MemberMgmt

Questions answered by this recipe

How it Works

Acme's ZAP forms processing engine can be used to create a powerful membership driven website. It's simple to install and setup. And because it works directly with AuthUser, it allows all the standard id: based password options available in PmWiki! Below are a few basic details to decide if MemberMgmt will do what you want, and then help you get started.

Downloads and extensive documentation (including dozens of code snippets) are available from the ZAP support site at www.zapsite.org. Please direct all questions/comments there, or to the PmWiki mailing list.

New Member Registration
Simply copy the Register form below to your wiki (feel free to add or remove profile fields as desired, and change the register field to match your changes). Fields Member and Password are both required. Member is automatically fixed to a proper page name format. If you are collecting email addresses, use field "Email" and it will be handled automatically in several special ways.

(:messages:)
(:zapform:)
(:zap datapage="Profiles.{$newmember}":)
||Member Name:%red%*%% ||(:input text Member:)
||Password:%red%*%% ||(:input password Password:)
||Real Name: ||(:input text RealName:)
||Email: ||(:input text Email:)
||Country: ||(:input text Country:)
||Gender: ||(:input select Gender Male:) (:input select Gender Female:) 
|| ||(:input submit value="Create Account":)
(:zap register="Email,Password,RealName,Country,Gender":)
(:zap login="auto":)
(:zapend:)

When the form is submitted various checks are made and a member page is created, in group Profiles (configurable). The password and email are encoded using ZAP's internal code mechanism and can only be decode by the individual member and/or an Admin. These pages do not need to be read protected, but can easily be restricted so users only see their own profile information if desired. Note, there are also many capabilities within ZAP for form validation, including required fields, and regex checks, etc. It is also possible to do email confirmation and many other things. The above form is just a sample to get you started.

Login
To create a login page, simply copy the form below to your wiki. It should work automatically. The login function automatically corrects invalid Member fields

(:messages:)
(:zapform:)
(:zap login="":)
||Member Name: ||(:input text Member:)
||Password: ||(:input password Password:) (:input submit value="Login!":)
(:zapend:)

If desired, you can put a link at Site.AuthForm that points to your login form. Your login form can then be set to have the person logging in go straight to the page they requested once they login by setting the nextpage field to ZAP's {$ReturnLink} page variable. You can even set it to go that page in edit mode if desired, when they are attempting to edit a page--though it's a bit trickier.

If you wish to track member logins, see the LoggingPlus snippet for various ideas. Or use it to log new member registration, if you want to list for example the 10 newest members on your site. (You can also do this via pagelists).

Profiles
To give members the ability to update their profile information, create a ZAP form that updates the various data fields and put it in Profiles.GroupFooter. I use a conditional like this (:if equal {$AuthId} {$Name}:) to only allow members to edit their own profile. To be a bit fancier, you could use the above to just give an update button, which when clicked, takes them an update form. The ShowHide recipe makes this even easier and looks quite sharp. Remember to encode their email and password!

Memberships
ZAP recently added a number of automatic group mgmt features to enable you to do some interesting things with your members. First, a "group" command allows you to add, remove, or reset entire groups with a simple form. (Groups in ZAP are defined in wiki pages in a configurable group called "Memberships"). These groups are automatically scanned by ZAP when a person logs in, and memberships are assigned and work exactly as if they were defined in Site.AuthUser.

In addition, the ZAP toolbox has a {(grouplist)} markup that allows you to display nicely formatted lists of group members, and two conditionals: a group_exists and a group_member (checks if a person is a member of a group). These capabilities allow you to do many interesting things with groups!

Site Customization
Once your member accounts are set up, it is easy to customize your site based on any profile information you have. Suppose you asked their favorite color when they registered. You could put something like this anywhere in your wiki:

(:table bgcolor={Profiles.{$AuthId}$:Color}:)

Or if you only wanted to show members who lived in Alaska a certain bit of text, try this:

(:if equal '{Profiles.{$AuthId}$:State}' 'Alaska':)I like Alaska!

There are many more possibilities of course. These just scratch the surface. Some other things that are quite easy to do when using ZAP for your CMS include the following:

• Create classes or groups, and organize special sections of your site for group members
• Create easy self-subscribing mailing lists for newsletters and/or member announcement
• Set up blogs, forums, instant messaging systems, etc, (with Hg, you can even allow one for each member!)
• Pull profile information into a config file and use it to let members choose custom skins
• Upload profile pictures and embed right in their profile page automatically
• Set choice of skins, etc by extracting the corresponding PTV in a config file
• Much, much more...

Feel free to let me know if you come up with some great ideas not listed here. If you can't figure out how to do something listed above, check out ZAPsite or post a question to the pmwiki_users mailing list. Or make a note in the comments section below.

Contributors

• Caveman Click here to learn more about the story behind this recipe...
• Many others who have suggested countless ideas along the way.

