What's the conventional wisdom on custom tables/package for end user login?

Hi all,

Question for those in the know.

I am pondering a site requirement that will require login / user info support for disparate groups, i.e. end customers, contractors, retailers.

Each group may need to be able to log into different portals on the site. I don’t need them to have or be part of user groups and I really want them not at all attached to the MODX user table/backend or permission system. I would really prefer this table/tables to be entirely portable and disparate.

While I can technically see my way forward for developing all of this, I just wanted to see if anyone here has any guidance for making it manageable. Or any reason it should be avoided?

Broad strokes I know - appreciate any wisdom.

Use the MODX Login package and MODX users (and resource groups to hide parts of the pages) is my wisdom.

Why?
Isn’t this exactly what the MODX user table is for? Granting access to restricted resources.
Why reinventing the wheel?

“customers, contractors, retailers”. These sound like user groups to me.

I suppose my hesitation is in what may be required for some of these groups. Some of the membership/management may actually be delegated or shared by third parties. We support some very large retailers and there may be some integration with their systems required. I could easily see locking down or isolating information on some other mechanism if it was not attached. Along with this, some of these third parties may require some specific data security as far as how personal user info is stored/managed. I haven’t explored this last possibility fully - but again, some are rather large companies and I just want to plan this out fully and account for some of these possibilities.

It is also concievable that the management of these external users will occur via frequent bulk delete/mass import - like weekly or monthly. The idea that this could simply be a table truncate/re-import leads me to see the benefits of that automation process.

As soon, as you need login and maybe different permissions, I would allways go with MODX users.

It is allways possible to connect your custom table to the MODX users table by user-id.
Just store/duplicate the minimal information needed into the MODX user table.
Custom Login is possible with a plugin at OnWebAuthentication, if needed, but you will need the user with permissions in the MODX users table.

1 Like

Here is a nice article by @bobray, how you can bypass the MODX Login
Bob’s Guides | Bypassing the MODX Manager Login I (bobsguides.com)
this idea also works well for web login

1 Like