user data

dux

is it a good idea to keep usernames and passwords in the same table as extensive user data (country, description,visits, ip etc)?

ereptur

That really depends on personal preference. I prefer to keep stuff that the user cannot change in one table and stuff they can change in another. The only exception to my method is the password which the user can change, but is stored in the first table.

e.g.
users table
fields would include:
username
password
lastvisitdate
IPaddress

profile table
theme for customizing website
first name
last name

You get my drift.

dux

sure... it's what I've done in the past. I guess lazy thoughts entered my mind....

ereptur

oh yeah, I've been there before.

Once, I was thinking "why do I store an ecrypted user password along with the cookies, why not just use the user id".

Then my brother reminded me that if the user forgets their password, they would just have to forge a cookie with only their user id, which would lead to stealing other peoples accounts. WOW. can't believe I almost went to that.

Just a slip of the mind.