Learning FUEL CMS PART 6: The Client Handoff


So far we've learned how to create pages, blocks, layouts, menus, modules, incorporate them into the CMS and test our site. The WidgiCorp demo site is almost ready to turn over to our client. The last two things we will look at are ways to improve FUEL's security and create client specific documentation for them to view in FUEL CMS.

If you haven't read the introduction post about this blog series and downloaded and installed the FUEL CMS 0.91 branch from GitHub, do it now.

Security

FUEL CMS has several configuration options to improve the security of the CMS, including the ability to set certain permissions per user. We will cover this next.

Change Your Admin Password

The most important security measure that should be taken in securing the CMS is the changing of the default admin login password. You should receive a warning message every time you login telling you to do so until you have.

To change the password, log in to the FUEL CMS admin and click on the login name in the upper right. There you should be presented with the profile page where you can type in the new password.

By default, there is only one admin user. To create another admin user, you must have access to the database and must specify "yes" for the super_admin field. However, it is possible to create a user that has essentially the same capabilities as an admin if you assign that user all the available permissions or at a minimum assign them the ability to create users and permissions (because they could then assign them to themselves).

Create a User For Your Client

The next step in securing the site is creating a separate user for the client to login which only has access to the features they will need. This will do a few things:

  1. Limit them from messing with features they may not understand
  2. Clean up unnecessary clutter in the interface and make it easier for the client to navigate
  3. Allow you to better debug the logs in the system if you can track it to a separate user

To create a new user in FUEL CMS, click on the Users Manage menu item on the left and then click the create button. Enter in the clients name, email and password and only assign the needed permissions.

Other Security Options

There are several other options to consider which we'll mention here but are also described in the user guide, and they are:

  • restrict_to_remote_ip - restrict FUEL to only certain IP addresses.
  • default_pwd - default password to alert against.
  • admin_enabled - allow use of the CMS admin.
  • num_logins_before_lock - the number of times someone can attempt to login before they are locked out for 1 minute (or whatever is set for the seconds_to_unlock). The default is 3.
  • seconds_to_unlock - the number of seconds to lock out a person upon reaching the max number failed login attempts. The default is 60.
  • dev_password - if you set a dev password, the site will require a password to view. Default is no password. Testing the site will not work if a dev password is set.

Those options can be configured in you fuel/application/config/MY_fuel.php file.

Documentation

The last thing we will talk about is a little feature that allows you to create client specific documentation that will appear in FUEL's dashboard when a user logs in (if they have the Site Documentation permission). This is handy if you have specific handoff information you want to make available to the client (e.g. how to create a blog post). Looking at the fuel/application/views/_docs/ folder, you will see two files — index.php and fuel.php. The fuel.php file is what appears in the FUEL dashboard. The index.php file is what appears when you click on the link in the dashboard and is where you put your client specific documentation.

Also, if you create a module with it's own view folder, you can create a fuel/modules/{MY_MODULE}/views/_docs/index.php view file that can include documentation specific to that module and it will appear in the user guide documentation's table of contents.

That's it for Part 6: The Client Handoff as well as our blog series Learning FUEL CMS. However, you can continue to look here for more news and insight into FUEL CMS and we also encourage you to join the community, sign up for our newsletter below, and/or follow us on Twitter. Happy coding!


Comments

do these Tutorials has a video version?

we need video-tutorials .

so thanks:)

kai, Jan 12, 2011

Unfortunately, there are no videos. We may add some at a later time but can’t promise anything.

David McReynolds, Jan 13, 2011

Thanks for the great tutorials. They were very clear and concise, with just enough info to keep you going (and links to the full user guide when appropriate).

Calvin, Feb 19, 2011

Comments have been turned off for this post.


  Back to Top