Support » Plugins and Hacks » [Plugin: WP-Members] Changing some apects of the registration process

[Plugin: WP-Members] Changing some apects of the registration process

Viewing 6 replies - 1 through 6 (of 6 total)
  • I’m glad you like the plugin!

    I think I understand what you are asking for, but there are a few flaws in the logic.

    WP-Members runs off the WP users table, for which there is non-duplicatable primary key. Also, there is a process to prevent users from having duplicate user names AND email addresses.

    However, there is no way you would successfully completely prevent a situation like you are speaking of(such as johndoe@johndoe.com re-registering as johndoe2@johndoe.com) because there is no way to know the following:

    • The user’s primary key and username (if the user is not logged in, which they are not during registration, there is no way to know this)
    • We can already prevent a duplicate email from signup (such as johndoe@johndoe.com already has an account)

    But in the situation you are talking about, you have far too many variables to account for and therefore no way of doing “on-the-fly” prevention. For example, what about sallysmith1968@yahoo.com vs. sallysmith1967@yahoo.com. Here are two email addresses that could be related in the same way as the example you provided, yet they could be two completely different and unrelated people. Yet you have no way of knowing that.

    It is for this exact reason that the plugin has the capability of moderating registrations (i.e. requiring admin approval before the user account has access). I developed this workflow on a newsletter site of my own where I had the same concerns and we did have people trying to signup to circumvent the process (there was a free trial involved and people were signing for additional free trials with a derivative email address). Since there was no good way to prevent this dynamically, we instituted a process of verifying our registrations before they were activated. You can do this with the plugin by using the setting “Moderate registration” as checked. Then a new user will need to be approved by an admin prior to having access.

    Hi cbutlerjr

    Thanks for your quick reply, as always:-)

    The scenario you´ve spotted with the “Moderate registration” checked is a good alternative however It´s not so easy to be shure about a double registration, even if you try to verify the autenticity,do you agree?

    For instance the user John Smith, during his reg process #1 provides the correct required info (eg. street address,phone, city, district, zip, etc) but during the second reg process the same person provide fake info with another email. And so….how to investigate?

    BTW> when i said above “the personal ID number of the user” I mean for instance the driver license number (or any other official identification document) that´s really a unique number and maybe could be the password of that user.

    Waiting to hear from you.
    many thanks 🙂


    Hey cbutlejrwhere are you? 🙂 🙂

    Sorry for the delayed response – haven’t been around much today.

    With the clarification, I see what you are saying about personal ID number. Something like that would work, but you would still need to have some type of verification process (such as in your example of DL number, you’d need to be able to verify that it fits the user), otherwise what is to stop them from doing exactly the same thing as signing up with different emails? Also, depending on what type of information you require, you’d need to be VERY careful from a legal standpoint, specifically you’d need to at minimum transfer over SSL, encrypt the stored data, and have some type of security process for storing it. I’m not saying it can’t be done, but it’s a whole different level. The more simple you can keep it and still be within a reasonable verification process that suits your needs, the better off you’ll be.

    cbutlerjr – Is there a way to distribute a welcome email after a new user registers? I want to send users a confirmation email with all the info they entered. Thanks.


    You could – they do already get an email as part of the process, but it is very limited. Here’s a couple ideas:

    1. you could customize the email that goes out in wp-members-email.php. If you do, keep careful notes as you’ll need to update if you upgrade the plugin.

    2. you could add an additional function (stored in your theme’s functions.php file) that fires wp_mail(). This is probably the best solution. Then whatever you name that process, call the function at the point a new registration is successful (this is in wp-members-register.php – near the end of case “register” in wpmem_registration you’ll see where it fires wpmem_inc_regemail. Call your additional function in here. This is easier to update as opposed to changing wpmem_inc_regemail, since you just need to add a function call.

    3. you could do a combination of the above by writing your own custom wpmem_inc_regemail and replacing like in the above. Just make sure you get the user all the info they need (such as username/password) and it fires in the right place (as in, you want to make sure it’s fired after all the error checking and validation is done and the registration is successful).

    Hope that gives you some ideas.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: WP-Members] Changing some apects of the registration process’ is closed to new replies.
Skip to toolbar