Site visitors who are new to Backdrop will be asked to register a Backdrop user account before they can join your website. Anyone can also go to the URL http://[site_URL]/user on your website (substituting your website's URL for [site_URL]) to sign in or register. However, who is allowed to sign in or register can be configured.
The Account settings form at Admin > Configuration > User accounts > Account settings provides settings for managing who can register and what happens when users join your site. This form contains several sections which will be described separately.
Registration and cancellation section
This group of fields determines options for when visitors register.
Who can register accounts
The options are:
- Administrators only - visitors cannot register an account. New accounts are created manually by an administrator (or a role with permission to register new accounts)
- Visitors - visitors can register fully and become members without any administrator input
- Visitors, but administrator approval is required - visitors can initially register but their accounts will be inaccessible (blocked) until an administrator approves their registration.
Require email verification when a visitor creates an account
If this option is enabled, users creating a new account will only be asked for a username and an email, and not a password.
These users will be required to validate their email address prior to logging into the site. Backdrop will generate a random password and will send a special link via email which logs in the user when clicked. The user can then change to a more personal password. This option is more reliable as it ensures that automated logins (by spam bots) are more difficult, and also ensures that the user's email is correct on registration.
With this setting disabled, users creating a new account will be asked for a password during registration and will be logged in immediately upon registering.
When an email address is used as username, require a matching email address
For users who opt to use their email address as their username, this option will require that the email address field and username field match.
When cancelling a user account
This option determines what happens to content that users have created once the user account is deleted.
- Disable the account and keep its content - The user account is blocked, and their content remains visible on your website. You can reinstate their membership at a later date.
- Disable the account and unpublish its content - The user account is blocked, and their content will no longer be visible on your website. You can reinstate their membership at a later date, and nodes created by the user can be republished individually.
- Delete the account and make its content belong to the Anonymous user - The account's content will be owned by the Anonymous user. - The user account is deleted from your website. Their content remains visible, but its authorship is transferred to Anonymous.
- Delete the account and its content - Both the user account and its content are permanently deleted from your website.
Users with the "Select method for cancelling account" or "Administer users permissions" can override this default method.
User log in section
Users may log in using either Username or email address or both, based on this option.
Note however, that if the email only option is selected, users are still required to select a unique username. Furthermore, this must be identical to the email address if the "When an email address is used as username, require a matching email address" field in the previous section is checked.
Url pattern section
This option determines the default URL alias pattern for user account pages. The default pattern is set as "accounts/[user:name]". Tokens may be used to construct this Url
See the document on URL Aliases for more information about URLs, Aliases, and Patterns.
Administrator role section
The role selected here will be automatically assigned new permissions whenever a module is enabled. Changing this setting will not affect existing permissions. Administrator privilege is a very powerful role and care must be taken to ensure that this is not mistakenly administered to untrusted users. The Administrator privilege is by default assigned to the role called "Administrator".
Anonymous users section
This field allows you to enter a name by which site visitors who are not logged in (anonymous users) are called. By default it is simply Anonymous. If the contents of this field was changed to "An unknown visitor", a post written by a not-logged-in guest would therefore be labelled "by An unknown visitor".
Contact settings section
This determines if the personal contact form is enabled by default for new users. See the documentation for Contact forms for more information.
This section determines whether a personalized signature is enabled, and whether user pictures are allowed, and configuration of pictures. The fields provided for configuring picture personalization are as follows:
- Picture directory - subdirectory in the file upload directory where pictures will be stored.
- Default picture - URL of picture to display for users with no custom picture selected. Leave blank for none.
- Picture display style - the style selected will be used on display, while the original image is retained. Styles may be configured in the Image styles administration area.
- Picture upload dimensions - the maximum pixel size for user picture uploads. Pictures larger than this will be scaled down to this size.
- Picture upload file size - the maximum picture file size for picture uploads. Upload size is normally limited only by the PHP maximum post and file upload settings, and images are automatically scaled down to the dimensions specified above.
- Picture guidelines - this text is displayed at the picture upload form in addition to the default guidelines. It's useful for helping or instructing your users.
Approving new users
Pending users are marked as Blocked until they've been approved. To approve their membership to your website:
- In the admin bar, select User accounts.
- Find the pending users who have a blocked status, and then select their check boxes.
- In the Update options list, click Unblock the selected users.
- Click Update.
You can customize the emails your site sends out when users register for your site and are approved or denied.
To do this:
- Go to Admin > Configuration > User accounts > Account emails.
- In the Emails section, modify the different email messages to meet your website's needs.
- You can select from the tokens beneath the email entry field to have Backdrop provide specific values from the website.
- Click Save configuration.
Blocking or cancelling users
There are times when you need to remove users from your website. Rather than removing their user accounts completely from your site, it is usually best to block them for the following reasons:
- You may want to reinstate their membership later.
- Removing their account and deleting all their content is irreversible.
- If you remove their account, they can use it to rejoin your site, but if you block/disable their account, they cannot rejoin using that account.
You cannot block or cancel the following accounts on your website:
- Your own account
- The last (or only) account with the site maintainer role