BuddyPress.org

Well, that was embarrassing.. 😀 Sorry for my stupidity.
I was searching on forums by “Disable name change” “Hide Name in registration” etc. Most answers I found were outdated, that’s why I registered to ask.

Follow-up:

7th:

Capability Manager Enhanced to define custom user roles, if you’re not satisfied with the default wordpress roles (subscriber, contributor,…).
The first step is to create your user roles

https://buddypress.org/support/topic/resolved-different-profile-types-and-different-user-roles/

As ready implied there: I did this – and it works so far.

8th:

Create a xprofile field (selectbox) with the title “User Role” and name the options “Band Role” and “Fan Role” – in my case. You can call them whatever you want. Place this field in the “base” profile group, otherwise it won’t be shown during registration. Also make the field “required”. In my case the user can’t decide, if the visibility of the field can be changed.

I did it already, when I installed and activated ‘BP Profile Search’-plugin – and it works.

However, to choosed a dropdown menu and the categories ‘team’ and ‘fan’.

9th:

I modified:

?php
function custom_bp_core_signup_user($user_id) {
    $user_role = strtolower(xprofile_get_field_data('User Role', $user_id));
    switch($user_role) {
        case "Band Role":
            $new_role = 'band';
            break;
        case "Fan Role":
            $new_role = 'fan';
            break;
    }
    wp_update_user(array(
        'ID' => $user_id,
        'role' => $new_role
    ));
}
add_action( 'bp_core_signup_user', 'custom_bp_core_signup_user', 10, 1);

into:

function custom_bp_core_signup_user($user_id) {
    $user_role = strtolower(xprofile_get_field_data('Mitglieder-Kategorie (Team oder Fan?)', $user_id));
    switch($user_role) {
        case "Team":
            $new_role = team';
            break;
        case "Fan":
            $new_role = 'fan';
            break;
    }
    wp_update_user(array(
        'ID' => $user_id,
        'role' => $new_role
    ));
}
add_action( 'bp_core_signup_user', 'custom_bp_core_signup_user', 10, 1);

(I omitted <?php, because I created not a new bp-costum.php, rather inserted the code into my yet existing bp-costum.php. I inserted the modified code above the line ?>.)

I did not understand, which effect this insertion should have – but, however, – as far as I see – it causes no harm.

Did anyone understood, for which purpose the above mentioned code is?

10th:

I inserted as well:

//hide the user role select field in edit-screen to prevent changes after registration
add_filter("xprofile_group_fields","bpdev_filter_profile_fields_by_usertype",10,2);
function bpdev_filter_profile_fields_by_usertype($fields,$group_id){

//only disable these fields on edit page
if(!bp_is_profile_edit())
return $fields;
//please change it with the name of fields you don't want to allow editing
$field_to_remove=array("User Role");
$count=count($fields);
$flds=array();
for($i=0;$i<$count;$i++){
if(in_array($fields[$i]->name,$field_to_remove))
unset($fields[$i]);
else
$flds[]=$fields[$i];//doh, I did not remember a way to reset the index, so creating a new array
}
return $flds;
}

into my bp-costum.php – again above the line ?>.

It does not work:

— threre the user role is still changeable:

http://kampfsportlerinnenneuwied.1a-spielwiese.de/wp-content/uploads/sites/2/2014/09/user_role_still_changeble.jpg

— http://1a-spielwiese.de/members/kampfsportlerinnenneuwied/profile/edit/group/1 causes an redirection error. – The redirection error disappears, when I’m not logged in as kampfsportlerinnenneuwied, rather as superadmin.

Hi

Thank you for all the responses.

Well, the issue of spam registrations & comments with the above mentioned plugins in addition to SI CAPTCHA Anti-Spam, Wordfence Security (?), etc had worked for months & was manageable, occasionally getting something in sometimes after weeks. I also blocked all IPs of spammers who would tried to login, etc.

A few days ago, though I started getting a barrage of bot-registrations + groups with bogus content created. New registrations would come in as soon as I deleted some.

Since it was late in the night in the middle of a very busy period, I thought someone probably getting similar issues could mention some quick solution I could find the following day.

It was not my first time in the forum. Some of the above solutions were found through searching the forum, which i agree should be the first step.

So far – in addition to the above plugins I first added JP User Registration Blacklist, WP-SpamShield and also reluctantly disabled user group creation. (Is there a plugin that enables moderation of user created groups, allowing the moderator to approve user created groups?)

