Tracking user activity
The name of this module is slightly misleading. It allows you to view the recent contributions of a user to the site.
One particular use for it, is that if one user found a particular user’s posts interesting (perhaps, they both owned troublesome T-Rexes!), they could view the user’s track page, and look for other contributions from that user which they might be interested in. This is only one way of interaction though, as opposed to two users interacting with each other.
Settings and rules
Within User management, we have three areas that we are yet to cover. They are:
- Access rules
- Gravatar
- User settings
Let’s look at these now.
Access rules
With the access rules, we can explicitly permit or prohibit certain usernames, email addresses, or hosts (computers) from accessing or joining our social networking site.
There are quite a few different reasons why we may wish to do this. Let’s take a look at a few specific examples:
- Disposable email addresses
- Perhaps all accounts originating from a free email provider should be blocked, except for one or two individual exceptions
- We may wish to prohibit swear words from our users’ usernames
Blocking email domains
To block an entire email domain such as pookmail.com or hotmail.com, we would create two rules, both with Deny as the access type and E-Mail as the Rule type, and then %@ followed by their respective domain names. The % character tells the rule to match anything that comes before the @ symbol
With an exception
If we want to block all hotmail.com e-mail addresses except our friend’s, [email protected], then we would create an allow rule for this account.
Preventing swear words in our user’s usernames
Creating rules with Username as the Rule type and the swear word (with a % on either side) will prevent such usernames from being registered.
Checking rules
The Check rules link at the top of the access rules page, allows us to check these rules by entering a username, email address, or hostname to see if that would be permitted or prohibited on our site.
Be careful!
If you add certain “bad words” with the wildcard (%) character on both sides, you can prevent some genuine signups; so this should be used only for extreme words.
User settings
From here, we can configure the registration requirements of our users, email templates used for new accounts and so on, and users’ picture settings.
User registration settings
We can determine what security precautions should be taken when a new account is registered. New accounts:
- Can only be created by an administrator
- Can be created by a visitor, but require administrator approval
- Can be created by a visitor without administrator approval and in addition to the previous two, require user email verification
Requiring email verification is a good idea. It is the very first and most basic method to help prevent spam and abusive user accounts. The User registration guidelines box can be used to provide some help for our users, and perhaps a link to some legal terms and conditions to help protect ourselves from liability.
User email settings
Users will often receive an email from our site automatically when:
- We create a new account for them
- They create an account
- They create an account which is pending our approval
- They request a new password
- They need to verify their email addresses
- Their accounts have been blocked
- Their accounts have been deleted
The User e-mail settings area allows us to change the contents of these emails.
Click on Administer | User management | User settings | User e-mail settings further down the page.
Selecting an email allows us to change the template. Within these templates, there are tokens that are replaced with specific information when they are sent, for example, the user’s username or a specific link. So it is important to ensure that these are still in the template. These variables are clearly defined when editing the template. They are all listed under the template name, each of them starting with an explanation mark, for example. !username for the username, !login_uri for the link to the log in page.