purpose and be used both for usernames, and also for shortening urls in status updates/blogs/profiles/discussions for mobile users, as Facebook do with fb.me links, or when a link is over a certain length. This can help with branding too, when such content is syndicated via Twitter/FB/blogs...

This idea seems to be catching on at the moment, and I think friendly profile links and url-shortening are complimentary features, even if they appear separate at the frontend.

For example:

http://fb.me/321jn23 or http://fb.me/mycustomlinkname
for shortening urls
http://people.fb.me/andy or http://people.facebook.com/andy
for friendly profiles

I built http://cycolo.gy very quickly using Phurl which works well, but I'm still ironing out wrinkles and adding some missing features (multiple domains, using Google safe browsing API, amongst other things). Happy to share my code, or you could grab the original Phurl code from them.
Rastin Mehr
Rastin Mehr
October 05 2010 Permalink
@Andy Very good suggestions, thank you!
Andy Nash
Andy Nash
May 24 2011 Permalink
fyi, I using the email as username plugin that James suggested, and have used the language files to rename login fields etc. If a user uses their username anyway they will get in of course, but it will just be 'unsupported' in case it gets removed later.

At the same time I have renamed the username field on account creation to 'Profile Name' in anticipation of using it as part of the 'friendly' profile URL.

I've not implemented that yet, but I am anticipating it being a simple matter of URLs like http://friendly.url/profilename resulting in a lookup of the username field by the webserver (there's an Nginx add-on that can do this with MySQL/Drizzle), or some sort of rewrite.

Obviously something different is needed for groups and events as they don't have usernames...

I've thought of a potential security issue btw - a profile URL could possibly be used to determine the existence of a real username that can be used to login, so at some point I think I'll need to find a way to disable username logins, unless the social engine incorporates this feature in a different way...
Andy Nash
Andy Nash
May 24 2011 Permalink
Even simpler - there is already a username for every user, and I'm not using it as they can log in using their email. Its already possible to map a username to an actor id, allowing you to build the URL, as all that info is in the DB, so it just needs the right query and no new table is required.

Its considered security best practice to avoid making obvious links between a user's public or semi-public information on a website and their username. With most sites this is not an issue as they use email addresses, and people only provide their email to people they trust. With Joomla/Anahita, its fine at the moment, but if you used the username for the profile URL and still allowed it for login, that link would be obvious to anyone. So I think username login would need to be disabled - probably a simple modification to the AWO email plugin some of us are using now.

Its not really anything to do with the actor id - more that if I decided to attack your account specifically, then today i have to figure out your username, and then your password. If I know your username, that makes things significantly easier :-)

And of course if someone wants to attack a whole site, then it will allow them to dictionary attack 1000 accounts that are known to be present, rather than have to guess usernames first which might need attacks on 1,000,000 accounts (most a waste of time) to have the same result.

Its security through obscurity in a way, but still important I think...
Dominic
May 24 2011 Permalink
For me I MUST be able to use only usernames on sign up and login due to the nature of my site. Jomsocial currently uses vanity urls linked to Joomla's SEF settings so a user can set their vanity url IE mine would be mysite.com/profile/dominic .... I'm presuming that the small part of Anahita that uses joomla has 'lost' the feature to turn on SEF in Joomla, thats a shame as its already their and working. Once you've set up mod_rewrite

To stress for me I mustn't have real names displayed OR be accessible ANYWHERE...
Andy Nash
Andy Nash
May 24 2011 Permalink
Just to be clear, what I have described above is simply what i am doing given that today friendly profile URLs (I prefer friendly to vanity ;-) don't exist.

There's no suggestion that the ability to log in with a username be removed (though I suspect the majority of sites would like the option to move to email instead as an additional option). In any case email login for now is something to be handled by extensions not provided by Anahita so either way you're safe :-)

I very much doubt that my solution would be the right one if such a feature were introduced in Anahita itself - for all sorts of reasons - but it works for me, and may work for others, without modifying the core, while remaining flexible enough for me to change should Anahita support this in a different way later on.

Regarding SEF URLs, as I understand it, Anahita does support SEF but only in certain locations due to design decisions Ash/Rastin have made - I think performance was mentioned. There is a discussion somewhere else on that - personally I think there is room for expanding the addresses where SEF is used and I got the impression it wasn't ruled out, but its probably best any discussion of that happens on the other thread (it will be in the Social Engine group or Atrium I guess).

@Dominic Totally unrelated, and purely out of curiosity, why is it you can only use usernames? I am aware that your users will not want to expose their real identities in any way, but I can't think why that precludes them logging in with an email rather than a username as that is something they do in complete privacy, and the site will have their email addresses anyway? Maybe I'm missing something obvious :-)
Dominic
June 04 2011 Permalink
Some of my users wouldn't even want to have a box to enter their user names as many of my users are living an 'alternative' lifestyle in secrete away from their family friends or work colleagues... I'd hate to be in a scenario like facebook..for us anonymity and what information is displayed or not at all points including registration is V important
Arash Sanieyan
Arash Sanieyan
September 12 2011 Permalink
Hi Scott,

before we used to store the node URLs but we don't know. it's automatically created by the node itself. I've started cleaning the database from the uncessary fields or renaming the fields for better names. I think for the nice URLs we'll be using the unique_alias field or just the alias field.
Kostas Pappas
Kostas Pappas
September 12 2011 Permalink
in my opinion, the best way is to create plug in and collaborate with 3 major sef engines for joomla sh404SEF - joomsef and AceSEF - but before we need to check names when a user create a new account - check the stick names if exist etc,etc - and will be sure that we not have double records over the links! and also leave the web master to choose how to show the web page links..etc...

;-)
Rastin Mehr
Rastin Mehr
September 12 2011 Permalink
Wrong group for this conversation guys ;)

Powered by Anahita