Member management lies at the heart of building any engaged, interactive community. In this tutorial we're going to give a brief introduction to how it all happens in BoltWire.
Actually, in BoltWire 7, we completely changed how our membership system works, in a system we're calling mbase. There were two main reasons for this: security and scalability.
First, because your member profiles contain your most sensitive data, we wanted to take extra steps to secure that data. To do this, we've created a special process by which you can store member data in a protected accounts folder which can only be accessed through special BoltWire commands and functions. This means, there is no easy way to accidentally leave that information unprotected.
Second, my own site, which runs on BoltWire, has grown to well over 15,000 accounts. Long ago, I was forced to store my membership data on special info files, rather than as data in individual member files to keep things running quick. Now I've brought that basic system into the core.
Incidentally, this new approach makes it much easier to add hooks to store your membership data in a database, or some other location, like a crm. These options can make your site more secure and more scalable still! Anyway, here's how it all works (starting with 7.01).
Basically, when a person creates an account, they simply enter an account email and a password. This is the approach used when registering your initial admin account. They are then assigned a numeric id. (The first account is assigned the id of "admin"). Their email and password is stored in a special password file keyed to the member id. When they login, BoltWire looks up the id from the email file and then goes to that password file, and extracts that user's password. If they entered it correctly, they are logged in.
It's the same system quick and easy system BoltWire has been using for years except the information is just now being stored in a slightly different way. They now use an email to login. And their member id is automatically generated.
What if you want to collect other information about your members? Such as their real name, their email address, or their location? This is super easy to do using BoltWire's new mbase commands and functions--either at the time they login, after their account is created, via their own profile page, or at any point in their membership journey.
Basically, for each bit of information you collect, we set up a new info file, and store that information there, keyed to their member id. In other words, every members name is store in a name file, every members email is stored in an email file, every members country is store in a country file, etc.
This makes it possible to easily extract email lists or mailing labels for large number of members. Even creating a list of names becomes much faster. Rather than having to look up 1000 files to grab 1000 names, BoltWire just reads one file, and grabs all the names at one time. It also makes searching your data lightning fast. Basically, all your data is already indexed. And to backup all your data, is just a handful of files. Easy!
At the same time, because this information is not stored in your regular pages folder, and cannot be accessed except using our special mbase markups, you have tighter control over who can access that information. By default, admins can access all membership data, and members can only access their own information, and other members name and country. But you can fully customize even this on the new site.admin.mbase page.
You can explore all the technical details later, but the login and account creation forms have all been updated, and we've added helpful pages to the core distribution so members can update their own data, as well as a new section in the Site Admin area to make managing your member accounts easier. Everything is ready to go.
As usual, you can completely customize all of these forms in BoltWire, so you can collect and retrieve any member data you wish, and use it however you want but that goes a bit beyond the scope of this introduction.
The key thing to know is members can instantly join, and easily login and logout. And that your membership data is secure, and scalable.
I should add, I also added a slight change to the user account creation process. By default, new accounts, without a "title" (name) assigned to them, are forwarded to a member.new page where additional profile information can be collected. You can reset this start page by resetting mbaseNew to a different page in site.config. To disable this feature, and stick with numeric id's, set mbaseRequired to false.
In addition to making it easy to create accounts, BoltWire makes it easy to organize your members into different membership groups. Basically, you create a page like group.editor or group.chessclub and list all the member ids on that page that you want to be in that group. As you might guess, BoltWire has built in actions to easily add members to groups. It can also be done automatically based on certain actions or conditions. And you can even create forms that allow members to join or drop groups themselves.
BoltWire has several built-in groups you should know about. First, anyone on your site, logged in or not is in the "guest" group. Once they log in, they join a second group called "member". Third, members added to the "editor" group have elevated permissions, including the ability to create forms on BoltWire. This should be restricted to highly trusted members only, as forms are quite powerful. And lastly, members added to the "admin" group have the highest level of permissions--equal to the superadmin account with one exception: superadmins cannot lose their admin status by being removed from the admin group. Lastly, there's a special "owner" group, which is used internally to allow retrieval of a person's own profile information.
Beyond these built in groups, you can create any other groups you want and entirely customize a user's site experience based on their group memberships. You could for example create specific classes, with access to that class tied to membership in a group. You could add members to a group and send them some series of emails. Or you could create a partners area and limit access to those who pay a monthly fee. The possibilities are virtually limitless.
With a system as flexible and powerful as BoltWire, security is an important consideration. We've tried to simplify this, by centralizing basic site permissions on a series of authorization pages. To understand how it all works, you'll want to read our full tutorial on Site Security. But here's the gist of it.
Basically, BoltWire uses a page like site.auth.view to control who can view which pages. There are also auth pages to control edit access, retrieving various kinds of data, sending emails, and authorizing uploads. What's more, you can create your own auth pages and set them up however you want, right out of the box.
Auth pages consist of a series of lines that look like this:
Essentially, this means, members can view any page on your site unless they are otherwise restricted. Guests are able to view "welcome" pages. And "site" pages are only visible to editors and admins. If you wish, you can define settings for specific pages rather than groups of pages (just leave off the asterisk). And you can even set permissions for individuals members (just add their ids along with the groups).
We've tried to set these to common sense values for a community membership site, but depending on how you have things structured, you may want to review our settings and update them. Like everything else, it is simply a matter of editing the appropriate auth page.
There's much more you can do in terms of managing accounts, using groups, and controlling a user's access and site experience, that goes all the way down to customizing the exact text displayed on a given page for a specific user. But hopefully this high level overview will help you get the barebones of your site security in place.
All right, now that you've got our membership system figured out, let's look at how to put content on a page.
No comments yet...
To read more posts, or to leave a comment, join our FREE community...