That stopped the group creation, but spam registrations continued coming. So like recommended above, installed Wanguard, though this being a small site which currently gets in very little income, it is not yet worth paying for it. I hope the free wanguard account can work for a while.
That since yesterday only let in one or 2 registrations by some criminals, this being one of them – details shown by some plugin:

Benutzername: clairmcconnan

E-Mail: synfhongegizi@mail.ru

Angezeigter Name: Claire McConnan

Vorname: Claire

Nachname: McConnan
….
IP Address : 107.181.70.207
Reverse DNS : 107.181.70.207
Reverse DNS IP : 107.181.70.207
Reverse DNS Authenticity : [Possibly Forged]
Proxy Info : No Proxy
Proxy Data : 107.181.70.207
Proxy Status : FALSE
HTTP_ACCEPT_LANGUAGE : en

Names & emails suggest they mostly originate from Russia.

danbp suggested using .htaccess to block Ru-based submissions. I will look into BUT – on an unrelated Drupal-based site, I ever had a much more serious attack, with as many 25,000 attempted login/post attempts a day(!), which were blocked by the Drupal mollom plugin BUT that constantly filled some DB table, probably logging visits/attempts, to several 100MBs a day, causing me problems with the webhost. Source of attacks was Russia, ukraine, China & Poland.

The only solution that worked was adding literally several 10,000 lines of complete IP(blocks(?)s from those countries I got from some site to the .htaccess that blocked them out. Only that helped.

Later on, though – months on, the web host removed that .htaccess file, because my site account was supposedly overusing server resources. I am not sure that had anything to do with the IP address lines in the .htaccess file, but the good thing is that a similar attack has not happened again.

An .htaccess solution that only involves naming a country ( … ^(.*).ru/(.*) …) & not its thousands of IPs would of course be great & preferable, but I will do a search & see. My site does not need a single Russian & so can do without the country.

Ultimately, for the time being – what I would need is a functioning free solution until the currently small site can pay for itself, later on. This particular site had not had anything similar in over a year, assuming Wanguard cannot be used …

Anyway, thank you all.

Sorry, not all is well.

I edit in my custom “register.php” , but I can’t see anything. This is the code of my register custom page:

<?php 
global $bp;
if(empty($bp->signup->step))
$bp->signup->step=’request-details’;
?>

		<form action="” name=”signup_form” id=”signup_form” class=”standard-form” method=”post” enctype=”multipart/form-data”>

		<?php if ( 'registration-disabled' == bp_get_current_signup_step() ) : ?>
			<?php do_action( 'template_notices' ); ?>
			<?php do_action( 'bp_before_registration_disabled' ); ?>

				<p><?php _e( 'User registration is currently not allowed.', 'buddypress' ); ?></p>

			<?php do_action( 'bp_after_registration_disabled' ); ?>
		<?php endif; // registration-disabled signup setp ?>

		<?php if ( 'request-details' == bp_get_current_signup_step() ) : ?>

			<?php do_action( 'template_notices' ); ?>

			<p><?php _e( 'Registering for this site is easy. Just fill in the fields below, and we\'ll get a new account set up for you in no time.', 'buddypress' ); ?></p>

			<?php do_action( 'bp_before_account_details_fields' ); ?>

			<div class="register-section" id="basic-details-section">

				<?php /***** Basic Account Details ******/ ?>

				<h4><?php _e( 'PRUEBA', 'buddypress' ); ?></h4>

				<label for="signup_username"><?php _e( 'Username', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
				<?php do_action( 'bp_signup_username_errors' ); ?>
				<input type="text" name="signup_username" id="signup_username" value="<?php bp_signup_username_value(); ?>" />

				<label for="signup_email"><?php _e( 'Email Address', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
				<?php do_action( 'bp_signup_email_errors' ); ?>
				<input type="text" name="signup_email" id="signup_email" value="<?php bp_signup_email_value(); ?>" />

				<label for="signup_password"><?php _e( 'Choose a Password', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
				<?php do_action( 'bp_signup_password_errors' ); ?>
				<input type="password" name="signup_password" id="signup_password" value="" />

				<label for="signup_password_confirm"><?php _e( 'Confirm Password', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
				<?php do_action( 'bp_signup_password_confirm_errors' ); ?>
				<input type="password" name="signup_password_confirm" id="signup_password_confirm" value="" />

