WordPress.org

Ready to get started?Download WordPress

Forums

Registration Approval/Moderation (38 posts)

  1. eleni2
    Member
    Posted 8 years ago #

    I know that I can either (1) turn off 'anybody can register' and create logins individually/manually OR (2) turn on 'anybody can register' and let any stranger register to my blog. however is it possible to moderate and approve each registration, similar to comment moderation? It would be a wonderful addition to wordpress. THANK YOU SO MUCH!

  2. mickemus
    Member
    Posted 8 years ago #

    Very useful... my site is for a 'closed' community and this would sort out a lot of issues!

  3. grallaj
    Member
    Posted 8 years ago #

    Anyone have a solution for this?

  4. Tom Lany
    Member
    Posted 8 years ago #

    I have a desire for this feature, too. I have been searching for a couple of weeks for a plugin that does registration moderation. I can't find anything that works. I found a plugin called AuthOnly at:
    http://redalt.com/wiki/Authonly+Plugin
    You can change the default user profile (when the user signs up) so that these new users don't have the ability to read the site. It didn't seem to work well for that purpose, though. It seems to be designed to create different administration roles, not as password protection. It's a good start, though.

  5. Tom Lany
    Member
    Posted 8 years ago #

    Could someone please forward this on to the Word Press developers, so that the idea will be considered when they put together the code for the next version of Word Press? I don't think that it is high priority, but it would be nice to see this feature added. I think many users would benifit.

  6. Tom Lany
    Member
    Posted 8 years ago #

    One other thnig that came to mind. Could the script for comment moderation be used for this?

  7. Kafkaesqui

    Posted 8 years ago #

    I'm thinking something like that in combination with this plugin:

    http://redalt.com/wiki/Role+Manager

    might do it. With the plugin one can set Registered to have no capabilities, though it may be better to create a new role with no caps and set that as the new user default role under Options > General. Then with at least "Comment author must have a previously approved comment" set, it should lock new users out of everything until you change their role.

  8. Tom Lany
    Member
    Posted 8 years ago #

    Kafkaesqui, I tried that on my blog. By the way, sorry that I forgot to post the link. I posted the Authority Plugin link, but not the Role Manager one.

    The problem seemed to lie in the authority plugin. The roll manager is real cool. You can change the default roll of a user so that they can't view the site by default. When I tried this with the AuthOnly plugin, an error message was displayed immediatly after login saying that they didn't have permission to view that page. The user was still allowed to wander throughout the site after they loged in, despite the original deturant. They could go to the index, for instance, which they wern't allowed to do prior to the login, because of the AuthOnly plugin. From there, they could go anywhere on the site. I have also tried this with another authorization plugin by Angsuman http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/.
    I didn't have luck using the two together, either. This plugin looks good, too.

    I think that we have some good starting places, but connecting the dots will be hard. Any ideas on how to do this? Possibly an updated code for a password protection utility of some sort?

  9. Tom Lany
    Member
    Posted 8 years ago #

  10. kwesitn
    Member
    Posted 8 years ago #

    So essentially there is no solution.

  11. Tom Lany
    Member
    Posted 8 years ago #

    Well, I think a solution can be reached, but to my knowledge, it hasn't been. I want a solution to be found, as my blog is provate and being able to allow new registrations, without letting the registrant on would be a powerful feature.

  12. kwesitn
    Member
    Posted 8 years ago #

    I found a solution that worked for me. Instead of having the email with the username and password be sent to the registrant, I tweaked it so that it comes to me. If I want to approve the user I then just forward the email on to the user. Here is a summary of what I changed:

    In wp-includes/pluggable-functions.php

    I changed this function on line 427 or so from this:

    wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_settings('blogname')), $message);

    To this:

    wp_mail('webmaster@mydomain', sprintf(__('[%s] Your username and password'), get_settings('blogname')), $message);

    So the user does not get their username and password without me sending it to them. This could probably be turned into a plugin pretty easily...and would do it when I have some time.

  13. Tom Lany
    Member
    Posted 8 years ago #

    Thanks kwestin, I think that this might work for me, too (temporarly). For a large number of sign-ups, registration moderation would still be best.

  14. kwesitn
    Member
    Posted 8 years ago #

    You will need to also edit the forgot password function as well, so that any password reset requests go through you as well.

