FAQ

This page contains answers to commonly-asked questions about the user management application.

  1. Can I protect my subdomain web sites using the same admin web site?
  2. Can I restrict registration for free e-mail domains?
  3. How to set available domain list?
  4. Can I change notification-mail templates?
  5. Can I change Sign In, Sign Up, and Change Password and other public page design?
  6. How to change the admin UI skin?
  7. How to add new skins to the admin UI?
  8. How to add new skins to the Sign In and Sign page?
  9. How to use maintenance mode?
  10. Can I redirect a user after sign in / sign out?
  11. Can I receive all users' email notifications?
  12. How registration/activation process looks like?
  13. Can I change grid items per page value?
  14. Can I change admin application name and logo?
  15. Can I Export/Import roles and users?
  16. How to provide multilingual support?
  17. Can I protect simple PHP pages by this tool?
  18. Can users sign in by Twitter, Facebook, Google, Yahoo and other OpenID providers ?
  19. Can I restrict profile fields visibility by user domain or role ?
  20. Can I use Facebook/Twitter API which needs the users access token?
  21. How to set a user domain?
  22. Can you give me Social Signin set up Urls?

Can I protect my subdomain web sites using the same admin web site?

Yes, you can. In order to reach that you should define the same session cookie name for all you applications. You need to create a configuration and define session cookie name (for instance appsession) and use that name for all your web sites as show in examples. You can protect even a web site which does not use PHP classes and has simple PHP pages, please see an example in User RoleManager.Example.Simple folder.

The main idea is keeping authenticated user data (roles, some profile fields) in the application session which can be shared between subdomains. So, you can define domain for user management web site and other websites on subdomains will redirect users to that management application if authentication is required. After that, if user has been authenticated successfully he or she will be redirected back to the subdomain website.

See an example below:

  • accounts.mydomain.com - User and role management application.
  • forum.mydomain.com - Your forum web site domain
  • reports.mydomain.com - Your reports website domain
  • inventory.mydomain.com - Your inventory management webdite domain
Your existing application can get user data from the session and check if a user is authenticated and has specific role for specific subdomain. You can use PHP classes from example to achieve that or create your own classes which will get specific user session values.

Here is a simple example how to provide visibility of page block by user role, security.php file contains all functions you needed:

            
	  <?php
		require 'security.php';
		sign_in_required();
		$sign_in_url = get_sign_in_url();
		$sign_out_url = get_sign_out_url();
	  ?>
	  <html>
		 <head>
			<title>
				Simple Security Page Example
			</title>
		 </head>
		 <body>
		  <?php if(is_user_authenticated()) { ?>
			<div><img style="width:100px" src="<?=get_user_avatar_url()?>"</div>
			<div>User Name:    <?=get_user_name()?></div>
			<div>User Email:   <?=get_user_email()?></div>
			<div>Is Admin      <?=is_user_in_role('admins')?></div>
			<div>User Roles:   <?=implode_user_roles()?><div>
			<div>SignOut URL:  <a href="<?=$sign_out_url?>">Sing Out</a></div>
		  <?php } else { ?>
			<div>SignIn URL:  <a href="<?=$sign_in_url?>">Sing In</a></div>
		  <?php } ?>
		</body>
	  </html>
	


Here is an advanced example how to applay security to a controller, just needs 'implements IControllerSecurity' declaration:

	  
	  <?php

	 
	  namespace Controllers;

	  use \Utilities\Helper as Helper;
	  use \Utilities\HttpHelper as HttpHelper;

	  use \Core\View as View;
	  use \Core\Controller as Controller;
	  use \Core\IControllerSecurity as IControllerSecurity;

	  /**
	   * FAQ controller class. Extends Controller class which has authentication/authorization behavior.
	   * The class represents full page load and ajax methods implements methodology of thin controller. 
	   * Please, implement all business logic code the appropriate service classes.
	   *
	   * For more info about constants please @see http://yourdomain/faq
	   * @version 1.0.0
	   */

	  class Faq extends Controller implements IControllerSecurity
	  {
		  /**
		   * Controller class constructor needs to be initialized by required service class instances.
		   *
		   * Constructor initializes services properties to manipulate with business logic. Those instances of service objects are created
		   * automatically by core logic and passed to the constructor by using the hints. If you want to add another services to you controller
		   * just add appropriate property and variable with class hint to the constructor definition. Be sure that you keep all business logic
		   * inside service classes in order to better supporting development process and testing.     
		   * 
		   * @param \Core\ApplicationContext $applicationContext Application context class instance.
		   */
		  function __construct(\Core\ApplicationContext $applicationContext)
		  {
			  $this->applicationContext = $applicationContext;

			  /**
			   * By default only admins can execute the controller methods, but you can change that condition
			   * if you redefine authorizedRoles variable.
			   */
			  $this->authorizedRoles = 'admins';
		  }

		  /**
		   * Page: Handles rendering domain list full page view (HTML + JS) and returns to the client browser. 
		   * Method URL: http://yourdomain/faq/index or http://yourdomain/faq
		   */  
		  public function index()
		  {
			  View::renderBody('faq/index.php', null, $this->applicationContext);
		  }
	  }            
	

Can I restrict registration for free e-mail domains?

Yes, it is on Settings->Registration tab. You can define which email domains are allowed or disallowed.

How to set available domain list?

It is on Setting/Registration/Mail Domains. This property has the following options:

  • Allow All (Excluding from the list)
  • Deny All (Excluding from the list)
If user tries to use restricted email domain, application will show a message that selected domain is not allowed.

Can I change notification-mail templates?

