Register_XH - a CMSimple_XH Plugin

Please do read this documentation before you encounter any problems!

Important Notice

Register_XH couldn't be tested so far in various environments. It is a beta version. Use with caution!

Requirements

Register_XH is a plugin for CMSimple_XH. It requires a UTF-8 encoded version.

Installation

The installation is done as with many other CMSimple_XH plugins. See the CMSimple_XH wiki for further details.

1. Backup the data on your server.
2. Unzip the distribution on your computer.
3. Upload the whole directory register/ to your server into CMSimple_XH's plugins directory.
4. Set write permissions to the subdirectories config/, css/, languages/, logfile/ and the plugin's data folder.
5. Switch to "Register" in the back-end to check if all requirements are fulfilled.

Settings

The plugin's configuration is done as with many other CMSimple_XH plugins in the website's back-end. Select "Register" from "Plugins".

You can change the default settings of Register_XH in "Plugin Config". Hints for the options will be displayed when hovering over the help icon with your mouse.

Localization is done in "Plugin Language". You can translate the character strings to your own language, or customize them according to your needs.

The look of Register_XH can be customized in "Plugin Stylesheet".

Usage

User and Group Administration

The first thing you should do is to adjust the user groups according to your needs. You can do this in "Register" → "Group administration". You can administrate the users in "Register" → "User administration". Both dialogs should be pretty much self explaining, but some notes about the latter seem appropriate:

• The selectbox allows to filter the users by an access group. When you add a new user, the filter is reset, as you might not be able to see the new user record otherwise. When you save the data all user records will be saved, even if they are filtered out.
• You can sort the user records by clicking on the respective column heading.
• The status can have one of the following values (the label of the values are language specific, and can be changed in the language settings):

  activated

  The user has the full priviledges according to his groups.

  locked

  The user has the full priviledges according to his groups, but may not change his preferences.

  deactivated

  The user account is (temporarily) deactivated.

  not yet activated

  The user has registered, but the account has not been activated.

• In both group as well as user administration adding or deleting a user is temporary; to make the changes permanent, you have to explicitely save them.

Note that the group and user CSV files could be accessed directly by calling their URL. An .htaccess file to prohibit this for Apache servers is already contained in the default data folder. For other servers or for custom data folders you have to take care for yourself, that those data are protected from non authorized access.

Please note also, that the possibility to switch to admin mode after being logged in as registered admin has been removed. The call to registeradminmodelink() is now deprecated and doesn't return the link anymore. IMO plugins should not offer any backdoor to circumvent the core's login security.

Login Form

To offer the user the possibility to log in and optionally register first, the login form must be displayed. You can put it in the template, so it's shown on all pages:

<?php echo registerloginform(); ?>

Alternatively you can put it on one or several CMSimple pages:

{{{PLUGIN:registerloginform();}}}

In this case you might want to add the "logged in" form to the template. You can do so with the following call:

<?php echo Register_loggedInForm();?>

If the user forgot his password, he can request an email with the login credentials. If registration of new users is allowed, they can register themselves, and an email with the activation link will be sent to them, so they can activate their account and log in nearly immediately. All this happens without requiring any actions from the admin, but he receives copies of the emails to be informed.

After successfull login the user can edit his user preferences, i.e. name, email address and password. Unregistering, i.e. deleting the account, is also possible in the preferences dialog.

Note that all login and logout attempts will be logged in the logfile/logfile.txt.

Access to CMSimple Pages

To restrict the access to a CMSimple page to certain user groups, you have to enter on that page:

{{{PLUGIN:access('LIST-OF-GROUPS');}}}

LIST-OF-GROUPS is the comma separated list of access groups that will have access to the page. For example:

{{{PLUGIN:access('admin,member,guest');}}}
{{{PLUGIN:access('admin');}}}

Special Pages

Register_XH dynamically adds some special pages to CMSimple, if these do not already exist. Usually you don't have to care about this, but you can use the feature to create your own pages with the respective heading, if you want to customize any of these pages beyond what's possible with adjusting the related language strings. The headings of these pages are specified by the following language strings and the pages should contain the respective plugin call:

register

The page where users can register for a new account.

{{{PLUGIN:registerUser();}}}

forgot_password

The page where a user can request an email which allows to reset his password.

{{{PLUGIN:registerForgotPassword();}}}

user_prefs

The page where a user can change his account setting.

{{{PLUGIN:registerUserPrefs();}}}

login_error

The page where a user is informed about an invalid login attempt.

n/a

loggedout

The page that is displayed after a user has logged out.

n/a

loggedin

The page that is displayed after a user has logged in. This is currently overridden by the language setting of config_login_page.

n/a

access_error

The page that is displayed when a user browses to a page he is not allowed to access.

n/a

Please note that the handling and recognition of these pages is a bit sloppy currently (e.g. it doesn't matter on which menu level they are defined), but this is likely to change in the future.

Limitations

If any CMSimple_XH page inadvertantly has a heading that is used for one of the special Register_XH pages, the plugin might not work as expected.

License

Register_XH is licensed as freeware.

© 2007 Carsten Heinelt
© 2010-2012 Gert Ebersbach
© 2012-2013 Christoph M. Becker

Slovak translation © 2012 Dr. Martin Sereday
Czech translation © 2012 Josef Němec
Danish translation © 2012 Jens Maegard
Russian translation © 2012 Lubomyr Kydray

Credits

Register was developed in 2007 by Carsten Heinelt. In 2010 he gave permission to Gert Ebersbach to adapt it to CMSimple_XH and to further improve it. The plugin was then distributed as Register_mod_XH. In 2012 Gert Ebersbach discontinued the developement, and gave me the permission to maintain and distribute the plugin. Many thanks to Carsten Heinelt and Gert Ebersbach for their good work and the permission to further maintain the plugin!

The code for creating the captcha image is based on code from Geniz' Guestbook. The code from Michael Svarrer's Memberpages plugin has been used as example for the Register plugin.

The plugin icon is designed by Wendell Fernandes. Many thanks for publishing this icon as freeware.

This plugin uses free applications icons from Aha-Soft and 19eighty7. Many thanks for making these icons freely available.

Many thanks to the community at the CMSimple forum for tips, suggestions and testing. Particularly I want to thank Holger for finding a severe flaw, and for his suggestion to improve the user administration, kmsmei for reporting a security issue, and of course Joe for many good suggestions.

And last but not least many thanks to Peter Harteg, the "father" of CMSimple, and all developers of CMSimple_XH without whom this amazing CMS wouldn't exist.