What are we going to do and why?
Before we get started, let’s have a closer look at what we will be doing, and why. Our users can interact with the web site, and they can have their own blog. Apart from this, there are very few provisions for the users to tell everyone else about themselves, and expand their profiles with something more personal. With a site like ours, it would be useful to know more about our users including:
- Their pet dinosaur’s name
- Breed of dinosaur
- Their pet dinosaur’s birthday
- The dinosaur’s hobbies and so on
- Their web address (if they have one)
- Location / City / Area
- More information about the user themselves
This can be added to user profiles using the Profile module, which is a core module within Drupal, and simply needs to be enabled and configured.
Many web sites allow users to upload an image to be associated with their accounts, which could be either a small photo of themselves, or a small image known as an avatar. Drupal allows this, but it has some drawbacks which can be fixed using Gravatar. Gravatar is a social avatar service, whereby users set up their avatars, and other web sites automatically pick up their avatars by sending a request to the Gravatar service with the users’ emails. This is convenient for our users, as it saves them having to upload their avatars to our site, and reduces the amount of data stored on our site as well as the data being sent and received from our site. This module needs to be downloaded, installed and configured for our users to make use of its features. With the upload module enabled, users can upload their own avatars directly to the site, if they choose to do so. This is because not all users would be members of Gravatar, nor would they all wish to sign up to a third-party service.
With the rise in the number of web sites and social networks that users of the Internet are members of, having to log in to different web sites on a daily basis can put off users if they have to sign up to another web site. OpenID helps prevent this as users need to remember only one username and password. It works by allowing users to login by providing a web address, instead of their usernames and passwords. This web site is their identity with an OpenID provider (maybe it is their own web site or another social network—MySpace and other social networking web sites are OpenID providers). When they log in with these identities, they will be taken to these web sites to log in before being returned to our site. If they have already logged in into their OpenIDs, they will return to the web site as new users. More information on OpenID is available from http://openid.net/. This is a core module which just needs to be enabled.
There are two important points to be noted about OpenID. Firstly, it is decentralized, which means log in details are not tied to a specific provider, and secondly, it is offered as an alternative log in method—users without an OpenID (or those who don’t know they have an OpenID!) can still log in or sign up as normal.
Users have their own blogs which they can use, but they are not personalized blogs. By installing the blog theme module, we can allow our users to select different themes for use in their blogs. This way, visitors to one particular user’s blog (for example ‘Bob’) will see the theme that Bob chose.
Once users get to know each other more, they become more interested in each other’s posts and topics, and may wish to look up a specific user’s posts and contributions. The Tracker module allows users to track one another’s contributions to the site. This is a core module, which just needs to be enabled and set up.
Now that we have a better idea of what we are going to do, let’s get started!
Install the modules
To make things easier for us, let’s install and enable all the relevant modules first. This saves us having to do this again and again at a later stage.
The modules which we require are:
- Profile (a core module)
- Tracker (a core module)
- OpenID (a core module)
- Gravatars (http://drupal.org/project/gravatar)
- Blog Theme (http://drupal.org/project/blogtheme)
We need to download the relevant modules (ensuring we download ones which are compatible with Drupal 6.x), and extract the ZIP files into the /sites/all/modules folder.
As we have not downloaded and installed any new modules on our Drupal installation yet, we will need to create the folder modules within the /sites/all/ directory. The reason there are sites/all and a sites/default directories is because Drupal can support multiple web sites running off one installation, and this defines which modules are available to which of the installations. Core modules are located elsewhere, which is why we don’t have a modules folder already in this location containing the core modules.
Now all the modules just have to be enabled via the Site Building | Modules section of the Administration area.
Users, roles, and permissions
Let’s have a more detailed look at users, roles, and permissions and also how they work.
These are all areas of the administration area, within the User management section.
The other options within this section (Access rules, Gravatar, Profiles and User settings) will be looked at later in this article.
When a visitor signs up for our site, a user account is created for him/her. From the Users area, we can view a list of existing users, create new ones and edit them. Within the context of editing a user, not only can we edit their details, such as their usernames or passwords, but we can also suspend their user accounts or delete their user accounts permanently from our social network.
We want our site to become popular, which means that we want to have lots of users. When we get lots of users, it will become more difficult to navigate through their list, and this is when searching, sorting, and filtering them come in handy—which is what we are going to look at now.
For each user, the user list displays:
- The username
- The status of the user account (active or blocked)
- Roles associated with the account
- Length of time the user has been a member for
- The time passed since the user was last active on our site
- A link to edit the user
Viewing / searching / sorting / filtering
Clicking the username will take us to their user profile. We can sort the list of users by clicking the heading in any of the columns to sort the list by that column. One particular use of doing this is that we can see all blocked users, ????so we can quickly reactivate an account should we need to, or see who the newest members are.
We can also filter the accounts displayed using the Show only users where panel.
This allows us to filter the list based on whether the account is active or not, or against specific roles assigned to users.
Creating a user
At the top of the users page, we have the Add user link.
This takes us to the new user page, where we are required to fill out the Username, E-mail address, Password, and Confirm Password again for the user. We can also opt to notify the users of their new accounts, which will send them an email informing them that they have a new account with the Dino Space social network.
To edit an account, we just need to click the edit link which corresponds to the account, which takes us to the edit page.
We can edit the user’s Username, E-mail address, Password, account Status and settings pertaining to modules, which give users additional settings too.
If you edit these settings, the users may not be able to log in to their accounts. If you change a user’s Username without his/her request, you should let him/her know through email.
Suspending / blocking a user
Within the edit page, we have an option entitled Status, which can be set to either Blocked or Active.
This would allow us to block a user from accessing our site, for instance if they had been posting inappropriate material repeatedly, even after being contacted and asked to stop.
Why block? Why not just delete?
If we were to just delete a user who was posting inappropriate material, or doing something we didn’t want, then he/she could just sign up again. Blocking the user prevents him/her from signing up with the same email address and username. Of course, he/she could sign up again with a different email address and a different username. But this helps us to keep things under control.
Deleting a user
At the bottom of the edit user screen, there are two buttons: Save and Delete.
The Save button will confirm and save any changes made to the user’s account, and the delete button will permanently remove the user from our social network.
When to delete a user
A user may request to be removed from the web site, in which case, we can use this feature.
Users are grouped into roles, which in turn have permissions assigned to them. By default, there are two roles within Drupal. These two roles are:
- anonymous users
- authenticated users
These roles can be edited, but they can neither be renamed nor deleted. This is why the Operations column in the table below is locked.
The anonymous user role is the role for any user who is not logged-in, and so the permissions associated with it are those which a guest user has. Whereas the role of an authenticated user suits all those users who are logged-in. Additional roles which are added can apply to any number of users. At this stage, we must select which users have which roles assigned to them. Users can change their roles and get more active within the network with features such as Organic Groups, but it is out of the scope of this article.
Editing the permissions of a role allows us to select which permissions are granted to users who have that role assigned to their account. New roles are simply created by entering the name of a new role into the text box and then clicking the Add role button and selecting the permissions to be granted to those users.
The Permissions section provides us with a grid view for roles and the permissions assigned to them. All the permissions which can be granted are listed down theside (for example, create blog entries) and the roles along the top. The use of this view, if we were to install a new module with new permissions related to it, is that we could easily update all of our roles to have the desired permissions directly from the grid view.
The Save permissions link at the bottom of the page saves the changes made.