				<?php do_action( 'bp_account_details_fields' ); ?>

			</div><!-- #basic-details-section -->

			<?php do_action( 'bp_after_account_details_fields' ); ?>

			<?php /***** Extra Profile Details ******/ ?>

			<?php if ( bp_is_active( 'xprofile' ) ) : ?>

				<?php do_action( 'bp_before_signup_profile_fields' ); ?>

				<div class="register-section" id="profile-details-section">

					<h4><?php _e( 'Profile Details', 'buddypress' ); ?></h4>

					<?php /* Use the profile field loop to render input fields for the 'base' profile field group */ ?>
					<?php if ( bp_is_active( 'xprofile' ) ) : if ( bp_has_profile( array( 'profile_group_id' => 1, 'fetch_field_data' => false ) ) ) : while ( bp_profile_groups() ) : bp_the_profile_group(); ?>

					<?php while ( bp_profile_fields() ) : bp_the_profile_field(); ?>

						<div class="editfield">

							<?php
							$field_type = bp_xprofile_create_field_type( bp_get_the_profile_field_type() );
							$field_type->edit_field_html();

							do_action( 'bp_custom_profile_edit_fields_pre_visibility' );

							if ( bp_current_user_can( 'bp_xprofile_change_field_visibility' ) ) : ?>
								<p class="field-visibility-settings-toggle" id="field-visibility-settings-toggle-<?php bp_the_profile_field_id() ?>">
									<?php printf( __( 'This field can be seen by: <span class="current-visibility-level">%s</span>', 'buddypress' ), bp_get_the_profile_field_visibility_level_label() ) ?> <a href="#" class="visibility-toggle-link"><?php _ex( 'Change', 'Change profile field visibility level', 'buddypress' ); ?></a>
								</p>

								<div class="field-visibility-settings" id="field-visibility-settings-<?php bp_the_profile_field_id() ?>">
									<fieldset>
										<legend><?php _e( 'Who can see this field?', 'buddypress' ) ?></legend>

										<?php bp_profile_visibility_radio_buttons() ?>

									</fieldset>
									<a class="field-visibility-settings-close" href="#"><?php _e( 'Close', 'buddypress' ) ?></a>

								</div>
							<?php else : ?>
								<p class="field-visibility-settings-notoggle" id="field-visibility-settings-toggle-<?php bp_the_profile_field_id() ?>">
									<?php printf( __( 'This field can be seen by: <span class="current-visibility-level">%s</span>', 'buddypress' ), bp_get_the_profile_field_visibility_level_label() ) ?>
								</p>
							<?php endif ?>

							<?php do_action( 'bp_custom_profile_edit_fields' ); ?>

							<p class="description"><?php bp_the_profile_field_description(); ?></p>

						</div>

					<?php endwhile; ?>

					<input type="hidden" name="signup_profile_field_ids" id="signup_profile_field_ids" value="<?php bp_the_profile_group_field_ids(); ?>" />

					<?php endwhile; endif; endif; ?>

					<?php do_action( 'bp_signup_profile_fields' ); ?>

				</div><!-- #profile-details-section -->

				<?php do_action( 'bp_after_signup_profile_fields' ); ?>

			<?php endif; ?>

			<?php if ( bp_get_blog_signup_allowed() ) : ?>

				<?php do_action( 'bp_before_blog_details_fields' ); ?>

				<?php /***** Blog Creation Details ******/ ?>

				<div class="register-section" id="blog-details-section">

					<h4><?php _e( 'Blog Details', 'buddypress' ); ?></h4>

					<p><input type="checkbox" name="signup_with_blog" id="signup_with_blog" value="1"<?php if ( (int) bp_get_signup_with_blog_value() ) : ?> checked="checked"<?php endif; ?> /> <?php _e( 'Yes, I\'d like to create a new site', 'buddypress' ); ?></p>

					<div id="blog-details"<?php if ( (int) bp_get_signup_with_blog_value() ) : ?>class="show"<?php endif; ?>>

						<label for="signup_blog_url"><?php _e( 'Blog URL', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
						<?php do_action( 'bp_signup_blog_url_errors' ); ?>

						<?php if ( is_subdomain_install() ) : ?>
							http:// <input type="text" name="signup_blog_url" id="signup_blog_url" value="<?php bp_signup_blog_url_value(); ?>" /> .<?php bp_blogs_subdomain_base(); ?>
						<?php else : ?>
							<?php echo home_url( '/' ); ?> <input type="text" name="signup_blog_url" id="signup_blog_url" value="<?php bp_signup_blog_url_value(); ?>" />
						<?php endif; ?>

						<label for="signup_blog_title"><?php _e( 'Site Title', 'buddypress' ); ?> <?php _e( '(required)', 'buddypress' ); ?></label>
						<?php do_action( 'bp_signup_blog_title_errors' ); ?>
						<input type="text" name="signup_blog_title" id="signup_blog_title" value="<?php bp_signup_blog_title_value(); ?>" />

