I do not want to turn CMSimple_XH into a full-fledge multi-user system, because that doesn't make any sense IMO. However, the administration of several CMSimple_XH websites is shared by a several users (usually only a few, say two or three). All of these are working under the same account, and, for instance, entries in the log file are undistinguishable (except for the IP on login).
Furthermore we have Memberpages and Register_XH, which allow users to get elevated privileges, but these user accounts are totally unrelated to the admin login, so a user who is both admin and "member" often has to log in twice via different log in forms.
Most, if not all, other CMSs don't have this distinction; you simply log in as user X, and you have the privileges that have been granted to you. So what about having a basic multi-user facility in the core? I'm thinking just about a username and a password (and maybe a full name and an email address), and whether the user is an admin or a user (without any detailed permission system). The main advantage would be a unified log in form, and a unified (and therefore more secure -- due to more widespread testing) authorization. Another benefit would be that the user(name) is known, so their actions could be logged appropriately. The only drawback I can recognize would be that on log in the username has to be given in addition to the password, but that seems to be a minor issue, because that's customary anyway.
Some random thoughts regarding the details:
- if the user is an admin, XH_ADM (and $adm) will be set to true
- there need to be a basic form for user management in the backend
- plugins such as Memberpages and Register_XH should use the basic user management (which needs a respective API), and make their own additions (access permissions for individual sites, etc.)
- such plugins could add their own user administration, or maybe replace the default administration
Any feedback on this topic by developers, web designers, webmasters and end-users is highly appreciated.
Christoph