FREELessons: 35Length: 7.7 hours

Next lesson playing in 5 seconds

Cancel
  • Overview
  • Transcript

3.5 The User Manager Component

The user manager component settings affect the front-end and back-end of Joomla. This component is integral to how Joomla works, so it’s important for anyone who wants to learn Joomla to understand it.

3.5 The User Manager Component

Hi guys! Welcome back to a Beginners Guide to using Joomla!, and in this lesson, we want to take a look at the user component and how it is configured under the system. So currently, we have the user manager and it is configured underneath the system. But currently, we can't actually find the configurations in the drop down menu. So what we have to do is go to global configuration, and then we can take a look at all of the list of the components that we have here. And then we can modify those settings. So, we have the user manager, which is second to last. And I can go ahead and click on that. And now we're looking at the system configurations for the user manager component. So the first option we have under the component tab is allow user registration. It's currently set to yes, which means, that if the public decides to go on to your website, like so. And then try to go to the login form. They can click this option. Don't have an account and it will show them a user registration form. They can fill out the details, so they can create their own account without an administrator having to create one for them. That is very beneficial, but you can disable that if you want to. On top of that, if you decide that you want them to be able to register themselves, you need to say well, as soon as the user has registered, so they've filled out all of their details here, what user group will they be, by default, assigned to? So by default, they're going to be assigned to the registered user group. Now be very, very careful with this, because if I set this to administrator. And then Joe Public can come on my website, they can fill out the user registration form, and they can become an administrator. That's very, very dangerous, we don't want that. So we're gonna set that back to registered. Now on top of that, you have Guest User Group. So with the Guest User Group, if they're not logged in, so if they are the Joe Public, how will they view the site? What group are they a part of? Well, you could say public, but in this case, we're gonna say guest. And, when we say guest, it just means that, that's how regular users, people that are not logged in, are gonna view the site and it's their permissions. Now, guest is extremely, extremely limited. It's virtually public. So that's why we're assigning it there. But it's just there, so you know. But again, you really don't want to make that administrator or anything like that. On top of that, we can say send to the password. So when a user registers and they fill out all of these details and hit register, if it's successful, what will happen is, they will open up their inbox, most people have this and they get an email that says thank you for registering. And in that email, you can choose whether to include the password that they've created or not. And this can be good for security reasons, so you can say no, don't include that in the email, because if somebody hacks into their email account, they'll be able to get the password. So that's entirely up to you. But typically, you would actually send them their password. Then also, you have a new user account activation. So as soon as the user's registered and set themselves up, what you can do is say none, so there's no activation. Now, this may be a problem because the Joomla! System will ask for an email address, and these two fields are required. And this is good, again, for the mass mail feature, where you can email your users. So, they need to provide an email address. But, if they don't have any activation, there's no proof that that is their email address. So, if you set that to none, there's no proof. But, you could set that to self. This means the user will receive an automatically generated email from Joomla! And in the email it will contain a link. When the user clicks on that link, it will activate their account automatically. So, they've confirmed their email address. Now this is great, but there's another option in there, which is admin. So with admin, what happens is, the user goes through the registration form, registers theirselves, and then, the user will receive an email, they click the link. And then, that sends a request to the administrator and then the administrator then needs to activate the account. So, it's up to you what you want to do, but most admins don't want extra work. And I certainly don't, so we'll leave that as self activating accounts. On top of that, you have notification mail. So current is set to no. But what that means is, all the administrators will receive an email as soon as there's a new user that signs up. So you can do that and it can be helpful. But let's say you get really popular and get a thousand users all sign up, you're going to get a thousand emails. That's not really that great, so I'm going to leave that as a no. On top of that, we have CAPTCHA. CAPTCHA is actually a plugin we need to enable, so we'll talk about that later, but CAPTCHA is very good for getting rid of spam bots that try to create dummy accounts and automatically fill out your form. And I know that some services that have got very popular, and haven't put CAPTCHA in place, have had really big problems with spam bot. So you need to be very, very careful with this. But however, it can be enabled, but we're not going to look at that right now. So next up we have the Front-end User Parameters, and I'll come back to this one because we have to log in on the front-end to demonstrate this, but we have the front-end language. So with the front-end language, you can say show that and save it, and what that means is when the user goes to the registration form, they actually get to select from the installed languages which language they like for the front-end. So again, it could be Arabic, Chinese, and so on and so forth. So this is really cool. But however, since we only have one language installed, I'll go ahead and hide that. Now for the next part, we're gonna need to login on the front-end, so let's go ahead and do that. I'm gonna go to the Author Login and I'm gonna login as the Test Manager. And then I'm gonna go to Edit Profile. So now, what I can do is edit my profile information, and I also have some basic settings down here, and that allows me to choose the default editor, change the time zone for my user, change the front-end language, back-end template style, and so on, and so forth. We've been through that with the user settings in the back-end. So we can change those settings on the front-end, if those parameters are shown. I could hide those parameters, and that means that, then the Basic Settings section will disappear, and we only have Edit Your Profile. Also, you have the username which by default is locked. So once you have your username set, it's set like that. But, what you could do is allowed the user to change it. So change the login name, yes. I can save it, hit refresh, and now the user has