Chapter 10: Working with the User Manager 257 Blocking users The Super Administrator can block the access of any user. If you have a problem user or you sim- ply need to shut down an account temporarily, blocking access is the only certain way of keeping the user out of the system. Note Blocking a user only denies the user access to their account; it does not prevent them from visiting or viewing the site. To block access, follow these steps: 1. Access the User Manager. 2. Click on the user’s name to open the Edit User dialogue. 3. Beside the field Block User, click the option Yes. 4. Click either the Save or the Apply icon. Blocking a user does not delete the user’s account. If the issue with the user is resolved, the Super Administrator need only change the option Block User back to No, and the user’s account becomes fully active. Caution Blocking a user effectively can be difficult if your site allows user registration, because blocking one account does not prevent the user from obtaining a new account by re-registering under a new name or e-mail address. Creating User Registration By default, user registration is active in the Joomla! system. A site visitor can register and create his own account by clicking on the Create an Account link on the Login Form. You can use alterna- tives to the default approach, however. The User Registration settings can be manipulated by the administrator via the Global Configuration Manager. Using the Login module The Login module contains several elements: The login form itself, links to the Username Reminder and Password Reset functions, and a link to the Create an Account function. The latter is optional and can be de-activated, depending upon the settings in your Global Configuration Manager. Note the links below the form in the image, shown in Figure 10.6. Part II: Working with Content and Users 258 FIGURE 10.6 The Default Login Form module. Configuring user registration Although your Joomla! site has User Registration enabled by default, you can use several possible alternative settings. The default setting allows casual visitors to register, but access to the site is not automatic. After the user registers, the system sends a confirmation e-mail to the address entered during the registration process. The new user must then click on a link in that confirmation e-mail to validate and activate the account. Only after successful validation will the username and pass- word grant access to the site. By coupling the self-registration process with a validation procedure, site security is enhanced. The confirmation e-mail process helps protect you from automated registration routines, or from peo- ple who try to register without giving a valid e-mail address. The default approach to user registra- tion is commonly used and for many sites it is sufficient. However, if you are concerned about automated bots or spammers setting up accounts on your site, you should require a more rigorous registration process. It is possible to configure the site to use either more secure or less secure approaches to the registration process. Chapter 10: Working with the User Manager 259 To create a more secure registration process, you can remove the possibility that a user can create a new account without action on the part of the administrator. You can do this by completely dis- abling the ability of users to register on the site. Though more secure, this approach is also more inconvenient because you must rely solely upon a Super Administrator to create new accounts. To disable front-end user registration, follow these steps: 1. Log in to the back-end admin system. 2. Access the Global Configuration Manager by clicking the Global Configuration icon on the Control Panel, or by clicking the option Global Configuration on the Site menu. The Global Configuration Manager loads in your browser window. 3. On the Global Configuration Manager, click the System tab. After you click, the tab comes to the front. 4. In the section labeled User Settings, change the setting labeled Allow User Registration from Yes to No. 5. Click the Save icon on the toolbar when you are finished. If, on the other hand, you feel that your site can operate safely with a less secure user registration process, you can allow user registration without the need for the user to first receive and click on a link in a validation e-mail; this approach allows the user to access the site immediately after registration. To enable registration without confirmation, follow these steps: 1. Log in to the back-end admin system. 2. Access the Global Configuration Manager by clicking the Global Configuration icon on the Control Panel, or by clicking the option Global Configuration on the Site menu. After you click, the Global Configuration Manager loads in your browser window. 3. On the Global Configuration Manager, click the System tab. After you click, the tab comes to the front. 4. In the section labeled User Settings, change the control labeled New User Account Activation from Yes to No. 5. Click the Save icon on the toolbar when you are finished. The Username Reminder function As a convenience to users, Joomla! comes with a built-in Username Reminder function. If a user visits the site and has forgotten their username, they can click on the link Forgot Your Username? and then enter their registered e-mail address. If they have entered the correct e-mail address, the system will send the user their username by e-mail. The process is entirely automatic. The Username Reminder link is typically located underneath the form in the Login Form module. Note that this function only works when the user has correctly entered the e-mail address that is regis- tered with the account. Part II: Working with Content and Users 260 As an alternative you can create a direct link to the Username Reminder page by using the Menu Manager. To link directly to the Username Reminder page, follow these steps: 1. Log in to the back-end admin system. 2. On the menu named Menus, select the menu where you want the link to the Login page to appear. The Menu Item Manager loads in your browser window. 3. On the Menu Item Manager, click the icon marked New on the toolbar. The New Menu Item dialogue opens in your browser. 4. Click the option User. The option expands to list several choices. 5. Select the option named Default Remind. A new page loads in your browser. 6. Type a name for the link in the field marked Title. 