Comments

Given recent demonstrations of vulnerabilities that result when ZAP is paired with open editing of a wiki, this type of authentication should only be used on wikis where every page (including the WikiSandbox) requires a password for editing. Ben Stallings May 03, 2007, at 11:30 AM

Caveman, I'm very impressed with what you say ZAP can do. I have tried to install it on my pmwiki, but after playing with the ZAP toolbox and its uses, I had to completely delete the site I was working on. I'm in high need of some form of member management system and something that makes it easy for members to self-register. Your program looks like it could answer all of my questions, but the documentation on your site http://zapdoc.web-farm.org doesn't explain in terms simple enough for me, what and how the ZAPconfig page works. It seems like that page would make everything easier, but for someone as simple minded as myself,it raises new questions. Is there another location (website, forum, etc.) that could explain how I get the member management to work or what ZAPconfig does (in very simple terms)?

Just for you to know, I'm using version 2.2.0-beta65 (2007-11-17) of PMwiki and had authuser enabled. Thanks for pointing me in the right direction! Chris August 12, 2008, at 03:47 PM

Hi, Chris. I started to take on responsibility for maintaining this recipe a year ago, and was working on some better documentation for it, but gave up when I realized that it was not the right tool for the job -- that I could get the same functionality or better without the headache if I used a different CMS that had the functionality built in rather than as an add-on. I love PmWiki, but IMHO it is not designed to work this way. I wish you the best of luck. Ben Stallings August 12, 2008, at 10:30 AM

Ben,

What would you recommend as a member management system then? Its critical that I have it setup so that users can self-register. -Chris

It's been a while, but I just downloaded the latest version of PmWiki, enabled authuser, zap and zaptoolbox, (in that order) cut and pasted the registration and login forms above, and it worked perfectly. I did nothing with the ZAP config page, or any other customizations. Could you explain more precisely what error you were having? Perhaps it was a permissions problem or something to do with your server configuration.

Of course if you are looking for something like PmWiki with this already built in, you could try BoltWire.com. That's what I'm currently using. Good luck. Caveman

Hello All, I wanted to add some comments since I have been using Zap for a while now and the more I use pmwiki and zap the more I understand things. I do believe that zap documentation is not clear enough or does not enough examples. Something to point though is that the more I use it and work with zap the more I find ways to implement.

What I am going to do is to add some code here below the way I have implemented MemberMgmt. Maybe that example could help somebody else.

On the Side Bar I use the following Lines:

* [[Main/Register]]     
*[[Profiles/Profiles|Users List]]

(:if enabled AuthId:)
* [[{=$FullName}?action=logout | Log Out {$AuthId}]]
(:if !enabled AuthId:)
* [[Main/Login]]
(:ifend:) 

In the Register Page Basically I use the Same Code Shown Above for Registration.

In the Profiles Page I use the following Lines to show a User List:

(:notitle:)
!! :: Registered Users
(:pagelist group=Profiles -RecentChanges:)

Also in Profiles/GroupFooter with the Lines Below the profile page will show all data from that user only if the user has loged in. When Not Authenticated the message "We Are Sorry, You Are Not Aloud to View This Page !" will be shown.

(:if equal {$AuthId} {$Name}:)
Nombre: {$:RealName} [[<<]]
Pais: {$:Country} [[<<]]
Sexo: {$:Gender} [[<<]]

(:else:)
(:notitle:)
We Are Sorry, You Are Not Aloud to View This Page !
(:ifend:)

With little tewaks is ver easy to change the user profile information. Not sure at this moment if the password could be change. But basically I am pretty sure that most of the features of CMS can be implemented with this receipe.

Marte October 2, 2008

October 10, 2008, at 07:39 PM --jj?
I found this from the mailing list, which is very helpful:

http://www.mail-archive.com/pmwiki-users@pmichaud.com/msg05411.html

"Just a quick announcement that I've just updated the ZAP code for some
rather useful member mgmt features.

To automatically add a member to a (membership) group, use a command
like the following in a ZAP form:

(:zap group_ChessClub="+Bob":)
Use -Name to drop names, or define out right by inserting a CSV list.
For example, do a search of your member profiles for some string, and
output the pagelist to a csv list.  Instant groups!  You can also
automatically subscribe people to certain groups when they login based
on whatever criteria you wish.

I've also managed to fix the CSV list to take much more user abuse in
terms of unnecessary spaces, etc.

Membership information is stored on pages like Memberships.ChessClub
with pages that look simply like

Bob
Mike
Joe

To display the members of a group, you can do a {(grouplist ChessClub
'fmt')} using the same syntax (actually the same function) as the
existing list markup expression. So you can display many interesting
ways. Checks for read permission on the membership page or returns
null.

To conditionals have been added:

(:if group_exists ChessClub:)

and

(:if group_member ChessClub Caveman:)

When a person logs in using ZAP's authentication scheme, all existing
groups are checked and memberships are automatically added to the
session array for use in AuthUser conditions, etc. I should note, ZAP
can also set the passwords for specific groups/pages using the attr
command to make this even cooler!

Also reworked is the Login and Register function so that when a person
enters an invalid member name, it is automatically converted to a
proper page name fmt (using the MakePageName function), and sets their
authid appropriately. So if a person registers as test 123 they will
be assigned to Profiles.Test123, and have an authid Test123, but can
login as test 123 with no problem.  Works great!

Thanks esp to Ben for his inspiration on this last point, and to Pm
for his help with the group mgmt information. I'll be uploading the
new scripts shortly and trying to keep up with the documentation as
I'm able.

Please let me know if anyone notices any bugs or problems, or has
suggestions for improving things.

Cheers,
Dan
"