Member management lies at the heart of building any engaged, interactive community. In this tutorial we're going to give a brief introduction to how it all happens in BoltWire.
Actually, in BoltWire 7, we completely changed how our membership system works. There were two reasons for this.
First, member management is notoriously hard: confirming emails, sending password reminders, securing sensitive data, and more. So to help ensure your success, we've decided to build more of these functions directly into the core. BoltWire could do it before, but you had to set up a lot yourself.
Second, my own site, which runs on BoltWire, has grown to well over 15,000 accounts. Long ago, I was forced to change my membership system to accommodate that many accounts and still run smoothly. I want your site to be able to scale successfully too. So essentially, I'm importing the system I've been using for years right into the core.
There are two ways for members to register accounts. The first is for users to simply enter a member id and a password. This is the approach used when registering your initial admin account. You can allow other members to create accounts this way as well, or you can use it to create accounts for a limited group of members on their behalf. It's quick and easy, and BoltWire has been doing this for years.
It's often better, however, to create accounts around email addresses. This gives you the ability to communicate with your members directly. But it also introduces some added complexity. So BoltWire 7 now has an option to switch to this approach right in the core. You do need access to your webhoster's email server to send those confirmation emails, but we've got a helpful tutorial on how to enable email accounts? which breaks it down step by step. Our advice is to make this switch as early in your site creation process as possible.
As you might expect, the account registration forms are completely editable, with either system. Which means you can easily collect other user information when they register and store it in their user profile if you wish. Or you can use our built in profile page in the Account Area to collect information later. That form is fully customizable as well, based on your needs. Look for a link to it once you are logged in.
Member data is now stored in a specially protected "accounts" folder on your server in a format somewhat similar to a database. This speeds up access and better secures the data. And if you prefer to use an actual database, our new system makes that transition simpler too. I won't go into the mechanics of how it all works here, but you can read up on it in our tutorial on Membership Data?.
Once your accounts are created, it's a simple matter for members to login and logout. They just use those actions, and they are good to go.
In addition to making it easy to create accounts, BoltWire makes it easy to organize your members into different membership groups. Basically, you create a page like group.editor or group.chessclub and list all the member ids on that page that you want to be in that group. As you might guess, BoltWire has built in actions to easily add members to groups. It can also be done automatically based on certain actions or conditions. And you can even create forms that allow members to join or drop groups themselves.
BoltWire has several built-in groups you should know about. First, anyone on your site, logged in or not is in the "guest" group. Once they log in, they join a second group called "member". Third, members added to the "editor" group have elevated permissions, including the ability to create forms on BoltWire. This should be restricted to highly trusted members only, as forms are quite powerful. And lastly, members added to the "admin" group have the highest level of permissions--equal to the superadmin account with one exception: superadmins cannot lose their admin status by being removed from the admin group. Lastly, there's a special "owner" group, which is used internally to allow retrieval of a person's own profile information.
Beyond these built in groups, you can create any other groups you want and entirely customize a user's site experience based on their group memberships. You could for example create specific classes, with access to that class tied to membership in a group. You could add members to a group and send them some series of emails. Or you could create a partners area and limit access to those who pay a monthly fee. The possibilities are virtually limitless.
With a system as flexible and powerful as BoltWire, security is an important consideration. We've tried to simplify this, by centralizing basic site permissions on a series of authorization pages. To understand how it all works, you'll want to read our full tutorial on Site Security. But here's the gist of it.
Basically, BoltWire uses a page like site.auth.view to control who can view which pages. There are also auth pages to control edit access, retrieving various kinds of data, sending emails, and authorizing uploads. What's more, you can create your own auth pages and set them up however you want, right out of the box.
Auth pages consist of a series of lines that look like this:
Essentially, this means, members can view any page on your site unless they are otherwise restricted. Guests are able to view "welcome" pages. And "site" pages are only visible to editors and admins. If you wish, you can define settings for specific pages rather than groups of pages (just leave off the asterisk). And you can even set permissions for individuals members (just add their ids along with the groups).
We've tried to set these to common sense values for a community membership site, but depending on how you have things structured, you may want to review our settings and update them. Like everything else, it is simply a matter of editing the appropriate auth page.
There's much more you can do in terms of managing accounts, using groups, and controlling a user's access and site experience, that goes all the way down to customizing the exact text displayed on a given page for a specific user. But hopefully this high level overview will help you get the barebones of your site security in place.
All right, now that you've got our membership system figured out, let's look at how to put content on a page.
No comments yet...
To read more articles, or leave a comment, join our FREE community...