the ability to change their username or login name. Now, the rest of it is to do really with password security. So for example, we can set a maximum amount of password resets allowed within the time limit. So these two fields relate to one another. So what this means is, that a user can only reset their password ten times within one hour, and you can say, well, allow them ten password resets, in let's say, twenty four hours a day. So it's entirely up to you, but even ten password resets per hour is pretty abnormal. Also, you can set the minimum password length. So how many characters does the password, at least, have to have? So currently it's four and that's actually quite low. That's at the very bottom end, but you may want to increase that to increase password security for your users. But please don't go too crazy, going all the way up until mid 60s, 90s, and on, so on and so forth. That's a bit extreme. And you won't get very many users signing up to your service. On top of that, you can assign how many integers a password must have. So let's say, it must contain at least two numbers. Also we can say, well, how many symbols must this password require? So currently, it said zero, but I can say, it must require at least one symbol. That symbol could be an at sign, a hash, dollar, pound sign, but it must be some type of symbol. And then also you have the password uppercase minimum. So it must require at least one uppercase character. And so on and so forth. So that's just there to increase password security on your installation of Joomla! To help protect your users. So that currently is the component tab. Now, we want to move on to user notes history. So the first option allows us to activate or deactivate the storage of the history of the user notes. So whenever you create a user note, and then you keep on saving different versions, that saved in the history. The versions is the history. And so you can enable or disable that feature here because, maybe, you don't want all of those different versions adding to the storage size of your database. But I would recommend leaving that switched on. And then also, you can set the maximum amount of versions. So you can only have five versions before they start overwriting one another, unless, you've specifically said don't overwrite that particular version. On top of that, you have Mass Mail. Mass mail, again is very easy and simplistic, but what we can do is say, subject prefix. So let's say that everytime, with your subjects, you want the name of your site, so I'll say Joomla! At the front. So instead of typing that out everytime on the subject, what you can do is define a subject prefix here and then, when you define the subject, this will automatically be put in front of that. Also, you have the mail body suffix, which is like a signature in your mail, we have a nice little signature that says, kind regards and so on and so forth, so that's all interesting. And then, we have the permissions. So what I'm going to do, is target the task management user group, that's where our alternative account is. And right here, you can see that I've already gone in and allowed everything. So this is a really good way of understanding the permissions and actions, if you will, and that's allowing everything and then start denying certain things. And so you have limited your application becomes. So in this case, we have the Users component. So all of this is classed as the Users component. Everything in that menu is the Users component. So a component can be made up of lots and lots of different things, but they all relate together. A component can be on the back-end and it can also be on the front-end as you've seen. But however, let's start disabling some of the permissions. So, what I'm going to do is now, with the configure, I'm going to deny it. So that means, that this user group is now denied the configuration of this extension, because a component is classed as an extension, it's a type of extension, and so now, there's no configuration in this extension for this user group. Go ahead and save it and then we can take a look at what's changed. You'll notice that groups and access levels will disappear when I refresh, these are clusters configurations, so if you hit refresh and drop it down, you'll now notice that those two options have now disappeared. Because when you think about it, your user groups, they have a lot to do with the permission system, so that's like configuration. And secondly, you have the viewing access levels, which again is another configuration for the viewability of content on the front-end. So that option has also gone again. Now let's take a look at the accessing the administration interface. So this will allow access to this component in the back-end, not the front-end. So, it may be accessible in the front-end, but if it's not accessible in the administration interface, it means, it's blocked off from the back-end, completely disabled. So let's deny this and save it. And then we can hit refresh and now you'll notice, it's completely disappeared and now because I'm actually in that directory, right there. It's saying, you're not authorized to access this resource, this component. So let's bring it back, so that we can still have a play around with this component, and what I'd like to do now. And say create. And so you can't create anything within the extension. So for example, let's start denying stuff and save it. So we deny and create, so now when I hit refresh. You'll notice the New button is gone. But that's for the entire thing as well. So you have the Users, then you have the User Notes Categories. I can't create anything new there. I cannot create new User Notes. And let's go ahead and allow configured, and save that. So we bring back those options as well. Now you'll notice again with groups, I cannot create a new group. And I cannot create new levels, which is very, very problematic in some cases. In other cases, it's not. So that's what create means. Then also delete, so again, I can deny them access to delete anything within this component. So if I hit refresh and then let's say we go to User Notes. And we tick that and we say trash. It will go to the trash. But then, when I try to delete it. You'll notice I can tick this but the delete button is gone. I can try and say trash again. But obviously, that's not going to do anything. It's already in the trash. So, again, we can see there that I'm not actually able to permanently delete things out of the component. And that goes for everything else, such as users and User Note categories and all the rest of it. And then also edit. So you won't be able to edit anything within the component, so I can deny that for that user group. So now when I hit refresh, you'll notice the edit button will simply disappear. And finally we have edit state, which means, I can't send anything to the trash because that's editing it's state. I can't unpublish, I can't even archive and so on and so forth, so if I hit refresh now, all I can pretty much do is just view the information, I can't actually do anything else. So thank you for watching me in this lesson. And please join me in the next lesson, where we'll take a look at the menu manager component.

Back to the top