Yes, please open the following folder views/templates/email and use any text editor to change template files:

  • _email_activation_confirmation.php
  • _email_activation_request.php
  • _email_change_password_confirmation.php
  • _email_change_password_request.php
  • _email_generate_password_confirmation.php

Can I change Sign In, Sign Up, and Change Password and other public page design?

Yes, please open the following folder views/default/accounts and use any text editor to change template files:

  • _account_activate.php
  • _account_activate_expired.php
  • _account_change_password.php
  • _account_forgot_password.php
  • _account_sign_in.php
  • _account_sign_out.php
  • _account_sign_up.php
  • public style is in /content/style.public.css file.

Public layout is in views/default/common/layout folder

  • _layout_public.php file.

How to change the admin UI skin?

Yes, please check Domain Properties/Themes tab. Admin UI and public UI use different CSS files, so if you change admin UI theme it is not influence on public UI pages.

How to add new skins to the admin UI?

The tool uses twitter bootstrap CSS files, so you can create your style and apply that style to tool. Here is step by step instruction:

  • Create new folder under content/themes folder
  • Add bootstrap.css, bootstrap.min.css and skinname.png file to created folder
  • Open views/default/configurations/ _themes_settings.php file
  • Add the following html code:

    	
    	<option value="skinname">Skinname - small comment</option>
    	

How to add new skins to the Sign In and Sign page?

You can create new bootstrap style or buy it in the Internet and set path to botstratp.css file in views/default/common/layout/_layout_public.php file.

How to use maintenance mode?

Please have a look at Settings->General->Maintenance Time setting. You can redirect users to Offline local page or user any external URL.

Can I redirect a user after sign in / sign out?

On the settings page select a configuration which you need to change and select Registration->Redirect After Sign In and Redirect After Sign Out

Can I receive all users' email notifications?

On the settings page select a configuration which you need to change and select Registration->Blind Carbon Copy (Bcc). You can use email list where ; is separator.

How registration/activation process looks like?

You can create a user by yourself or new user can use public UI to create account. In this case new user will be added to Self Registered and Not Activated biult in role. An activation e-mail will be sent. After activation a new user will be in the following roles: Self Registered; Self Activated. You can add your roles to the Self-Activation Role parameter in order to add all new users to particular role after registration or activation process. For instance it can be "Waiting for Approval"

Can I change grid items per page value?

On the settings page select a configuration which you need to change and select User Interface->Default Paging Size

Can I change admin application name and logo?

Yes, but you can have HTML coding experience and check views/default/common/layout/_layout_public.php file. Please, be careful, because those file is PHP file.

Can I Export/Import roles and users?

Yes, you can find it on Roles and Users page. You can download files and see export/import file formats.

How to provide multilingual support?

By default the language of public interface is English. But you can add more Lange files. Please see check Languages\labels-eng.txt file. It is simple to understand how to add text in another language. After you have language file just give it name labels_[language id].txt and system will read all label files then application is loaded. On the settings page select a configuration which you need to change and select General/Public UI language.

Can I protect simple PHP pages by this tool?

Please have a look at the example in UserRoleManager.Example.Classic folder. it’s very basic example but you can improve it for sure to have all logic in one place.

Can users sign in by Twitter, Facebook, Google, Yahoo and other OpenID providers ?

Yep! It works for this soulution. (See Social Networks tab on the settings page)

Twitter

You need to register your application with Twitter. That means you should have your production URL ready before you think to start your development. When you finished with registration, you will receive consumer key and consumer secret. These unique credentials will help your app to interact with Twitter. No big deal. You can visit your all registered applications on http://twitter.com/oauth. And to register for new app you need to visit http://twitter.com/apps/new.

Facebook

It is recommended that users be able to authenticate with Facebook when using Socialize so as to maximize the exposure and promotion of your app. First step for Facebook is retrieve the App ID and App Secret (it is based on oAuth 2.0), so register you application on https://developers.facebook.com/apps.

Google, Yahoo and other OpenID providers

You don't need any key for those providers.

Can I restrict profile fields visibility by user domain or role ?

Yes, if you created a profile fields it will be visible for all domains by default. To change that click on the field name on the Fields page and click on "Restricted By Domains" or "Restricted By Roles" tab and check domains or roles which you need. You can select a user domain on the user edit dialog or it will be assigned during sign up process.

Can I use Facebook/Twitter API which needs the users access token?

Yes, for now API token are saved in the database (and updated after expiration date), so you can use that to have an access to Facebook/Twitter API.

How to set a user domain?

The domain name will be set for a user during signup process or you can find the user on the Users page, click on the user name and set the user domain on the Domains tab. A user can have different roles in different domains, so it will help you to split visibility of functionality for different subdomain websites.

Can you give me Social Signin set up Urls?

You need to register your application with Twitter. That means you should have your production URL ready before you think to start your development. When you finished with registration, you will receive consumer key and consumer secret. These unique credentials will help your app to interact with Twitter. No big deal. And to register for new app you need to visit http://twitter.com/apps/new..

It is recommended that users be able to authenticate with Facebook when using Socialize so as to maximize the exposure and promotion of your app. First step for Facebook is retrieve the App ID and App Secret (it is based on oAuth 2.0), so register you application on https://developers.facebook.com/apps.

It is recommended that users be able to authenticate with Google when using Socialize so as to maximize the exposure and promotion of your app. First step for Google is retrieve the Client ID and Client secret (it is based on oAuth 2.0), so register you application on https://console.developers.google.com/project.


© 2016 User Roles Management Tool  Version: 1.0