  15. Tom Lany
    Member
    Posted 8 years ago #

    I am thinking about adding registration moderation as a feature request to Trac. Before I did so, I wanted to see if other people found it worthy of such.

  16. lunabyte
    Member
    Posted 8 years ago #

    This probably would be overkill for some people, but it is an alternative solution to the question in point. I guess it would depend on just how much you want this feature.

    http://wordpress.org/support/topic/67990

    By using this system combination, you can set the method of user registration that you want. This system takes over for the standard WP registration.

    You can either:
    - Allow immediate registration

    - Allow registration upon email verification
    (user must click a link to activate their account)

    - Approve each registration

    - Turn off registration all together

    You can always add a new member manually,
    regardless of the level of registration.

    Ok, so this plugin requires 2 more pieces of software (free), but it comes down to how much you want this feature.

    In addition it opens up a lot more as well.

    This system also comes with captcha (image verification) for the guestbook that comes with the portal.

    With this in mind, it's currently in early development for an additional mod for users using this combination where they can add the ability for the image verification to be used in the comments submission as well.

  17. Tom Lany
    Member
    Posted 8 years ago #

    Thank you SO much, lunabyte. I really want this feature, as my blog is private and I want to be able to allow for a registration area without a password being sent immediatly. Would there be a way to only get the registration piece?

    Thanks Again!!

  18. lunabyte
    Member
    Posted 8 years ago #

    No, there wouldn't be.

    Not that I mean I'm being mean or something.
    But there isn't a way to just pull out a piece of code from the system to use in another one, if that makes sense.

    But hey, you'd get some pretty new toys to play with along with it. :)

  19. Tom Lany
    Member
    Posted 8 years ago #

    Thanks for the reply lunabyte. I understand. After thinking about it seriously I understand the problems with cutting parts of the code apart. Maybe I will install your software when I get some time.

  20. lunabyte
    Member
    Posted 8 years ago #

    Well, nothing says you couldn't make a working replica of your current site, and then play around with it.

    I mean, it is kind of silly to recommend an entire additional software combination to add onto your site just for one little thing.

    However, knowing what else it can do in addition to just registration management, I know there will be something else that will make you go "Wow, I'm glad I tried this."

    Here's an example. Built into the site are error logs, that record all errors within the setup. Easy to access, you can filter results, and certain 'behavior issues' happen to produce very distinct messages.

    Got a problematic IP or user?

    Ban 'em with the click of a mouse, and entry of a little information.

    Ever wanted to add content to the WordPress sidebar, but don't feel like modifying a file?

    It's possible through the block system.

    I'm actually looking for some good feedback from a current WordPress user.

    I made the offer to another user, and I'll extend it to you as well.

    If you would really like to try it out, I'd be happy to personally assist you with it. If you can make a working copy of your site (using duplicate tables), I'll help you get it all installed, and get it themed to match your site.

    In fact, if you would prefer, I can help you theme it to where it looks like your site does right now. With some new, cool stuff of course.

    Only thing I'll ask for in return is your feedback on it.
    I get emails from our userbase, but feedback from a source that isn't familiar with it, and a fresh perspective is a goldmine for us. Let's us get a new angle on operation, use, etc.

    I took a screenshot (as I mentioned in the thread here that I referenced above) of an installation that has WordPress as it's focus. Grabbed a random wordpress theme (happened to be Senorita), and then added the setup I've referenced. I themed it to be a WordPress site, look like the WordPress theme, with some additional stuff.

    Screenshots available in our gallery at

    http://www.lunabyte.net/gallery

    If you'd like to take me up on my offer, register with our site, and send me a personal message through the site.

  21. One Crayon
    Member
    Posted 8 years ago #

    Here's another possible workaround, although not particularly elegant:

    Install the Category Access plugin, and set both the New Users and Anonymous Users sections to reveal only the public areas of the site. Then have a mechanism in place for people to request full access and you can just update that user's profile to display the disallowed categories. Downside, you still have to deal with each user individually. Upside, you can customize exactly what categories are visible versus invisible, or visible and locked, which is a step in the right direction, at least. The plugin:

    http://dev.wp-plugins.org/wiki/CategoryAccess

  22. Tom Lany
    Member
    Posted 7 years ago #

    Thanks, Beckism.