						<span class="label"><?php _e( 'I would like my site to appear in search engines, and in public listings around this network.', 'buddypress' ); ?>:</span>
						<?php do_action( 'bp_signup_blog_privacy_errors' ); ?>

						<label><input type="radio" name="signup_blog_privacy" id="signup_blog_privacy_public" value="public"<?php if ( 'public' == bp_get_signup_blog_privacy_value() || !bp_get_signup_blog_privacy_value() ) : ?> checked="checked"<?php endif; ?> /> <?php _e( 'Yes', 'buddypress' ); ?></label>
						<label><input type="radio" name="signup_blog_privacy" id="signup_blog_privacy_private" value="private"<?php if ( 'private' == bp_get_signup_blog_privacy_value() ) : ?> checked="checked"<?php endif; ?> /> <?php _e( 'No', 'buddypress' ); ?></label>

						<?php do_action( 'bp_blog_details_fields' ); ?>

					</div>

				</div><!-- #blog-details-section -->

				<?php do_action( 'bp_after_blog_details_fields' ); ?>

			<?php endif; ?>

			<?php do_action( 'bp_before_registration_submit_buttons' ); ?>

			<div class="submit">
				<input type="submit" name="signup_submit" id="signup_submit" value="<?php esc_attr_e( 'Complete Sign Up', 'buddypress' ); ?>" />
			</div>

			<?php do_action( 'bp_after_registration_submit_buttons' ); ?>

			<?php wp_nonce_field( 'bp_new_signup' ); ?>

		<?php endif; // request-details signup step ?>

		<?php if ( 'completed-confirmation' == bp_get_current_signup_step() ) : ?>

			<?php do_action( 'template_notices' ); ?>
			<?php do_action( 'bp_before_registration_confirmed' ); ?>

			<?php if ( bp_registration_needs_activation() ) : ?>
				<p><?php _e( 'You have successfully created your account! To begin using this site you will need to activate your account via the email we have just sent to your address.', 'buddypress' ); ?></p>
			<?php else : ?>
				<p><?php _e( 'You have successfully created your account! Please log in using the username and password you have just created.', 'buddypress' ); ?></p>
			<?php endif; ?>

			<?php do_action( 'bp_after_registration_confirmed' ); ?>

		<?php endif; // completed-confirmation signup step ?>

		<?php do_action( 'bp_custom_signup_steps' ); ?>

		</form>

	</div>

	<?php do_action( 'bp_after_register_page' ); ?>

</div><!-- #buddypress -->

So my final analysis is that something about buddypress activation emails being sent by spam registration that is causing third party email companies like gmail, hotmail, yahoo to blacklist my domain which in term causes bluehost to block my account from sending email.

What is different between buddypress activation emails and standard wordpress activation emails? Can I disable this change so that the default wordpress activation emails are used?

Thanks @godavid33.

I’d like to fix this without having to resort to a custom sql query.

BuddyPress is designed to do this (sort alphabetically by display name rather than username) correctly.

In the relevant code, it checks to see if WordPress-BuddyPress profile syncing is enabled. If it is, it runs the query against the wp_users table rather than the wp_bp_xprofile_data table, because “the table is smaller and better indexed”. If syncing is disabled then it runs the query against the xprofile display_name field instead.

I have fixed the problem by turning off syncing so that it uses the xprofile display name, so my question is, what does profile syncing do exactly and when/how does it do it?

I presume it overwrites nicename in wp_users with the display_name from xprofile (anything else?), but in my case it is not doing so, it appears broken.

If I could identify the when/how then I’d be able to see if it is something I’ve broken or omitted in, for example, my custom registration page.

Sorry to post again. The problem seems to be a conflict between the new “Manage Signups” function and another plugin. I thought maybe bbPress, but it could also be “Confirm User Registration” by Ralph Hortt: http://www.horttcore.de/

Right now I cannot get any of 167 users out of Manage Signups. If I Activate someone, they remain there afterward.

I deactivated “Confirm User Registration” and now plugins are all out of whack. I can’t even view the Plugins page. I need to disable all of them and start over…

Here is now another phenomenon happening:

1. New user clicks on the account activation email link
2. The activation page displays error: “Invalid Activation Key”
3. User can still login using the username and password selected during account registration

Q: So what is going on here? Does it mean that the account activation email was never needed in the first place?
Or
Does it mean that somehow the account is activated even though the the page displays the error “Invalid Activation Key”?

So how do I fix this issue? Is it possible to disable the activation email?
Is it possible to chnage the “Invalid Activation Key” message to something like the following:
—————————————————————————————-
Now you can login using the username and password you selected during account creation.
—————————————————————————————-

Thank you!

