Any website that provides services on the public network basically has a process of user registration and login.
Therefore, it is very necessary to design a complete set of registration and login functions.
1. Register
a. In order to prevent users from maliciously registering, the general registration needs to be the user's email address or mobile phone number, so that you can verify whether the email address or mobile phone number is real and belongs to the registered user by sending a confirmation link or sending a mobile phone verification code.
b. In order to prevent users who hold a large number of mailboxes from adopting the machine registration method, the registration page must have a manual input verification method, such as various types of verification codes.
c. In order to confirm that the email or mobile phone number entered by the user is owned by the user, it needs to be verified through the confirmation link sent to the email or the verification code in the mobile phone.
2. Login
a. Only registered users can log in.
b. In order to prevent users from malicious cracking, if the login fails for n times, the verification code needs to be displayed, and then the login fails for m times, and the user is locked for 1 minute. If it happens again within a certain period of time, the lock time can be gradually increased.
c. Integrate third-party login systems (WeChat, QQ, Weibo, Alipay, etc.), and third-party logins can be bound to registered users.
3. Status
According to the user's situation, it can be divided into the following states
a. Unconfirmed: Registered, but not yet confirmed.
b. Usually: the normal use state.
c. Temporary lock: a temporary lock due to user login failure.
d. Permanent account ban: Permanent account ban caused by the user's request or malicious behavior of the user.
Regarding the binding of third-party login and registered users, the internal implementation of the system is actually a user table and a user authentication table associated with it.
The user table saves the unique identification of the user, and the user authentication table is the user's various authentication methods, so there will be several situations.
1. The user first registers, logs in, and then binds the third-party authentication.
This situation is relatively simple, because the user in the user table is still the only one.
2. The user first logs in with third-party authentication, and then adds an email or mobile phone number.
This situation is similar to the above, there is no difference.
3. The user is also registered and logged in with third-party authentication, but they are not bound to each other.
This situation is more troublesome, that is to say, in fact, there are multiple user data in the user table. From the system, these are multiple different users.
So how to merge users is a big problem. Because this may involve an update of the association table, which can be tedious to update if the association table is not designed with this in mind.