by axew3 » Sun Jul 07, 2024 2:16 pm
So i have again put eyes into the complete flow of things when there is activation involved and front end plugins leave to choose the pass.
If a front end plugin, leave to choose the password on the registration form, and have a specific way (it is for each plugin different as easily arguable) to check the activation it is hard to cover all.
The code as is is perfect as more it is possible (but as you can see it is very hard for anybody, even me, to remember all possible implications when after some time you think on why you coded like it is).
except the first suggested line, that obviously need to be
Code: Select all
if( current_user_can('create_users') === true OR $action == 'add_u_phpbb_after_login' ){ // an admin adding user
in effect for what it concern the UM plugin all works as expected, the code is already there, if you choose to
add users in phpBB ONLY after their first login in WP set to Yes and
Activate user after login set to No:
Until the user is not confirmed, his login fail into WP and it is NOT added into phpBB. So cannot login anywhere.
It is exactly the expected result. But it is because UM has been considered with this code into the
function wp_check_password
Code: Select all
///////////
// check that this user do not need to be added into phpBB, due to $w3all_add_into_phpBB_after_confirm
if( $w3all_add_into_phpBB_after_confirm == 1 )
{
// this is for Ultimate Member plugin, but the logic can be the same for any other plugin
if(defined( 'um_plugin' )){
$umeta = get_user_meta($wpu->ID);
if( isset($umeta['account_status'][0]) && $umeta['account_status'][0] != 'approved' ){
return apply_filters( 'check_password', false, $password, $hash, $user_id );
}
}
Maybe hints on plugin options should be better explained about this aspect, so to make it easy to understand what you have to do and why.
Anyway, resuming, in the case of front-end plugins that leave to choose the pass in WP on registration, except UM that have been considered on code by quite long time as example, but i will not do the same for each other, because as said each will use different flows, and even all can be fixed inside the function wp_check_password easily, i will not do if not on request for specific cases and not for free, would be better to NOT let to login users in phpBB in those cases.
Let say that UM have a strange behavior reversing his flow: at the time the user is added, the user result to be active, and only after several other hooks, do not know how much more, his code flow set the user as waiting for email confirmation, not before, before result to be active, but it is too late to detect that it is after changed if not creating another hook that could be, again very easily, detect if the UM user is active or not (or any other plugin flow), when all the UM code has been executed, and setting the user as active or not in phpBB based on this.
[EDITED 2 times]
So i have again put eyes into the complete flow of things when there is activation involved and front end plugins leave to choose the pass.
If a front end plugin, leave to choose the password on the registration form, and have a specific way (it is for each plugin different as easily arguable) to check the activation it is hard to cover all.
The code as is is perfect as more it is possible (but as you can see it is very hard for anybody, even me, to remember all possible implications when after some time you think on why you coded like it is).
except the first suggested line, that obviously need to be
[code]if( current_user_can('create_users') === true OR $action == 'add_u_phpbb_after_login' ){ // an admin adding user[/code]
in effect for what it concern the UM plugin all works as expected, the code is already there, if you choose to [b]add users in phpBB ONLY after their first login in WP[/b] set to Yes and [b]Activate user after login set to No[/b]:
Until the user is not confirmed, his login fail into WP and it is NOT added into phpBB. So cannot login anywhere.
It is exactly the expected result. But it is because UM has been considered with this code into the [b]function wp_check_password[/b]
[code]
///////////
// check that this user do not need to be added into phpBB, due to $w3all_add_into_phpBB_after_confirm
if( $w3all_add_into_phpBB_after_confirm == 1 )
{
// this is for Ultimate Member plugin, but the logic can be the same for any other plugin
if(defined( 'um_plugin' )){
$umeta = get_user_meta($wpu->ID);
if( isset($umeta['account_status'][0]) && $umeta['account_status'][0] != 'approved' ){
return apply_filters( 'check_password', false, $password, $hash, $user_id );
}
}[/code]
[b]Maybe hints on plugin options should be better explained about this aspect, so to make it easy to understand what you have to do and why.[/b]
Anyway, resuming, in the case of front-end plugins that leave to choose the pass in WP on registration, except UM that have been considered on code by quite long time as example, but i will not do the same for each other, because as said each will use different flows, and even all can be fixed inside the function wp_check_password easily, i will not do if not on request for specific cases and not for free, would be better to NOT let to login users in phpBB in those cases.
Let say that UM have a strange behavior reversing his flow: at the time the user is added, the user result to be active, and only after several other hooks, do not know how much more, his code flow set the user as waiting for email confirmation, not before, before result to be active, but it is too late to detect that it is after changed if not creating another hook that could be, again very easily, detect if the UM user is active or not (or any other plugin flow), when all the UM code has been executed, and setting the user as active or not in phpBB based on this.
[EDITED 2 times]