Best Practices for Non-loggable Accounts

Question

I am wondering what the best practices are for creating non-loggable accounts. On StackOverflow, there is a Community Wiki account that I'm assuming can't be logged into.

How should I go about scripting for non-loggable accounts? If there is an account that I don't want to be accessible, should I set parameters like you can't log into accounts with IDs less then 0? Or should I just manually define the IDs that cannot be logged into in the configuration ID? or is there a better way?

Answer 1

To me you should use a flag in the account data, in order to set or revoke the logging capability.

This capability can be enforced with a query at sql level quite easily.

A query like:

select wathever from user where loggging=1 and user="aUser" and passwd="password"

can do the trick.

Answering your comment: Maybe using a colum appears not efficent to you but you have to consider the pro:

• You have the information about your users in a single layer, not scattered around beetween database, configuration files, or wathever

• You can revoke or grant the logging capability to any account without having to modify configuration files

Answer 2

You can set a "flag" on your user table:

loggable      int(1)       default 1

Then you can check on your script:

//... data retrieve login ...
if($userRow['loggable'] == 1) {
    //User can login, do stuff
} else {
    //Tell him that he can't login
}

Answer 3

Add a "loggable" field to accounts. It's scalable in case you end up having lots of non-loggable accounts.

Answer 4

You could make an empty password be non-loggable.

To extend Eineki's SQL:

select whatever from user where loggging=1 and user="aUser" and
    passwd="password" AND passwd IS NOT NULL