PHP-Nuke is about web communities, and communities need members. PHP-Nuke enables visitors to your site to create and maintain their own user account, and add their personal details. This is usually required for them to post their own new stories, make comments, or contribute to discussions in the forums. Those annoying little tasks like managing lost passwords are also taken care of for you by PHP-Nuke.
User accounts can be created in two ways:
- By the super user (that’s you)
- By the user registering on your site
The second method involves a confirmation email sent to the user’s email account. This email contains a link for them to click and confirm their registration to activate their account (this needs to be done within 24 hours or the registration expires).
Once a visitor is registered on your site, the gates to enjoy the full glory of your site will be thrown wide open. Visitors, or users as you could now call them, will be able to contribute to discussions on forums, add comment on posted stories, even add their own new stories, as well as access parts of the site that are off-limits to the ‘riff-raff’ unregistered visitor.
Ingredients of a User
Every user requires a certain amount of information to uniquely identify them in PHP-Nuke. There are the usual three things required of every user in PHP-Nuke:
- A nickname: This is an alias or username if you like. This identifies who the user is, and is their online identity in PHP-Nuke.
- A password: This is required to verify that the user is who they claim to be.
- A valid email address: This is where the confirmation email is to be sent.
Once the user account is created for a user, the user is of course able to modify their details, and also view the details of other users.
Information such as the URL of the user’s own website, messenger ID (MSN, AIM, and others), their location, and interests are also part of the user ‘profile’, but are not compulsory.
By default, the real email address of any user is never made public, for both security and to prevent harvesting by spammers. Users can specify a ‘fake email’ address, possibly in spam-obfuscated form (for example, address_at_mydomain.com) which will be displayed to other users, although this is not required. A user’s privacy is always protected.
Setting Up a New User
User management starts by clicking the Users icon in the Modules Administration menu:
Clicking on this icon brings you to the User’s Administration panel. This panel consists of two mini-panels, Edit User and Add a New User , whose use is given away by their titles.
We’ll start by setting up a new user. Our user will imaginatively be called testuser.
Time For Action—Setting Up a New User Manually
- If you’re not at the User’s Administration panel, click on the Users icon in the Modules Administration menu.
- In the Add a New User panel, enter testuser into the Nickname field.
- Enter Test User into the Name field.
- Enter your own email address into the Email field.
- Scroll down to the Password field. Enter testuser as the password.
- Click the Add User button. When the page reloads, you will be taken straight back to the administration homepage.
What Just Happened?
We created a new user. For this simple user, we only specified the required fields Nickname, Email, and Password, and provided a single piece of personal information, Name. Failing to specify the required fields will mean that the user is not set up, and you will be prompted to go back and add the missing fields.
No email notification is sent to the user when the user is set up in this way, and no confirmation of the registration is required. As soon as you click Add User, provided all the required fields have been entered, the user is ready to go.
Editing the details of a user is equally easy, but you do have to know their nickname to edit the details. Simply enter this into the Nickname field of the Edit User panel, select Modify from the drop-down box and click Ok! If you have taken a sudden dislike to a particular user, enter their nickname into the Nickname field and select Delete from the drop-down box, click Ok! and they are gone forever (the account, not the person).
Subscribing a User
Once a user has been created, you have the option to subscribe this user. We mentioned the idea of Subscribed Users in earlier articles; it’s a mechanism for restricting module access to specific groups of people, such as fee-paying customers. There is only one group of Subscribed Users in PHP-Nuke at present, so once a user has a subscription, they are able to access any module restricted to Subscribed Users only.
The option to subscribe a user is not available when you create the user manually, as we did above. To find the option, you have to edit the user’s details. This is done by entering their username into the Edit User panel, selecting Modify from the drop-down box, and clicking on the Ok! button.
The subscription options are near the bottom of the user details, underneath the newsletter option. The Subscribe User option does not refer to ‘subscribing to’ the newsletter; you sign up the user or remove them from your newsletter mailing list with the Newsletter option. The Subscribe User option makes the user into one of the site’s elite, a Subscribed User.
If you subscribe the user, then you must specify the Subscription Period. This is the length of time that the user remains subscribed, and ranges from 1 year to 10 years, in yearly increments. If you leave the Subscription Period at None then the user will not be subscribed.
Once a user has been subscribed, you can change their subscription details from the same panel:
You can unsubscribe the user, or extend their subscription period. To shorten the subscription period, you would have to unsubscribe the user, subscribe them again, and then set the new period.
Subscribed users are reminded of the passing of time and the impending expiry of their subscriptions when they visit the Your Account module—we’ll further explore this module later in the article:
Time For Action—Registering as a User
This time we’ll register to create a user account as a normal visitor would. We’ll call the user account userdude. If you do not have your mail server set up, then you will just have to follow the text and screenshots for now. The confirmation email sent by PHP-Nuke is a key part of the registration process, and includes a special link for the visitor to click to activate their account. Don’t worry though, when your site is live on your web hosting account, you will undoubtedly be able to access a mail server.
