There should be an easier way to edit members profiles, for e.g. say someone puts something in their profile that you want to remove you should be able to just click edit and edit the profile.
so far (unless im missing something) i can only edit profiles by editing the database directly.
Sign In
Members Edit | Forum
Rivu
Jul 14 '11
Is it good to have access to a user's personal details and ability to change it ? I'm afraid will it not affact the security of members ?
Currently, you can just suspend/delete their account and force them to change the details, that'll make a good reputation of your community. What if someone make random profiles with fraud details ? will you change all theose details by hand ?
Currently, you can just suspend/delete their account and force them to change the details, that'll make a good reputation of your community. What if someone make random profiles with fraud details ? will you change all theose details by hand ?
The Forum post is edited by Rivu Jul 14 '11
Mark
Jul 14 '11
yes it is good to have admin access and the ability to edit a user profile, spam/fraud accounts will be suspended but what about when someone makes a typo on their email address and cannot validate it because of the incorrect email.
Leader Michael
Jul 15 '11
If they have been in contact with you about the typo (otherwise how yould you know) then you can mark their account as verified using the admin panel and they can then go in and fix the typo themselves.
You need to perception that even admin cannot change things. OK you can do it in the database but each person is responsible for their own profile.
You need to perception that even admin cannot change things. OK you can do it in the database but each person is responsible for their own profile.
Leader Leo
Jul 15 '11
each person is responsible for their own profile.
And I think that's better too, so every person can change their profile. But if a user posts illegal and criminal things on her/his profile the admin of the site can just suspend/delete the user, so the illegal and criminal content isn't there any more.
Team Den
Jul 18 '11
I have another proposal :)
What about to allow admin to quick login as a user. So admin will be allowed to anything as user (customizing profile, content and etc)?
What about to allow admin to quick login as a user. So admin will be allowed to anything as user (customizing profile, content and etc)?
Rivu
Jul 18 '11
@Addenster
That's good idea. But, I take the side of the users' here, It should be a special login. admin should not have permission to see users' password, though admin should be able to reset the password and mail it to the user.
That's good idea. But, I take the side of the users' here, It should be a special login. admin should not have permission to see users' password, though admin should be able to reset the password and mail it to the user.
Leader Ashok
Jul 18 '11
>What about to allow admin to quick login as a user.
Which means...Switch to User
Good Idea ! That's a basic feature implemented in some CMS scripts . Hope it will be implemented at Oxwall:)
Which means...Switch to User
Good Idea ! That's a basic feature implemented in some CMS scripts . Hope it will be implemented at Oxwall:)
Leader Michael
Jul 18 '11
I still feel that in a social environment you are meant to try and keep your member base BUT the attitude should be you are Admin, not their friend. If you want it removed then as Admin, tell the user to remove the offending content.
It would be a better option from admin where the member account could be set to RESTRICTED VIEW or INVISIBLE where only the member AND admin can see it. Then the member can make the changes and admin can re-enable the account when satisfied.
My opinion...
It would be a better option from admin where the member account could be set to RESTRICTED VIEW or INVISIBLE where only the member AND admin can see it. Then the member can make the changes and admin can re-enable the account when satisfied.
My opinion...
Leader Leo
Jul 18 '11
Rivu is right. Admin should have a special login (e.g. admin login) becuase if the admin can sign in via the user account (so he haves and knows the user password) the users won't create an account on this page because it's against their privacy.
That's good idea. But, I take the side of the users' here, It should be a special login. admin should not have permission to see users' password, though admin should be able to reset the password and mail it to the user.
The Forum post is edited by Leo Jul 18 '11
Leader Michael
Jul 18 '11
I like the reset password and email function. As to editing user's profiles... Im still on the fence. I can see the worth in it but also some dangers!
AL BALOCH
Jul 19 '11
I don't agree on security issue, no website admin wants that their website name goes down, issue about the member or user security is not your problem,it is the problem of site admin and the user, if site admin doesn't secure the website then surely user will delete the profile and leave the website.
Profile Edit and password change shall be available on website, as SQL server can easily edit it for admin.
Profile Edit and password change shall be available on website, as SQL server can easily edit it for admin.
Leader Michael
Jul 19 '11
@AL BALOCH
You are right. Of course you don't want to lose members. I know 95% of the members on my site and I have corrected problems on their profile which they were more than happy for me to do. I have also logged in as them and changed their password or to see what errors they were getting. Again they were more than happy for me to do this.
That is because my site is small. Imagine if you had a much larger userbase. Even if you had tools for editing profiles or changing passwords, if you had 10+ requests a day for a password reset and 20+ Profile edits to do you would quickly get annoyed with it all or you would need to employ more "admins" and hope to trust they have the same values and ethos as you and don't abuse their position.
For the short term and a small userbase then yes I would love to see the tool. For a larger userbase, if my site is popular I would not be worried about losing the odd members. Usually the ones who forget passwords are the infrequent visitors.
These are my opinions. If you are in need of tools like this then that's OK.
You are right. Of course you don't want to lose members. I know 95% of the members on my site and I have corrected problems on their profile which they were more than happy for me to do. I have also logged in as them and changed their password or to see what errors they were getting. Again they were more than happy for me to do this.
That is because my site is small. Imagine if you had a much larger userbase. Even if you had tools for editing profiles or changing passwords, if you had 10+ requests a day for a password reset and 20+ Profile edits to do you would quickly get annoyed with it all or you would need to employ more "admins" and hope to trust they have the same values and ethos as you and don't abuse their position.
For the short term and a small userbase then yes I would love to see the tool. For a larger userbase, if my site is popular I would not be worried about losing the odd members. Usually the ones who forget passwords are the infrequent visitors.
These are my opinions. If you are in need of tools like this then that's OK.
The Forum post is edited by Michael Jul 19 '11
Leader Leo
Jul 19 '11
@Michael: But how can you be sure that the user request isn't a criminal act or something like a joke?
Anthony
Jul 20 '11
Every social script I've ever used has allowed me to modify fields and I always find it useful. I highly agree with the 'no admin wants the name to go down' comment. We want the feature so customer support will be even BETTER. Don't be sloppy and have them ask to use the password and what-not. Just have the admin do it. I picture an administrator as a manager of the website and one to help others solve problems. This would just make the support department stronger and more efficient.
I'm all for it.
I'm all for it.
Leader Michael
Jul 21 '11
@Leo I agree! It can be dangerous! A user contacts you saying they forgot their password AND the email address they registered is no longer in use and they ask you could you reset the password and send it to the new address... Simple answer there is, IF you are 100% sure of the person making the request do it but otherwise NO.
Other sites have secret passphrases like Last School attended, or Town of birth etc. Maybe to adopt that into the signup so IF password is forgot AND email account used for registering is down they then have an automated recovery based on a secret passphrase.
With editing profile content. It can be done anyway, if Anthony needs/wants a tool or way of doing this easily then OK but tread carefully!
Other sites have secret passphrases like Last School attended, or Town of birth etc. Maybe to adopt that into the signup so IF password is forgot AND email account used for registering is down they then have an automated recovery based on a secret passphrase.
With editing profile content. It can be done anyway, if Anthony needs/wants a tool or way of doing this easily then OK but tread carefully!
Leader Leo
Jul 21 '11
Simple answer there is, IF you are 100% sure of the person making the request do it but otherwise NO.
Right!
Maybe another solution is to create a "forgot-password-question plugin", if a user have forgotten his/her site password (and E-Mail password too), so, when the user answer the question the system will assign a new password to the user account.
The Forum post is edited by Leo Jul 22 '11
Leader