Welcome to the Treehouse Community
The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.
Mike Baxter4,442 Points
Creating user account system, best practices—registration, login, etc.
I'm trying to figure out what the standard approaches and best practices are for creating user accounts. As far as Team Treehouse goes, it looks like there are two different approaches taught to creating a user account system. In the Database section there's a video on creating user accounts, which with some PHP could presumably allow you to make a page where users can create an account with a password, etc. (Obviously you'd want to find some sort of encryption method, right?) The other approach as far as I can tell is in the Ruby course under a section on Authentication (and very specifically designed for this purpose).
What I'm wondering is, if I want to build a site that has user accounts with a registration, login, profile pictures, etc., do I need to learn Ruby, or can I make this with PHP, MySQL, and jQuery? Perhaps a better question to ask is, if it's possible to do it both ways, is it advisable to go one route or the other? (And why?) Do developers typical have third-party solutions for security and encryption, or are these features built into the systems?
Veerle Deschepper2,623 Points
You can create such a system with every program language that allows you to store and retrieve user credentials safely (eg database). Depending on language/framework you have several methods to encrypt passwords built in.
building a basic authentication system is not that hard; al you need is some basic understanding how to save and retrieve data from the central storage system and to do so safely. When you need some advanced stuff like SSO, oAUTH, openID etc it gets a bit tricky but I guess your question stays on a more basic level.
I have build several authentication systems, with .NET and php, so feel free to ask! (hint: as far as .NET goes the worst you can do is using the build in membership. trust me it's ... just ... #@$ )