- If you are still logged in as the super user, logout by clicking the Logout icon in either of the administration menus, or click the Logout link in the Administration block.
- If you are still logged in as testuser, logout by clicking on the Your Account link in the modules block, then click the Logout/Exit link in the navigation bar that appears:
Alternatively, you can enter the logout URL directly:
- You will be redirected to the site homepage. Now click the Your Account link in the Modules block:
- Click the New User Registration link. This brings you to the New User Registration panel. The top part of that panel is shown here:
- Enter the Nickname of userdude.
- Enter your own email address into the Email field.
- We are going to use userdude for the password as well as the nickname. If you think of another password at this point, enter it instead. Then put the password into the Re-type password field as well.
- Click the New User button. You will come to the final step of the registration process:
- Click the Finish button.
- Open up your email client, and log in to check your mail. You should find a mail with the subject New User Account Activation waiting for you. It will be from the email address you specified in the Administrator Email field in the Site Configuration Menu. The body of that email will look something like this:
Welcome to the Dinosaur Portal
You or someone else has used your email account
firstname.lastname@example.org) to register an account at the Dinosaur
To finish the registration process you should visit the following
link in the next 24 hours to activate your user account,
otherwise the information will be automatically deleted by the
system and you should apply again:
Following is the member information:
- Click the link in the email, or copy the link and paste it into your browser, and you will be taken to the New User Activation page where you will see a message of the form:
userdude: Your account has been activated. Please login from
this link using your assigned Nickname and Password.
- Clicking on this link takes you back to the User Registration/Login page of the Your Account module, and you can use your nickname and password to login.
What Just Happened?
You just created a new user account. The page for logging in is the homepage of the Your Account module. We’ll talk more about this module in a minute; as you could guess, it handles everything to do with ‘your’ user account.
If the visitor is not logged in, they are presented with the login panel when they visit the Your Account module page. From here they can enter their nickname and password to log in, or click the New User Registration link to register a new user account, as we did.
For visitors that have forgotten their password, clicking on the Lost your Password? link will take them to a screen where they can enter their nickname, and an email will be sent to their registered email address containing a confirmation code, a random-looking 10 digit string; with this code they can have their password changed. A new, random password is generated and emailed to them. PHP-Nuke never stores raw passwords in its database, so it can never reveal any password. With the new password, the user can log in and change their password to something easier to remember.
The registration process for the user is straightforward; they only require a nickname, a valid email address, and a password. There are certain rules, however, that are followed by PHP-Nuke:
- Only one occurrence of an email address is allowed on the system; if someone uses an email address that belongs to another user account that address will be rejected, and the user will have to choose another.
- Only one occurrence of a particular nickname is allowed as well; the system will check the uniqueness of the nickname before creating the account.
After the visitor clicks Finish on the final step, the user account is created. Following that, the confirmation email is sent to the email address. If the email address specified is invalid, or not the visitor’s email address, then that visitor will have to create their account with a new email address. If the user doesn’t mind being embarrassed, they can contact the site administrator, or wait 24 hours for the account to be deleted from the list of ‘waiting to be activated’ accounts, and then try again.
You will notice that the link to activate the account contains the URL of your PHP-Nuke site:
It is very important that you have configured your Site URL option correctly in the Web Site Configuration menu (we saw this in Aritcle 4). If you haven’t done that, then the activation link will point to the wrong site!
The check_num part of the URL is what identifies the unregistered visitor to the system. When the visitor registers his details, PHP-Nuke stores them in the database along with the check_num value. When the visitor visits the above link, PHP-Nuke will check the value of check_num against the values stored in the database, and if it finds a match, it will move that visitor’s details to the proper users table in the database, and remove them from the table of visitors waiting to confirm their registration.
That’s all there is to creating user accounts. It is possible to turn off the registration, so that only the administrator can create accounts. If you feel the need for this, you can read more about it in the PHP-Nuke HOWTO:
That section of the PHP-Nuke HOWTO also has a number of other user account hacks that you can make use of.
Graphical Code for User Registration
PHP-Nuke enables you to add a security code to the login or registration pages on the site. The security code is a small graphic with some digits, and is shown under the password fields, along with a textbox for the visitor to type in the digits from the graphic.
The point of this device is to prevent automated registrations; without typing the correct digits into the Type Security Code field, the submission will not be accepted. The digits displayed in the image are not part of the page HTML, and the only way for the digits to be read is to actually see them when they are displayed on a monitor.
Use of the security code is controlled by a setting in the file config.php in the root of your PHP-Nuke installation. (This was the file in which we made some database settings in Article 2.) The setting to change is the value of the $gfx_chk variable. By default, it looks like this in the file, which means that the security code is not used:
$gfx_chk = 0;
The config.php file itself has a description of the values for this variable as seen in the table:
Effect on the Security Code
Security code is never used.
Security code only appears on the administrators login page (admin.php).
Security code only appears on the normal user login page.
Security code only appears for new user registrations.
Security code appears for user login and new user registrations.
