Tag Archives: administrator

Securing and Maintaining Access to Your GPT Site Admin Panel

Your ShiftCode Admin Panel

Refer to any welcoming email message from ShiftCode staff you have likely already received after your ShiftCode licensing purchase.  Look for references to your ShiftCode Admin Panel URL (web location) and login (username and password)  Enter (or copy and paste) your ShiftCode Admin Panel URL into your browser and proceed to that web location.  If all things have gone well so far you should now be viewing a special admin-only page that looks like this (below):

scadminlogin

First things first, you may have noticed that your own special ShiftCode Admin Panel URL contains a series of what looks like gibberish letters and numbers (like this ‘63d130df7xbe167e2’)  This is called a security ‘hash’ (it’s basically a URL with an encrypted section added on) – it is unique to your own particular instance of the ShiftCode script and you should NEVER reveal that web location to anyone else (other than yourself)  The admin URL containing the hash is purposely made hard to guess by hackers or others that may have bad intent with regard to your site (yes, this hash code is changeable via a ShiftCode support ticket but rarely (if ever) is this needed)   We’d suggest that you take the time to write down and safely bookmark this URL as this is where most all functions of your site are configured and performed.

Next we’ll address your assigned admin username and temporary password.  Chances are that you’ve been assigned a relatively simple admin username and password.  You’ll want to change these to your own preferences as soon as possible (now?) for increased security purposes!

Use your given admin login to log in to your admin panel.  You should then see a seeming complicated (but really easy to navigate and powerful once you get used to it) screen that looks like this:

scadm1

Next find the ‘Main’ heading (link box) in the upper right corner of the admin panel just under the ShiftCode logo (as seen below)

scmain02

Click on Users & Groups.  Notice the top section of that page is for ‘group’ management (which are basically defining roles available to assign to admin(s), staff, and designers, etc)  What we’re interested in now is the ‘User’ management area just below the group management area.  Notice that your own administrator account is listed along with the ‘shiftcode’ admin user account (the shiftcode admin user account is for internal official ShiftCode staff and cannot be edited or deleted because it is necessary and mandatory)

Instead of editing your own administrator account (while also being logged into the same admin user account) then we feel it is much safer to create a secondary new admin account for the time being (after you’ve successfully logged into the newly created admin account then you can delete the original admin account)

Click on ‘Add User’.  Enter your desired new administrator Username and Password (we suggest a strong password that includes a mixture of upper and lowercase letters, at least one number, and at least one symbol character – though strong passwords are not enforced at this time then it is best for your own good)  Make sure that you’re not using a password you have ever used at any other site (past or present)  The new admin account you are creating will have ultimate access to all your sites functions including financial balances, etc. don’t shoot yourself in the foot by specifying an easy to guess or repeated password!

Specify that this new account is part of the ‘Administrator’ group (chances are that at this point you have no other options)  The Description field is totally optional / not crucial and will be explained at a later point in this documentation.   Leave the Description field blank.

Take a moment to write down your new username and password (now!) Click the ‘Add User’ button to finalize your new administrator Username account creation.  You should see a green headed ‘Success!’ message further stating  that ‘The user has been added’  At this point the User management area should be showing your old admin User, your newly created admin User, and the permanent internal ‘shiftcode’ admin user account.  Click on the ‘Logout’ button on the upper red bar on the upper left under the ‘ADMIN PANEL’ heading (as seen below):

logout01

Now log back into the admin panel using your new administrator account credentials.  Go back to the Main > Users & Groups  area (the area where you just created your new admin account)   Now click on the blue gear box at the right side end next to your old administrator user account and choose delete.  Confirm that you wish to delete that account and then this mission has been accomplished!  Give yourself a pat on the back safe in the knowledge that your new administrator account is safer than the previous default admin account assigned to you.

