2.8.8 template integration improvements and 2.8.8 pre-logs

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: 2.8.8 template integration improvements and 2.8.8 pre-logs

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by axew3 » Sun Jul 07, 2024 5:29 pm

Ok! Thank you for the precise suggestion and the opportunity to fix a misunderstanding and another bug!

Code: Select all

if( current_user_can('create_users') === true OR $action == 'add_u_phpbb_after_login' ){ // an admin adding user

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by Ezrael » Sun Jul 07, 2024 3:02 pm

I tested all ways of registration on my page. I have different possibilities because user getting different WP groups depending which registration they use.

If I were you, I would simply add a new note to your installation manual at

Add users in phpBB only after first successful login in WordPress

Note: if the option below
is set to Yes, then the user won't be added into phpBB before first login (using the activation link or got confirmed by the admin)
(This option should be set to Yes if you just use the WP-Registration for your Website)

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by axew3 » Sun Jul 07, 2024 2:16 pm

So i have again put eyes into the complete flow of things when there is activation involved and front end plugins leave to choose the pass.
If a front end plugin, leave to choose the password on the registration form, and have a specific way (it is for each plugin different as easily arguable) to check the activation it is hard to cover all.

The code as is is perfect as more it is possible (but as you can see it is very hard for anybody, even me, to remember all possible implications when after some time you think on why you coded like it is).

except the first suggested line, that obviously need to be

Code: Select all

if( current_user_can('create_users') === true OR $action == 'add_u_phpbb_after_login' ){ // an admin adding user
in effect for what it concern the UM plugin all works as expected, the code is already there, if you choose to add users in phpBB ONLY after their first login in WP set to Yes and Activate user after login set to No:

Until the user is not confirmed, his login fail into WP and it is NOT added into phpBB. So cannot login anywhere.
It is exactly the expected result. But it is because UM has been considered with this code into the function wp_check_password

Code: Select all

///////////
// check that this user do not need to be added into phpBB, due to $w3all_add_into_phpBB_after_confirm

       if( $w3all_add_into_phpBB_after_confirm == 1 )
       {

      // this is for Ultimate Member plugin, but the logic can be the same for any other plugin
       if(defined( 'um_plugin' )){
          $umeta = get_user_meta($wpu->ID);
         if( isset($umeta['account_status'][0]) && $umeta['account_status'][0] != 'approved' ){
           return apply_filters( 'check_password', false, $password, $hash, $user_id );
          }
        }
Maybe hints on plugin options should be better explained about this aspect, so to make it easy to understand what you have to do and why.

Anyway, resuming, in the case of front-end plugins that leave to choose the pass in WP on registration, except UM that have been considered on code by quite long time as example, but i will not do the same for each other, because as said each will use different flows, and even all can be fixed inside the function wp_check_password easily, i will not do if not on request for specific cases and not for free, would be better to NOT let to login users in phpBB in those cases.

Let say that UM have a strange behavior reversing his flow: at the time the user is added, the user result to be active, and only after several other hooks, do not know how much more, his code flow set the user as waiting for email confirmation, not before, before result to be active, but it is too late to detect that it is after changed if not creating another hook that could be, again very easily, detect if the UM user is active or not (or any other plugin flow), when all the UM code has been executed, and setting the user as active or not in phpBB based on this.

[EDITED 2 times]

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by Ezrael » Sun Jul 07, 2024 10:25 am

Ultimate Member / User ROLES / Subscriber / Registration Options

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by axew3 » Sun Jul 07, 2024 10:13 am

Reasoning after into this problem, result clear that if a plugin let to choose the password, how it can be restricted the access of the user?
Where ultimate member have the setting that require to activate the account?
I cannot find it. So i cannot imagine how it could be managed the fact that an user when register since he know the pass.
Is there a setting i do not see into UM that require the user's activation?

p.s Found the setting that send the email, but not the one that set user's account email confirmation required... how it should be activated?

[EDITED]

Re: 2.8.8 template integration improvements and 2.8.8 pre-logs

by Ezrael » Sun Jul 07, 2024 9:26 am

But like I wrote:
What works perfect for me, is the old code with Add users in phpBB only after first successful login in WordPress - Yes

Because the user isn't able to login to phpbb and Wordpress an as soon as the user login to wp the user is full operational in phpbb as well.
If there is no issue in the code, you should you consider to change the description of Add users in phpBB only after first successful login in WordPress
Add users in phpBB only after first successful login in WordPress

Note: if the option below
- Deactivate phpBB user account until WP confirmation
is set to Yes, then the user will be added into phpBB after using the activation link or confirmation by the admin

Note: may activating this option, you'll have to allow user's logins as mandatory only into WordPress, or the user that try to login in phpBB, will fail until not created in phpBB due to an explicit and successful login into WordPress

This option affect/work both default WordPress and WP Multisite installations, where there are signups registrations processes, but also will work for any plugin that use signups processes for user's registration into front-end

Note that if some frontend plugin, after the user's account confirmation action, allow the user's autologin via some option, may the autologin after confirmation will fail and the user will have to login by the way

Top