One of the many wonderful things about Concrete5 is the built-in functionality for managing "membership" (users and groups). However, for smaller sites where your membership needs are limited to just one or two groups, and all you want to do is have one "protected area" of the site, all of the built-in functionality can be overkill and complicate the user interface when people log in.

Here are the steps I take to clean up the membership features when I build simple "member areas" in sites:

Delete "Private Message" Attributes and Job

I've never actually built a website that utilizes private messaging, so I like to delete these 2 pre-installed user attributes because it cleans up the "Edit Users" interface and helps avoid confusion with clients and site editors.

screenshot of dashboard User Attributes page

And since we are not utilizing private messages, we might as well remove the automated job for them too:

screenshot of dashboard Automated Jobs page

Delete the "Members" Page from the Sitemap

If your site does not feature a public-facing community, it is a really good idea to delete the /members page from the sitemap. Doing so will slightly reduce your security risks (because you're not making the list of usernames available, so it's one more thing that a potential attacker would have to "guess" along with the password). To remove this page, navigate to Dashboard > Full Sitemap, expand the "Options", check the "Show System Pages" box, then expand the Home page in the sitemap, find the "Members" page, click on it, and choose "Delete" from the popup menu. You may get a warning about deleting system pages, but it is safe to remove this one (it will not adversely effect system functionality).

screenshot of Members page being deleted in dashboard full sitemap

Delete Miscellaneous "Edit Profile" Pages

While I've got the Full Sitemap open and expanded to "Show System Pages", I also like to delete the /profile/avatar, /profile/friends, and profile/messages pages. Because I never utilize these features on the sites I build, I don't want a user to see them and get confused (or actually use them and expect that they'd function properly).

screenshot of extraneous profile pages in dashboard sitemap

Remove "Edit Profile" Sidebar

By default, the sidebar of the "Edit Profile" page includes things that are only applicable to public-facing community sites, and hence are confusing and unnecessary for private member areas:

screenshot of sidebar in the Edit Profile page

Since we're not utilizing the public-facing community features, we should remove those items from the sidebar in the "Edit Profile" page. The easiest way to do this is to override the system's default "profile/sidebar.php" element with a blank file. To do so, first create a new "profile" folder in your site's top-level "elements" directory, then inside that new folder create a new file called "sidebar.php":

screenshot of new elements/profile/sidebar.php file in filesystem

Now edit the new "sidebar.php" file and paste in this code:

<?php defined('C5_EXECUTE') or die("Access Denied.");

//This file is intentionally blank
// (because we do not want to display anything in the profile sidebar)

Creating the Private Section

I'm not going to go into detail on how to actually create the restricted/private section of your site (because there are a variety of different ways you could set that up, depending on your specific needs). But here is a quick list of some common options to consider:

Create top-level section page

Create a new top-level page of your site to house all restricted pages underneath. Any permissions you set on this top-level page will filter down to its child pages, so it is a very easy way to restrict access to an entire section of your site.

Style the login page

Apply your theme's styles to the login page (so users don't get the generic Concrete5 dashboard style) by following the steps in this how-to:

Add login/logout link

Add a login/logout link by putting this code somewhere in your theme page type templates:

$u = new User;
if ($u->isLoggedIn()) {
    echo '<a href="' . View::url('/login/logout') . '">Logout</a>';
} else {
	echo '<a href="' . View::url('/login') . '">Login</a>';

Add "edit profile" link

Add a link for logged-in users to edit their profile by putting this code somewhere in your theme page type templates:

$u = new User;
if ($u->isLoggedIn()) {
    echo '<a href="' . View::url('/profile/edit') . '">Edit Profile</a>';

Enable self-registration

If you want people to be able to register themselves (as opposed to an administrator having to create user accounts via the dashboard), enable public registration via Dashboard > System & Settings > Login & Registration > Public Profiles. You can optionally require an approval step if you would like to have a site administrator verify each registrant before granting them access.

If you have public registration enabled, you'll want to add the following lines of code to your site's config/site.php file (and change the setting values accordingly):

define('EMAIL_DEFAULT_FROM_NAME', 'John Smith');

Create a separate user group

Depending on the complexity of your situation (or if you just like to keep things neat and tidy), you might want to create a separate user group for the people who will should have access to the private section. For very basic situations, this is not required (since you could just set permissions on the private section to allow all "registered users"), but if you require more than 1 group, or are using permissions for other things besides this private section of the site, then it probably makes sense to create a separate group for this purpose.

Note that if you do create a separate group for this section, and public registration is enabled, you might find the free Registrant Group addon useful -- it will automatically assign new registrants to a group of your choosing.