Registration
I thought long and hard about how to do registration for ZAT. There are several reasons for needing people to register. One is just a practical matter. In order to implement groups or allow you to have friends, I need to uniquely identify the user so I can know what groups they are in and who their friends are. And it isn’t good enough to just remember what computer they are on with a cookie, since ZAT’s users are travelers, and travelers, well, travel — we want them to be able to access ZAT from many different computers around the world.
A secondary reason is for spam prevention. This website will be rating and promoting commercial establishments like restaurants, hotels, and other paying attractions, so we at least want to make it inconvenient for people to promote their own business excessively. For example, if you didn’t need to register to vote, someone could just sit there voting for their own B&B, in order to make it the most popular B&B in a city. This would destroy the value of voting in ZAT. Even ignoring fraudulent voting, a user might mistakenly vote for the same place more than once.
The bottom line is, ZAT needs to know who people are. But I also wanted to make it as easy as possible for people to sign up. So I had to think carefully about how to verify who people were. In the end, I decided to require people to enter an email address, and then I send them an email with a generated password. They can then use this new password to sign on and can change their password if desired.
I would prefer to skip the email verification process. Verification emails can get lost in the mail, or stuck in people’s spam filters, etc. As time goes by, I might try to get rid of the email verification, if it doesn’t result in any problems.
There were other decisions to make — should the site allow them to pick a password or generate one for them. For now, I’m generating a password, and I allow the user to change their password at any time. This does add a step for people who want a specific password, but it was convenient (for me) because it meant I didn’t need any other mechanism to verify their email address (a link for them to click on, etc.). And the same mechanism is used to let people reset their password, should they forget it.
I should mention that people can access and use slims without being registered or signed on. All information on the site will be freely available. But people must be signed on in order to vote, add comments, or submit new sites. And of course, they must be signed on in order to join groups.
–wm