Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have an app where users can by virtual products.
The relationship between users and products is many to many.
So there is 3 tables:
When a user successfully buys a product, the product is attached to the user.
But now i have a new challenge:
We sold some virtual products outside the system. So now for each purchase made outside of the system, i need to give the user access to the purchased products.
The thing is: the majority of these users dont have an account yet. The only thing i have is their email.
What could be the best solution to attach products to a user that doesnt exist yet?
Is it a good practice to add an email column on the pivot table, and make the user foreign key nullable? This way i can attach products to emails, with no need to the user being registered yet. But i read some topics saying this is not a very good practice in terms of database.
Other solution i thought was creating another table, like gifts, with columns like gifted_email, product. And when the user registers and login, a query is performed to the gifts table, and if theres any new gift to the user email, attach the product.
Any help is appreciated!
I agree that a foreign key should never be allowed to be null.
One way is to add a column to the users table called invited or something like that and if that column is not null the user hasn't yet logged in but is invited to join your site.
So when a user orders the fake product outside of the system you can add the user to the users table set the invited to something other than null and then you can connect the product to the user.
@Tray2 This is the route that I would go, and have done in the past. Usually I'll go ahead and create the user model using a randomly-generated password and their email address provided. Then like Tray suggested, adding some kind of column called invited or verified as a boolean.
You can then add this to your user model so that when you query users, only 'real' users will be returned, instead of these 'fake' ones.
@aschmelyun thats a good solution. But were using our own idp for users registration / login.
If we create users with predefined emails, when they actually login, how can i know it will work?
create a user for every one that needs one and attach user to their products. Give them a random unknown password and tell them they need to use reset password to access their account
Please or to participate in this conversation.