Thus to have the security code appear only at the administrator login, you would set $gfx_chk to 1 and then save the config.php file:
$gfx_chk = 1;
For the graphical code to function properly, the GD extension will need to work properly with PHP on the web server. The GD extension takes care of drawing the graphics, and if this isn’t functioning for whatever reason (possibly it’s not installed), then the graphic will not be displayed properly, and it will be impossible to determine the security code. In that case, you will have to change the setting in config.php to remove the graphical code.
If you are running your site on a web hosting account and the graphical security code is not being displayed when it should, then you should contact your host’s technical support to find out if there is a problem with the GD extension. You can tell if the GD extension is installed by using the phpinfo() PHP function. Open a text editor and enter the following code:
Save this file as phpinfo.php in the web server root (xampphtdocs). When you navigate to that page in your browser, a number of PHP settings are displayed, including the status of the GD extension:
If you do not see a table like the one above on the page, or if it does not say enabled next to GD Support, then contact your host’s technical support. The XAMPP package we install in Appendix A has GD installed and working.
Seeing Who’s Who
Log in to your site as the super user and activate the Members List module (deactivated by default). After activation there will be an additional option available in the Modules block called the Members List module, which provides anyone able to view this module with a list of the registered users:
Clicking on the username will bring up a view of that user’s profile:
This is only a view of the user profile, and it is not an editable form. You will notice the word Forum in the above screenshot. The user profile displayed here is actually the user profile from the Forums module (and note also that the Forums module needs to be activated for this screen to be seen). You will also notice that the name of the site is wrong—it says MySite.com, which is not the value we set for our site name. This is because the Forums module has its own set of configuration settings. We will see how to set these in Article 8. Also note that the Members List module takes information from the Forums module configuration settings.
The Forums module is a complete application—phpBB, one of the best pieces of free, open-source forum software around—integrated into PHP-Nuke. One aspect of the integration is the shared user account—the user account you create for the PHP-Nuke site also functions as a user account on the forums. As a user, it is possible to work with your details in two places in PHP-Nuke—from the Your Account module and also from within the Forums module.
Although there are two views of information, and two places to edit your details, there is still only one user account. At the moment, the Your Account module offers more user details than are found in the Forums module, such as newsletter subscription information.
The integration between the PHP-Nuke user account and the user account for the Forums module has gradually become tighter over the versions of PHP-Nuke, and they are likely to ‘converge’ further in future versions of PHP-Nuke.
Once a user account is created, and the user has logged in, a whole new world opens up to them.
The Your Account Module
The Your Account module is a visitor’s space. The visitor is guided round their space by a graphical navigation bar as seen below:
Before we look at each of these links, let’s mention what else is on the front page of the Your Account module:
- My Headlines: The user can view a list of headlines from an RSS news feed of another site. The user can select from one of the headline sites that we saw in the previous article, or enter the URL of the site directly.
- Broadcast Public Message: The user can enter the text of a public message to be shown to all current visitors of the site. We’ll look at this in a moment.
These two features are not always displayed; their display is controlled by options in the Web Site Configuration menu that we’ll see in a moment. However, the user is always able to see their Last 10 Comments posted and their Last 10 News Submissions on this page.
Returning to our discussion of the links in the navigation bar of the Your Account module, we’ve already seen what the Logout/Exit link does; it logs the visitor out.
The Themes link takes the visitor to a page from where they can choose one from the list of themes installed on the site.
We’ll look at the Comments link in detail in the next article; it leads to options for viewing and posting comments on stories.
Note that when you are logged in as the super user, the Your Account module displays another panel called Administration Functions. This panel allows you to modify certain details of that user. We will talk about these in the next article and meet them in their natural context.
Editing the User Profile
The Your Info link takes the user to their user profile. We saw some of the options here when we looked at creating the user manually. These options are generally for personal details (name, email, and so on), newsletter subscription, private message options, and forum configuration, among others. The options themselves are straightforward. A number of options in the user profile correspond to forum profile options, and don’t particularly affect the user outside of the Forums module.
After making any changes to a user profile, the Save Changes button needs to be clicked to save these changes. Note that the Save Changes button is not the button at the very bottom of the user details page—the Save Changes button is above the Avatar Control Panel:
The button at the bottom of the form is marked Submit , and is only active when the options in the Avatar Control Panel are enabled.
The Avatar Control Panel seen at the bottom of the user profile contains an interesting option. An avatar is a small graphic, representing you as an online character. You can choose a graphic from the already existing library by clicking on the Show Gallery button next to the Select Avatar from gallery option:
Clicking on this button brings up a selection of little images for the user to choose from. Simply click on the required image and this will be assigned to the user profile:
Clicking the Back to Profile link will return you to the Your Info page.
The library of images you just saw can be found in the modulesForumsimagesavatarsgallery folder of your PHP-Nuke installation. If you want you can add in more images here, but make sure your image is a GIF file, and that it isn’t more than 80 pixels wide or 80 pixels high.
Your Account Configuration
The Your Home link provides some options for configuring Your Account further:
From this panel, the number of news stories displayed on the homepage of the site can be controlled. Remember, this setting only applies to you—and only when you are logged in.