Incidentally, that ‘Users & Groups’ area is also the area where you can eventually add a new group of sub-admin privileged staff members or site template installers and when you add a new group you will be able to specify exactly the level of access each new group has.  It is NOT necessary to make any new groups at this point in time (continue the quick start guide and stay focused on the important steps we point out – you can go back and add groups etc. at a later point as needed)

Locating & Bookmarking Your ShiftCode GPT Admin Panel On Your Own Domain

AFTER, your site has started appearing on your own domain name (www.MyOwnGPTSite.com) as well as on the shiftcode.com subdomain (myowngptsite.shiftcode.com) then as a matter of preference (though it has practical benefits as well)

First, log-in as the administrator on your shiftcode.com sub domain (chances are you are already logged in.  Take a look at your browser’s URL bar.  Note everything that comes after the ‘shiftcode.com‘ part (starting with a slash (“/“), continuing with your unique hash code, another slash (“/“), and then ending with an index.php (select and copy all that to the clipboard)   Now open up a new browser tab (or window) and type in your domain name starting with the ‘www.’ part and then immediately after your domain then past everything you copied from your sub domain based admin panel URL and past it after your own domain name now – hit return (or enter)  You may be asked to -re-login to your admin panel.  Now once you are in to your admin panel on your own domain name then bookmark that URL and use that as your main admin panel access URL.  It will likely prove useful and have a few advantages over using your sub domain based admin panel (though bookmark both admin panel URLs just in case your domain name service is ever disrupted (rare))

Initial Basic Site Configuration [Quick Start Guide]

Step-By-Step Crucial Initial Configuration Settings

Admin Panel ‘Main’ Menu Section: (on the top right under the ShiftCode logo)

mainmenu03

> E-Mail – Creating domain based email addresses covered elsewhere in this guide (this is not where you create an email address, it’s where you specify an already created email address you want to use for site member notifications) Once you’ve decided on what your site main email address will be for all site admin and user notifications then this is where you configure the ‘From Name’ and ‘From E-mail’ (this can be a domain based email address (recommended) or you can specify any other email address you would like to use for this purpose here (Gmail, HotMail MSN, etc.))

> E-Mail > Alerts – This is where you decide what email alerts you (the admin) want to receive from your site when certain events occur (as seen in the image below)  We would suggest checking every checkbox listed here and clicking the ‘Update’ button if you (admin) want to initially be informed via email of all important events (best to know rather than to risk not noticing)  [The default is no checkboxes checked – checking them all is recommended]

ealerts01

> Payment Methods – This is where you set up how (what payment methods and accounts) YOU will be paid from your site members for various site products and/or services you are selling (such as advertising, member account upgrades, etc.) This should NOT to be confused with site member withdrawal methods which will be discussed elsewhere in this document!  The admin panel describes this section as “Below are your default payment methods. The products that accept payments will also have a section for managing payment methods. They can either select default payment methods, or define separate payment methods. The product will use the payment methods below if default payment methods are selected.

The ‘Internal’ payment method stands for the ‘internal funds’ (in the form of the ‘cash’ or ‘points’) each site member has earned.  If you enable this payment method then your site members will be able to use their account balance to pay for purchases from your site.  It’s your own choice whether or not you want to enable this option but if your think about it then it makes total sense to enable internal funds purchases because most all of the items you are ‘selling’ on your site really are not an out-of-pocket expense for you – it’s virtually pure profit for you (advertising packages they purchase cost your little or nothing comparatively (‘banner impressions’ and ‘side panel ads’ are free to you) as do member account upgrades)

Think about it, if your member doesn’t have any way other than to withdraw cash or use the points in their internal account balances for prizes you must supply then those withdrawals cost you money out of your pocket immediately (most internal funds purchases generally don’t cost you anything to supply if you are smart about it)  Also, you can safely not require that internal funds purchases not be manually approved.  Enable internal funds (it’s a no-brainer decision)

Speaking of the other payment methods, we highly suggest that you select (check) the ‘Manually Approve’ (‘Yes, manually approve each transaction’) option on all payment methods (external) which gives you the option of double-checking that each payment has been properly completed and you indeed have been paid before the purchased item or service is given to the member.

That concludes what we consider to be the crucial configuration settings under the ‘Main’ menu section though we are still not done (off to several other sections)


Admin Panel ‘Products’ Menu Section: (the long list on the left under the blue ‘ADMIN PANEL’ heading)

productpanel01> Contact Form – (or otherwise known as a ‘Contact Us’ form) Enter your own email address here.  When a member (or a site visitor – not necessarily a site member yet) completes the Contact Us form then this will be the email address that you get notified from.  It’s suggested to leave the ‘Valid E-Mail Domain’ box checked to thwart certain spam attempts (the site’s Contact Us form is visible outside of the logged-in site member area and hence this is a common spam target)  Hover over the blue question mark button to the far right of each setting to get a better description of how it works.

