Skip to:
Content
Pages
Categories
Search
Top
Bottom

Registration notification email not sent & captchas — BP 1.2 beta / WP 2.9.1

  • Avatar of snark
    snark
    Participant

    @snark

    I just created a fresh install of both WP 2.91 and BP 1.2 beta on a testing/development subdomain. Everything seems to be working, with no error messages, but…I’ve encountered three problems:

    1) When I register a new user, admin receives an email notifier, but the user never receives one. The username & password that are given at registration for the new user work, and the user can login, but they never get an email notice like they should.

    2) After a new user is registered, they have a choice of uploading an avatar before login. If they do upload an avatar, and crop it if they want, the new avatar is loaded on the page and everything seems fine. But once they login, the new avatar is gone and the default avatar is there, so they have to repeat the process. Either this should be fixed, or the option to upload an avatar before logging in should be removed.

    3) Wishing to add security to the registration process, I installed the WP-reCAPTCHA plugin for WP. Plugin was installed fine and configured correctly, with proper keys and the box selected to “Enable reCAPTCHA on registration form.” Everything appears fine, with no error messages, but the reCAPTCHA does not show up on the registration form.

    My setup:

    1. Version: WP 2.9.1 & BP 1.2 beta (for WP/MU )

    2. Installed on subdomain

    3. Installed in root of subdomain

    4. Fresh install, not an upgrade

    Thanks.

Viewing 16 replies - 1 through 16 (of 16 total)
  • Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    1) By default, an email isn’t sent to the user because the user password is sent via plain text (not a good thing security-wise).

    You can re-enable this welcome email by adding the following code to /wp-content/plugins/bp-custom.php (create this file if you don’t have one – be sure to add PHP open and closing tags as well):

    remove_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

    2) Please post the avatar bug on BuddyPress Trac:

    http://trac.buddypress.org/newticket

    Login with the same credentials you use on buddypress.org.

    3) WP-reCAPTCHA is not compatible with BuddyPress.

    BuddyPress uses a different registration mechanism.

    You might want to try one of these solutions listed here:

    http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

    Avatar of snark
    snark
    Participant

    @snark

    Re: 1) I tried this and it didn’t work (no error, but didn’t fix the problem). What directory exactly should the bp-custom.php file be put in? I tried it in two places —

    /wp-content/plugins/bp-custom.php (where you said to put it, though that seems odd)

    and

    /wp-content/plugins/buddypress/bp-custom.php

    – and neither worked.

    Re: 2&3) Will do. Thanks.

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    Re #1:

    Sorry I forget that you need to hook the filter to an action.

    Try this:

    function snark_reenable_welcome_email() {
    remove_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );
    }
    add_action('init', 'snark_reenable_welcome_email');

    The file is /wp-content/plugins/bp-custom.php

    Avatar of snark
    snark
    Participant

    @snark

    Still not working. I did find the filter itself in the file /plugins/buddypress/bp-core/bp-core-activation.php:

    add_filter( ‘wpmu_welcome_user_notification’, ‘bp_core_disable_welcome_email’ );

    I suppose I could just delete that line to remove the filter, but then every time BP is updated it’ll probably get overwritten and I’ll forget all about it. Not sure why your filter hook didn’t work. Any ideas?

    Thanks a million for your help — I really appreciate it.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    1) By default, an email isn’t sent to the user because the user password is sent via plain text (not a good thing security-wise).

    That makes absolutely no sense. If you use the forgot password feature, the password is sent via plain text as well. Why is that OK and sending a password upon registration not?

    Most big sites, Facebook, LinkedIn, newspapers, have no problem sending passwords via plain text. Online security is always a balance between security and convenience.

    Buddypress is a social network. It’s not a banking website. If you start using credit card payments or paid membership, those scripts usually come with the own security.

    Who is going to steal a password to someone’s account on a blog network? Has that ever happened? What would they do with it?

    Just my 2 cents. Flame away…

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    Here’s the rationale behind disabling the welcome email as quoted in bp-core-activation.php:

    * Since the user now chooses their password, sending it over clear-text to an email address is no longer necessary. It’s also a terrible idea security wise.

    I’m going to sway a little to Peter’s side and say that BP should leave this option to the site admins. I actually think there should be more options for the administrator on a fresh install.

    Avatar of snark
    snark
    Participant

    @snark

    I agree. So any new ideas on how to get that filter-killer function to work? Thanks.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    @snark, I simply removed the function bp_core_disable_welcome_email() from bp_core_activation.php. But then the password in the welcome email is wrong, as discussed here. Haven’t been able to come up with an explanation/solution for that… :-(

    Avatar of Mike Pratt
    Mike Pratt
    Participant

    @mikepratt

    @snark You forgot to mention the Activation email. Is your new user not receiving one? I just did a test registration and immediately received an email. While I agree with @Peter that plain text isn’t so bad but I also think it’s not so necessary to send the password the person literally just chose. The always have the Forgot Password link if they forgo it seconds after the fact. No real need as I see it to add a filter.

    Avatar of Andy Peatling
    Andy Peatling
    Keymaster

    @apeatling

    If you reset your password it doesn’t send you a new password, you log into the site with a link to reset it.

    Avatar of Mike Pratt
    Mike Pratt
    Participant

    @mikepratt

    @snark didn’t realize you are single user WP so no activation email

    Avatar of snark
    snark
    Participant

    @snark

    Yes, I am running BP 1.2 beta with single-user WP, not WPMU, and it’s a fresh install of both. It’s not a huge issue, I just think philosophically that after a user signs up for a service, they should receive a confirmation email that includes a link to the site, along with their username and password, even if they chose them themselves. This, after all, is what happens with BP in WPMU, although the latter does include the activation link which I assume has been deemed to be unnecessary in the single-user WP version.

    I know from experience that users forget their logins over time, and while they can use the “forgot” link on the site, I think having an initial registration acknowledgment saved in email would be beneficial for some users. Also, it gives the site publisher an opportunity to send a greeting message to each new subscriber.

    So…any thoughts on how to make this work for me, or whether it will be fixed in the next version of BP? Thanks.

    Avatar of Mike Pratt
    Mike Pratt
    Participant

    @mikepratt

    keep in mind, it’s not “broken”. We are debating the merits of one way versus the other. There is not an email as you suggest in BP/WPMU just Activation. most sites that I join these days do not send their passowrds on signup, usually activation emails. You could always write a plugin that sends the password.

    Avatar of snark
    snark
    Participant

    @snark

    All right, I’m ok with it.

    Avatar of helloari
    helloari
    Participant

    @helloari

    when users sign up on my bp 1.1 site (wpmu 2.9) and they enter a username with a space in it like “joe smith” then the register page doesn’t give them an error and yet it automatically removes that space. the user then gets an automated email with an authentication link but that email doesn’t tell the user what their username is.

    If the user selects ‘forgot password’ then the reset email that arrives does have the username.

    so my suggestion is to simply return an error if a space is selected.

    i tried making a ‘custom.php’ as described above but it made my site disappear, i would love the option of email username and password to a user – i agree that in low security sites it’s better to keep it simple

    Avatar of overhaulmedia
    overhaulmedia
    Participant

    @overhaulmedia

    So is there a way to get the “welcome” or confirmation emails working WITHOUT WPMU?

    I have an install running BP Version 1.2-rare & WP2.9.1

Viewing 16 replies - 1 through 16 (of 16 total)

You must be logged in to reply to this topic.