Tip request: users and user-generated content via front-end

[heldercervantes]

Hi all.

So after my first experience with PW on my personal site I want to try something bigger in scope.

I'm experimenting with a system that will allow users to register themselves, and then will let them create and edit pages. This will all happen in the front-end in a custom user area, not in the back-end.

So my question is: would it be best to register these users as regular users, or should I create them as pages and manage them as such? This second approach strikes me as safer, keeping the real admin area out of the equation, but I'd like to hear the thoughts of someone more experienced in PW.

Thanks.

[LostKobrakai]

While the current dev version allows for user templates to be distributed over multiple parents it's still a quite new feature and therefore can have some quirks. As every user of your site is already automatically represented as "guest" it's really not that safer to do anything. Users are users, what makes them a security issue is how much permissions you give them. What I can understand is, that mixing both types in a single list by default is maybe not the best, but with the new lister view it's easy to adapt this to only show registered members / only admins. With ListerPro it should even be possible to devide this in two different preselected lists.

[Nico Knoll]

I would create them as user with no permissions (or only custom permissions).

Advantage is that you can use user specific functions like $user->isLoggedin().

[Wanze]

I can also suggest you to use "regular" ProcessWire users. The advantages are that you have a fully role based access control system built in, login/logout functionality and all the security stuff you'd have to implement on your own. As Nico said, you can create custom roles and permissions. The only required permission is "page-view". To keep your users away from the admin area, you can write a hook that redirects them (e.g. based on a role/permission) to your frontend when they are trying to enter the backend.

[heldercervantes]

Thanks guys! I'll go for regular users then.

[qtguru]

I wanted to go for the regular user but it didn't make sense for me to do so, as I didn't want to want users in the backend, also as for my solution we already imported the users into pages with password so it was obvious taking the regular route was too late so what i did, was create a login that checks the pages for password. I created a Hook to change the layout to my Admin Backend and i was able to get an admin interface I simply used the Session to store the user id and once its gone it redirects to the login page. 

Also for the backend i created a Class to parse the Url Segment and call a similar method in a controller

e.g url1 is always the controller and url2 is the action and I default to a controller and an action. This works well for me as an AVID MVC adopter so its hard for me to change my pattern which is why i like PW it allows me create a flexible system.