BuddyPress.org

If you think you’ve found a security issue it really should be reported privately to a core dev.

I don’t think this is an issue, looking at upload avatar functions, but perhaps could use some hardening. Open a ticket.

When I requested membership, it asked me to add a comment, rather than just returning the button disabled with “request sent”. … I also tried bp-default but that made no difference either.

@becskr per link I posted above, that’s the default behavior when membership request is done at the group’s page. And commenting is optional. Could it be that you’re missing the “Send Request” button. Glad you found another solution but it could very well be a JS conflict with another plugin or script.

Well activity is already protected by akismet integration. Regarding the friend requests, one thing you can do now (and i have been forced to) to fight spam is only allow private messages to friends in that case the spammer gains the ability to send spam messages to these friends.

@ubernaut and others, re spam, I would appreciate hearing from the more experienced dev and web masters about the pros and cons of a private membership site.

By not allowing just anyone to become a member you automatically arrest spam. Of course, you also impede your growth because legitimate users can’t join.

One way to get around this is to use the great invite anyone plugin and have the original number of ‘seed’ members invite their friends and their friends invite their friends and so on.

Limited but organic growth in members and a total elimination of spam!

What do you guys think?

Hi @mercime, I tried your suggestion last night – I switched to twentytwelve, turned off all the plugins and it didn’t work as I expected. When I requested membership, it asked me to add a comment, rather than just returning the button disabled with “request sent”.

I also tried bp-default but that made no difference either.

I happened to have a copy of the old which referenced this instead of what I mentioned above

	jq(".group-button a").live('click', function() {
var gid = jq(this).parent().attr('id');
gid = gid.split('-');
gid = gid[1];
var nonce = jq(this).attr('href');
nonce = nonce.split('?_wpnonce=');
nonce = nonce[1].split('&');
nonce = nonce[0];
var thelink = jq(this);
jq.post( ajaxurl, {
action: 'joinleave_group',
'cookie': encodeURIComponent(document.cookie),
'gid': gid,
'_wpnonce': nonce
},
function(response)
{
var parentdiv = thelink.parent();
if ( !jq('body.directory').length )
location.href = location.href;
else {
jq(parentdiv).fadeOut(200,
function() {
parentdiv.fadeIn(200).html(response);
}
);
}
});
return false;
} ); 

I replaced the jq with jquery and added it into my custom scripts and it worked fine.

I can’t understand why it wouldn’t work even when I changed to the default or twenty twelve themes though if you said there wasn’t an issue.

@nomad-one The feeds for all your public groups are working. There are no feeds for private groups which is how it’s supposed to be for logged out users.

So, Can I get some clarification from a friendly user.

I want to have multiple BP networks, all exclusive to each other and private.
I want to allow for members to be able to ask to ‘join’ any network and if permission is receive.. he or she is in, without the need to fill out a form..

Is this possible?

I do not find any issue in joining a private group via the private group’s home page or joining private groups via Groups Directory page or the Private Group’s home page on default installs. https://codex.buddypress.org/user/buddypress-components-and-features/groups/how-to-join-a-private-group/ on Twenty Twelve theme.

@janogu
BuddyPress now has profile privacy built in for individual field visibility. BuddyPress Activity Privacy plugin is great at controlling who see’s individual activity posts. https://github.com/bphelp/private_community_for_bp does a decent job of locking down BP pages for logged out visitors. BuddyMobile is great for providing users of mobile devices an app like version of BP. So in conclusion I would say BP privacy has come along way since 2010. It would be nice if more of those features were built into the core in future versions but I am not sure that it would be something the core team would undertake at this point in development. The plugins I mentioned are in the repository with the exception of Private Community For BP in which I provided the GitHub link. Hope this answers your questions. Cheers!

Hi all

I have fixed the issue but it has taken me a while to work out what an earth is going. The issue is not the theme, but in global.js so I should not have the only site experiencing this problem.

The issue would only ever be on a single group page, on the group directory you were able to request membership completely fine.

In global.js line 940 references a css id which is only listed on the groups directory

jq('#groups-dir-list').on('click', '.group-button a', function() {

therefore the requests won’t work. As a temp fixed I’ve copied the function and referenced

jq('#item-buttons').on('click', '.group-button a', function() {

which will reference the request button on a single group. I’m not too good with jquery and have just added this into the default global.js as assume someone will not go and fix this and roll out an update.

@bakelady Where is the disconnect for any member joining a private group? Which step below?
1. A member clicks on the “Request Membership” button of a private group, the button should become “Membership Requested.”
2. Group Admin gets notification via email (if enabled) and via notification bubble in WP Admin/Toolbar
3. Group Admin clicks on notification that a certain member is requesting membership. Click brings Group Admin to group’s Admin > Requests
4. Group Admin chooses “Accept” or “Reject” membership request
5. Accepted Member gets notification via email (if enabled) and via notification bubble in WP Admin/Toolbar that he/she was accepted to that private group

@bakelady 🙂 Thanks for posting about the conflict with the User Role Editor and private groups.

But I still need to find out why ‘contributors’ are not able to add blog posts and events

Contributors should be able to submit a post from the backend (wp-admin) but it will need Site/Super Admin to approve and publish the post.

@bakelady Error logs? If you change to Twenty Twelve theme or the BP Default theme, is the issue resolved?

@echofoxtrot
This plugin works and is more complete as far as building a private community.
https://github.com/bphelp/private_community_for_bp

Please help me get this straight in my mind, i need to reduce it to writing before i go find a developer to help.

I need multi-site, multi-network buddypress and wordpress. SINGLE signin point of entery and then multi private networks. Some networks may have top level domain and some maybe “behind” a website hosted on wordpress.

Is this a possible layout?

Thanks

@bp-help

Actually, if you can do it as a universal function, I can probably convert it to a page-specific function myself (I’ve actually split the main activity stream into five separate pages with different scopes on my site already). I could send you my set-up, but it might be better to do it privately, as the site contains some nudity. 🙂

@petervandoorn see https://bbpress.trac.wordpress.org/ticket/2327