Tracking user activity
The name of this module is slightly misleading. It allows you to view the recent contributions of a user to the site.
One particular use for it, is that if one user found a particular user's posts interesting (perhaps, they both owned troublesome T-Rexes!), they could view the user's track page, and look for other contributions from that user which they might be interested in. This is only one way of interaction though, as opposed to two users interacting with each other.
Settings and rules
Within User management, we have three areas that we are yet to cover. They are:
- Access rules
- User settings
Let's look at these now.
With the access rules, we can explicitly permit or prohibit certain usernames, email addresses, or hosts (computers) from accessing or joining our social networking site.
There are quite a few different reasons why we may wish to do this. Let's take a look at a few specific examples:
- Disposable email addresses
- Perhaps all accounts originating from a free email provider should be blocked, except for one or two individual exceptions
- We may wish to prohibit swear words from our users' usernames
Blocking email domains
To block an entire email domain such as pookmail.com or hotmail.com, we would create two rules, both with Deny as the access type and E-Mail as the Rule type, and then %@ followed by their respective domain names. The % character tells the rule to match anything that comes before the @ symbol
With an exception
If we want to block all hotmail.com e-mail addresses except our friend's, firstname.lastname@example.org, then we would create an allow rule for this account.
Preventing swear words in our user's usernames
Creating rules with Username as the Rule type and the swear word (with a % on either side) will prevent such usernames from being registered.
The Check rules link at the top of the access rules page, allows us to check these rules by entering a username, email address, or hostname to see if that would be permitted or prohibited on our site.
If you add certain "bad words" with the wildcard (%) character on both sides, you can prevent some genuine signups; so this should be used only for extreme words.
From here, we can configure the registration requirements of our users, email templates used for new accounts and so on, and users' picture settings.
User registration settings
We can determine what security precautions should be taken when a new account is registered. New accounts:
- Can only be created by an administrator
- Can be created by a visitor, but require administrator approval
- Can be created by a visitor without administrator approval and in addition to the previous two, require user email verification
Requiring email verification is a good idea. It is the very first and most basic method to help prevent spam and abusive user accounts. The User registration guidelines box can be used to provide some help for our users, and perhaps a link to some legal terms and conditions to help protect ourselves from liability.
User email settings
Users will often receive an email from our site automatically when:
- We create a new account for them
- They create an account
- They create an account which is pending our approval
- They request a new password
- They need to verify their email addresses
- Their accounts have been blocked
- Their accounts have been deleted
The User e-mail settings area allows us to change the contents of these emails.
Click on Administer | User management | User settings | User e-mail settings further down the page.
Selecting an email allows us to change the template. Within these templates, there are tokens that are replaced with specific information when they are sent, for example, the user's username or a specific link. So it is important to ensure that these are still in the template. These variables are clearly defined when editing the template. They are all listed under the template name, each of them starting with an explanation mark, for example. !username for the username, !login_uri for the link to the log in page.
From here, we can either enable or disable picture support. Let's enable it.
Gravatars are globally recognized avatars, (an avatar being a small picture used to represent a user when making comments or posts), and are very popular among blogs and forums, with many blogs and popular forum systems supporting gravatars. They enable users to use the same avatar across all socially-oriented sites they use, should they wish to.
After installing the gravatar module and enabling it, we need to go to the gravatar menu in the User management area and check the Enable gravatar integration box, and save the changes to enable the integration.
Once the integration has been enabled, the display preferences are activated, so we may configure the module (Administer | User management | Gravatar).
The configuration options include:
- Our preferred size of image (let's keep the default)
- Maturity filter (so we could prevent inappropriate images being displayed, very useful depending on the target audience of the site. For our site, we should be fine with the PG rating)
- Which image to use if a user does not have a gravatar
Now when a user goes to edit his/her profile, he/she are presented with an option to either upload an avatar (thanks to the User picture settings), or if their email address is a valid gravatar email address (that is, an email address used to sign up on the gravatar site), their gravatar will be used.
To ensure that profile pictures are displayed for our user comments and posts, we need to enable them within the theme. Click on Administer | Site building | Themes | Global settings. We enable User pictures in posts and User pictures in comments.
Now, if we have a gravatar set and we make a comment on some content on the site, our gravatar is displayed.
While the blog theme module doesn't allow our users to create a theme of their own, it does allow them some customization of their blogs, by allowing them to select which of the installed and enabled themes they can use. For this feature to work, we first need to enable some more themes on our site, because at the moment, we only have the default theme enabled.
We will look more at themes later in the book. For now, we just need to enable some. This is done within Site building | Themes in the administration area. We simply need to check the Enabled checkbox next to some of the themes.
Using the blog themes module
With more than one theme available, we can now select a theme to use for our blog, from the My account | Edit page. In this page, there is a section entitled Your blog theme configuration, where we can select the theme we wish to be displayed when a user visits our blog on the site.
Expanding on this feature
Why not invite your users to recommend new themes to be installed and enabled?
With the OpenID module enabled, the User login box is now slightly different. Beneath the standard Username and Password boxes, we have a link to Log in using OpenID.
If we click this link, the log in form changes to allow us to log in with our OpenID.
Try OpenID yourself
If you don't have OpenID, and want to try it out, you can download and install a PHP based single-user standalone OpenID provider system for your own personal web site from http://siege.org/projects/phpMyID/. Alternatively, you can sign up to an OpenID provider, such as http://claimid.com/, which does not require you to install software on a web server.
To log in with OpenID, we just enter the web address which is our OpenID, and click Log in
If this is the first time we are logging into the web site with our OpenID, then Drupal will need to create a user account for us. There are two scenarios following the first successful authentication of a user via OpenID. Either a new account is created, or we have a user already on the web site with that username, in which case, we would need to create a new account the normal way (via the registration form on the site) and then associate our OpenID with the account, if we wished so.
User already exists
When I logged in with my OpenID, I was unable to create an account because the username associated with my OpenID was Michael, which was the administrator account I had already set up. So I was presented with the following screen:
If this happens, our user would have to register an account with us manually, and then tie their OpenID details to their accounts, should they wish to use OpenID.
User does not exist
If the user does not already exist, then our user will be prompted to configure a new account.
If you change something and can't see the log in box, simply visit the log in page directly at /user.
Our social networking web site has now expanded to enable our users to customize their experience with the site, as well as make it easier for them to use. We have also looked in more detail about managing our users, the registration process, emails which are sent to our users, and how these features tie in together.
If you have read this article you may be interested to view :
- Drupal 6 Social Networking: Communicating with Users
- Managing Users and their Profiles in Drupal 6 Social Networking