> Inbox System > Configure – If you intend to use a site member username as the site administrator other than the default ‘Admin’ (when sending and receiving inbox messages, communicating in the Shoutbox (member chat area), etc) then input that username in the ‘Display Name’ field (this field is case-sensitive so use the same capitalization as your member account that will be acting at the site admin)

Inbox System Configure

If you are allowing your site members to send inbox messages to other members (note the first two checkbox options ‘Contact Downline’ (the member’s own referred members) and ‘Contact Members’) then it’s suggested that you also check the ‘Review Message’ checkbox so that you will be able to pre-review and approve or deny inbox messages sent by members to other members (that way you can moderate messages that are spammy, harassing, overly negative (complaining or insulting), to frequent, promoting competing GPT sites, etc.) before they are delivered to the intended recipient(s) and take corrective action before the potential damage is done.  Allowing members to contact other members is not bad in itself (in fact we recommend you allow it) it allows members to more freely socialize semi-privately and some members tend to be really helpful in encouraging and benignly coaching their downline to be more active on your site.  Just be aware the certain bad apples may try causing trouble and if you are reviewing and pre-approving messages then they are pretty easy to spot.

> Membership – This is a main area that attentive GPT site admins tend to visit often to keep track of what members have joined, their current status (as shown by colors), and just to browse each member’s profile just by clicking on their username looking for obvious issues such as bogus information in required fields, etc.  Also notice that in the upper right corner when you click on the “Search Duplicate” text then it will switch between two modes – a ‘Search General’ (default) where you can search your members by numerous general information fields while when you click on ‘Search Duplicate’ then you enter a very powerful duplicate information search mode when you can discover site ‘cheaters’ who either have multiple accounts (which you should not allow under any circumstances) or members who bypassed normal site security by entering bogus information into required fields (such as entering ‘123 easy Street’ in a Street Address field – also you should not allow)

Search Duplicate

> Points System > Configure – This is where the currency values and exchange rate is configured.  This is where you will assign a value to whatever you wish to call your site’s ‘points’ currency.  It’s highly suggested that YOU GET THIS RIGHT in the first place.  You want your points system to be easy to figure out and conforming to the familiar standard exchange rate already established by many GPT sites that came before yours (the below image is the default settings – this is the ‘before’ image) Points System Configure Defaults (BEFORE)BIG (HUGE) TIP / HINT: –> First, let me point out the complete line of thirteen (13) blue question mark help icons help icon - hover over on the right (as seen above) – hover over them to discover better descriptions of what each field item does / means.  These question mark hints are purposely strewn throughout the ShiftCode GPT Admin Panel (Notice them!  That’s what they are there for!)

Now to suggest the ‘right’ points configure settings:

Points Name: This is where you will define what you will call your site’s points currency name (what you call your points on your site)  Yes, you can just leave them named ‘Points’ as many have done before you.  Also know that you can pretty much name your site’s points anything you want!  Yes, shillings, coins, gold bars, pirate treasure, silver, wooden nickels, whatever you want (insert the name there)

Auto Reset:  This option may have had a very good purpose way back years ago when the GPT sites concept was younger but if you know what’s good for you nowadays then it’s best to just leave this option set at the default zero (0) days value.  Essentially this is a setting that allows you to specify that if your member hasn’t used (converted, ordered a prize, or otherwise spent) his points in his account balance for X days then they go away (ouch!)  If you do enable this option and you don’t have some unique new legitimate purpose (other than cheating your members out of their earned points) for doing so to maybe change this option from the default zero… (risking that one or more very vocal GPT member sees his points go away unjustly and complains publicly)  Hint: Leave it at ZERO!

Conversion Rate: (Important!) The default (generally right) setting is 100 points = $1.00 (thus the field rightly has a default ‘100’ number in it)  This is where you are configuring what monetary value (if any) your site’s points will represent (or ‘hold’)  The standard amongst the vast majority of successful GPT sites currently operating is undoubtedly 100 points equals one dollar (if you change this then just know then we have seen it lead to member confusion and eventually making that GPT site a generally less popular place for GPT regular members to frequent due to the the confusion factor)

 

A WORK IN PROGRESS TO BE CONTINUED