I've gone through a few versions of unique identifiers for users over the years.
Originally, I just used an URL-encoded version of their username. But Google didn't like that, some nonsense about PII when the username was their email address.
Next I encrypted their username to base64; eg, "csdude55" became "Y3NkdWRlNTU". Google liked it, but it's impossible to remember so no one could say "visit my page at example.com/Y3NkdWRlNTU".
Next I used a number, just an autoincrement for each user. But I didn't like it, saying "example.com/123456" still isn't pretty or memorable.
So now I'm creating a new unique identifier, based on the username. First, know that the only restriction on usernames is that it must contain at least 1 letter.
Step 1, convert the username to lowercase.
Step 2, split the username by @ and drop everything including and after that first @; eg, "csdude55@gmail.com" becomes "csdude55".
Step 3, convert [^\w-] to -, then remove duplicate - and opening/trailing -.
Step 4, look in the database to see if what's left is already claimed. If so, add a "1" to the end (or increment the last number) and try again until it's unique. So if "csdude55" already exists, it will try "csdude56" and so on.
So far so good on this, with one issue.
I have a few usernames that look like:
123456@gmail.com
When I strip the @gmail.com away, then convert the [^\w-], then strip the opening / trailing -, there's nothing left!
I'm not going to allow this in the future, but I still have to deal with a handful of existing accounts that have a similar format.
I can't make an exception and just allow "123456" as their identifier, because then it would conflict with whomever was "123456" when I used the autoincrement number as the identifier.
My next thought was to make an exception to the @gmail.com part, and make it:
123456-gmail-com
I also thought about making it phonetic:
onetwothreefourfivesix
or maybe:
one-two-three-four-five-six
What do you think? Is there a better option I haven't considered?