Hi @boonebgorges,

Thanks for taking an interest. I went ahead and disabled all plugins and enabled Twenty Fourteen to test this out. My sites are hosted by WP Engine and they force some custom code via MU plugins (so, I couldn’t disable that). I also have some redirects set up to force registration on a custom form (via Gravity Forms). I would rather not change this in case I forget how it was set up.

So, I wasn’t able to work out if new registrations were appearing. However I did test all of these:

New Friendships (although an email was sent to the user whose friendship was requested)

Blog Posts

Blog Comments

Replies to bbpress topics

New bbpress topics

New groups

None of them showed up in the activity except the new group (which did). Which is weird.

Problem solved.

Anleitung:

Im Ordner /wp-content/plugins/ die Datei bp-custom.php anlegen.

Die bp-custom.php Datei öffnen und folgendes einfügen:

<?php
/**
* Disables BuddyPress' registration process and fallsback to WordPress' one.
*/
function my_disable_bp_registration() {
remove_action( 'bp_init', 'bp_core_wpsignup_redirect' );
remove_action( 'bp_screens', 'bp_core_screen_signup' );
}
add_action( 'bp_loaded', 'my_disable_bp_registration' );

  add_filter( 'bp_get_signup_page', "firmasite_redirect_bp_signup_page");
    function firmasite_redirect_bp_signup_page($page ){
        return bp_get_root_domain() . '/wp-signup.php'; 
    }
?>

Datei speichern. Fertig!

OOPS… My last post was INCORRECT (there doesn’t seem to be a way to delete posts). I thought it was working to use a required xProfile field, but it just took longer to get going. The spam registrations started up again and I had to disable registrations.

SO, I’m still looking for help on how to diagnose the problem, or a work around for fixing it.

Can I re-install BuddyPress and/or bbPress without losing my settings?

Thanks, Rick.

Thanks shanebp for sticking with me.

You missed the post where I explained the problem when registrations continued even when I disabled them (about 3 posts up from this one). Basically, there were thousands of pending registrations (i.e. with unconfirmed emails) that were slowly being completed by the malicious registration process. I did not want to simply delete them directly from the data base since that always carries some risk if you don’t use the API’s. I found plugin “unconfirmed” which enable me to view and delete them. Once deleted, the registrations stopped.

Also, thanks for your idea about the keys and salts. I don’t think that’s a problem since I have deleted all of the automated users AND all of the pending registrations. All of the automated registrations will have to be done again. Unless there is a reason I haven’t thought of, I’d rather not inconvenience my valid users.

Thanks again, Rick.

OK, here’s a followup on my trying to find the source of the automated registrations.

— I disabled bbPress on the network plugins page.
— I renamed the following directories:
wp-content/plugins/bbpress
wp-content/plugins/buddypress/bp-forums
wp-content/plugins/gd-bbpress-attachments
— enable registrations from the network admin settings

And… the automatic registrations CONTINUE.

— disable registrations (network admin) and the automatic reg stops

SO, it’s beginning to look like it is not bbPress. PLEASE ADVISE:

• Do you agree? Or is there some other possibility that will implicate bbPress?
• What other possibilities are there for by-passing registration protocols?

Here’s a followup on my progress in stopping the automated registrations. It turns out that my side issue (see my first post) was very important. I found a plugin called “unconfirmed” that gives you limited access to the user records with unconfirmed emails, including the ability to delete them. I had 7100 unconfirmed registrations. The plugin is not fully implemented, so I had to delete them about 20 at a time. (I figured I was not likely to find anything better, so I bit the bullet and deleted 300 groups of records.) Once deleted, the registrations stopped.

So here’s the analysis: there were thousands of pending registrations. For whatever reason, the automaton that started the registration process either could not respond to the email, or was designed to respond to the emails slowly.

So, now I have some time to diagnose the solution to the problem without the fear of my data base being flooded with crap.

Next I’ll try to disable bbPress to see if it’s the problem, but I really don’t want to delete it as I already have several forums configured. I’ll see if I can disable it without deleting it and then turn registrations back on at the network admin level to see if they start up again.

Follow up comments:

I am using the theme Prose (child of Genesis) from Studio Press if that matters.

I would be willing, as a stop-gap measure to manually register people, but the spam registrations are bypassing the “registration is disabled” setting.

Rick.

Hi @modemlooper. Thanks for your reply. Yip. I created it in the backend but it doesn’t show up on the registration page. I also disabled all buddypress related plugins and then buddypress and deleted and re-installed but the settings remained.