  23. Mediatricks
    Member
    Posted 7 years ago #

    I don't think this is 'plugin-able' but if you really want a workable solution on your blog that will ensure you have to approve each new registration before they get an email with a password (and one that doesn't mess up the Forgot Password feature) try the hack below. It's a ten step process - a few files to edit and works GREAT!!

    The Hack Is Here

    1. Users register and receive an email saying they are awaiting approval.

    2. Admin gets an email with a link to the user profile needing approval.

    3. Admin clicks 'Approve' and 'Send Welcome Email' boxes and updates the profile.

    4. User then gets welcome mail.

    Let me know if I forgot anything!

  24. Trent Adams
    Member
    Posted 7 years ago #

    Not sure if this will benefit anyone, but I have always thought that registration through WordPress was weak. I have a community that uses WordPress and phpBB so I always used the phpBB registration. In fact, I installed an 'Invitation Only' system that I can invite people or other members can invite them. This interfaces easily through phpBB. The login integration is simple by using the wphpbb-login plugin at:

    http://www.happypoet.com/hackery/

    It might be too much for most people having the forum as well, but registration options in phpBB are far greater than WordPress.

    Trent

  25. dmurphy
    Member
    Posted 7 years ago #

    MediaTricks- That is exactly what I am looking for. But I ran into a problem. I've double checked my code to make sure I did it right, and I'm pretty sure I did. The user e-mail address is losing it's first letter. ie: myemail@whatever.com becomes yemail@whatever.com. I looked around to make sure all my dashes are where they're supposed to be an not where they're not supposed to be according to your document, and still no joy.

    Specifically here's what happens:

    I register) username: testuser, email: myemail@whatever.com
    The next screen comes up and says "Pending approval.. blah blah, Email: yemail@whatever.com".
    Using phpMyAdmin, I investigate a little further. In the table the e-mail field for that user is ap-myemail@whatever.com.

    Then I click the link in the email to approve the user. Their e-mail shows up as ap-myemail@whatever.com . I click approve and send welcome email, and the email field changes to yemail@whatever.com

    I looked around the code in user-edit where explode() is called, but I can't find anything wrong.

    I'm running PHP5

    Any Ideas?

    Thanks

  26. dmurphy
    Member
    Posted 7 years ago #

    Well, I figured it out.

    The e-mail address started with a character that was in the authorization pending string. So ltrim() was trimming the first character off the e-mail address. Here's how I fixed it:

    First, in my wp-config.php, I added this line:

    define('AP_STRING', 'ENTER_UNIQUE_STRING_HERE');
    Because of another bug, it's very important that your unique string is very unique (more on this later). I went to grc.com/pass and grabbed about 8 digits worth of junk.

    In the wp-register.php file, change the line that the hack says to change to '$user_email="ap-$user_email";' to ' $user_email= AP_STRING . "-$user_email"; '

    Now, go through the hack instructions, and everywhere you find ' ltrim( $user_email, "ap-" ); ', change it to ' substr( $user_email, strlen(AP_STRING)+1); ' .

    That should do it... unless I forgot something in the instructions.

    There is still a flaw here. In the user-edit.php file, the second line that we added, ' $checkemailb=explode("-",$checkemail); '. Has a problem. If somebody's email address starts with your AP_STRING, then WP thinks they're still not authorized. You have to authorize them twice, which ends up messing up their email address.

    So for now, just come up with a long, very unique AP_STRING. Something like 's1n7Thy66'. I guess the long term solution would be to add the AP_STRING at the end of their email, since email@whatever.com-s1n7Thy66 isn't valid, nobody will have that email address.

    Let me know if I forgot anything.

  27. eleni2
    Member
    Posted 7 years ago #

    this feature seriously needs to be added in the next major version of WP.

  28. plan-r
    Member
    Posted 7 years ago #

    It works great. Thanks a lot Mediatricks!

  29. Raptor2000
    Member
    Posted 7 years ago #

    I agree, this feature should be added to the next version of WP.

  30. Tom Lany
    Member
    Posted 7 years ago #

    I agree, as well. I think that the solution from Mediatricks looks like the one I have been waiting for! How can we propose that this be added to the next version of WordPress? Do we submit it on Trac?

Topic Closed

This topic has been closed to new replies.

About this Topic