7. Click the Save icon on the toolbar when you are finished. Note that the Username Reminder link is hard-coded into the Login Form module. If you display the Login Form module, you must also display the link. The only way to remove this link is to edit the module code to remove or otherwise hide the link. Cross-Reference Modifying the default modules is discussed in Chapter 24. The Password Reset function Similar to the Username Reminder function is Joomla’s Password Reset tool. An existing user who has forgotten her password can request the system to assist her with regaining access. Unlike the Username Reminder, which simply sends the data to the user, the Password Reset process requires additional steps. When a user clicks on the link Forgot your Password? a new page opens and prompts the user to input their registered e-mail address. If the address is input correctly, the sys- tem sends a verification e-mail to the user. The e-mail contains a token and a link to a page on the web site. The user must copy the token, and then visit the web page. On the web page, the user pastes the token into the space provided and clicks the Submit button. The system opens yet another page where the user enters a new password which can then be used to access the site. To create an alternative to the Password Reset function in the Login module, you can create a direct link to the Password Reset page with the Menu Manager. To create a direct link to the Password Reset page, follow these steps: 1. Log in to the back-end admin system. 2. On the menu named Menus, select the menu where you wish the link to the Login page to appear. After you click, the Menu Item Manager loads in your browser window. Chapter 10: Working with the User Manager 261 3. On the Menu Item Manager, click the icon marked New on the toolbar. The New Menu Item dialogue opens in your browser. 4. Click the option User. The option expands to list several choices. 5. Select the option named Default Reset Layout. A new page loads in your browser. 6. Type a name for the link in the field marked Title. 7. Click the Save icon on the toolbar when you are finished. Note The Password Reset link is hard-coded into the Login Form module. If you display the Login Form module, you will also display the link. The only way to remove this link is to edit the module code to remove or otherwise hide the link. Cross-Reference See Chapter 21 for more information on modifying the default modules. Creating a Login page The Login Form module is the most commonly used method for providing a login functionality for Joomla! sites, but it is not the only way; the Login Form can also be displayed as a page, where the form will be located in the main content area. To create a Login page, you can use the Menu Manager to create a link to log in by following these steps: 1. Log in to the back-end admin system. 2. On the menu named Menus, select the menu where you wish the link to the Login page to appear. After you click, the Menu Item manager loads in your browser window. 3. On the Menu Item manager, click the icon marked New on the toolbar. The New Menu Item dialogue opens in your browser. 4. Click the option User. The option expands to list several choices. 5. Select the option named Default Login Layout. A new page loads in your browser. 6. Type a name for the link in the field marked Title. 7. Click the Save icon on the toolbar when you are finished. Cross-Reference See Chapter 8 for a detailed discussion of the Parameters and other options available for Menu Items. Part II: Working with Content and Users 262 Redirecting users after login or logout It is possible to automatically redirect users to particular pages upon login or logout. This is a useful feature of the system that helps you channel users into particular content, or allows you the option to set up landing pages with content tailored to a user who is entering or exiting the restricted areas of your site. One of the most effective uses of this feature is to create a landing page that greets members upon login. The page usually carries a welcome message to site members and highlights what is new or being featured on the site. If you are using the Login Form module, the Login and Logout Redirection Page options are con- tained in the Parameters section of the Login Form Module Editing dialogue. In Figure 10.7 you can see both controls. To set the Login Redirection Page from the Login module, follow these steps: 1. Log in to the back-end admin system. 2. On the menu named Extensions, click the option Module manager. The Module manager will load in your browser window. 3. In the Module manager, click on Login Form. The Login Form editing dialogue opens in your browser. 4. Click the combo box control next to the label Login Redirection Page. Select from the list the page that you want the users too see. 5. Click the Save icon on the toolbar. If, on the other hand, you are using the Login page rather than the Login module, you must set this up in a different fashion: 1. Log in to the back-end admin system. 2. On the menu named Menus, click on the name of the menu that contains the link to your Login page. The Menu Item Editing dialogue loads in your browser window. In the right- hand column you can see the Parameters section. The Parameters (Basic) tab contains the redirection options. 3. Type the URL of the page you want the users to see in the field labeled Login Redirection URL. 4. Click the Save icon on the toolbar. Note The Login page option contains more flexibility than the Login Form module. Although the module restricts your redirection options to only the site’s sections, categories, and menu items, the Login page carries no such restriction — you can literally enter any URL you like, even that of another site or a page outside of the Joomla! system. Chapter 10: Working with the User Manager 263 FIGURE 10.7 The Login Form Redirection Parameters. Controlling Access to Content and Functionalities The essential reason for creating user groups is to control access to content and functionalities. As discussed at the outset of this chapter, the Joomla! system’s seven user classes are designed to give you varying levels of privileges; however, those user Groups do not dictate access to content or functionality. Controlling access requires an understanding of the Access Level parameters in Joomla! and how those relate to the user Groups. Default access levels Items can be assigned to any one of three access levels: Public, Registered, or Special. Table 10.1 shows how the access levels impact the users’ ability to view content and functionality. . the image, shown in Figure 10 .6. Part II: Working with Content and Users 258 FIGURE 10 .6 The Default Login Form module. Configuring user registration Although your Joomla! site has User Registration. default modules is discussed in Chapter 24. The Password Reset function Similar to the Username Reminder function is Joomla s Password Reset tool. An existing user who has forgotten her password. The e-mail contains a token and a link to a page on the web site. The user must copy the token, and then visit the web page. On the web page, the user pastes the token into the space provided