Site Admin User Guide

Please note: This is only made available where it has been requested and for specific types of applications.

6.The user manager

The user manager allows administrators (sometimes only those of the 'superadmin' type) to set up further users to the system, and edit and remove current users.

Again this works in the same way as the other sections. New users can be set up by clicking the add button and filling in the form. You can set up basic users and administrators here by specifying the type in the drop down box on the form. To set up administrators a further entry is required in another place - "admins". Here you simply select the user that you have created as an administrator and this will give them administrator priviliges. This extra step is simply an extra security precaution.

Regardless of the user type, all users must be assigned the basic credentials to allow them to log in - an email address, possibly a username if your site login is based on usernames, and password. The only other required field is the user type as without it the new user will not be able to log in to the site or admin section at all.

Users can be disabled (but not deleted) by setting the 'active' field to 'inactive'. This allows the details to be retained but the user cannot log into the system.

Whilst users can technically be deleted this is often not recommended. In the case of web sites which take orders or log user activity, removing a user entirely means there is no way to trace previous orders or activity to a particular user. Thus it is generally best to retain the record of the user. To resolve this a tick box titled 'delete user' recreates this functionality without actually deleting the record. Thus the user is completely invisible to the web site and also the administrator, but the record exists to ensure that any old records (such as the aforementioned orders and user activity records) still tie up to the users account even though that user is technically 'deleted'.

Setting Passwords

Passwords are dealt with in a special way as they need to be encrypted.

In the admin you can change your password by going to the User section of the menu, and selecting the "Change My Password" options. The new password you enter here will be automatically encrypted. Please note that encrypted passwords cannot be retrieved - you will need to set a new password if you forget it.

In order to generate a new password for a different user you should use the special 'generate password' function which is listed by the edit buttons on each row in the user list screen. This generates an encrypted password for that user, and additionally will email that user automatically with their new password should you wish to do so. Full instructions on this are provided on the 'Generate Password For User' screen when you get there.

Logging into the front end as another user

If your web site contains a login for general users on the front end, and for some reason you need to log into the web site as another user, a field in the user table called "Password Clear" can be used to enter a clear text password. This allows that user account to be accessed with a clear-text (non-encrypted) password without deleting the original password. After you have done whatever you need, you should return to the user's record and delete the clear text password from the record.

Deleting or De-Activating Users

In general deleting users is not permitted as it is not wise. If users are allowed to create articles or place orders, then that order or article which me be logged as created by a particular user will suddenly have no information about that user. Thus the preferred mechanism is to de-activate or "turn off" users if you wish to restrict their ability to use the site, allowing their basic records to remain intact.

The standard way to de-activate a user so that they can no longer log in or retrieve any information about themselves os to go into the users table, find the user you wish to de-activate, and edit their basic record. There is an option called 'Active' which can itself be turned off by simply unclicking the checkbox. Clicking it again at any time will restore all previous functionality.