BuddyPress.org

You could always just use htpasswd to compel http authentication too. It’s a bit of a pain for users to have to log in to both the directory, and into buddypress, but it will give you the protection you need. Or you could just stick something into the theme to say that if the user isn’t logged in, they’re always redirected to the login / register page. I need something similar, so if I make any progress, I’ll post back here with it.

I would say privacy is probably the most complex feature to implement – as far away from simple as you can get.

If you want to just close off your site to users who are not logged in, then there are plenty of plugins you can use. Or you can just use the following code in your plugins directory, smartypants:

<?php

/*

Plugin Name: BuddyPress Lockdown

Plugin URI: https://buddypress.org/

Description: Lock down your BuddyPress site if a user is not logged in.

Author: Andy Peatling

Version: 1.0

Author URI: https://buddypress.org/

Site Wide Only: true

*/



function bp_lockdown() {

global $bp;



if ( BP_REGISTER_SLUG != $bp->current_component && 'wp-login.php' != $bp->current_component && !is_user_logged_in() )

bp_core_redirect( site_url( 'wp-login.php' ) );

}

add_action( 'bp_init', 'bp_lockdown' );

?>

Here’s an odd thing. When I’m on page wp-login.php, $bp->current_component appears to be empty at bp_init time, so bp_lockdown loops continuously (bp1.21).

it’s not working for me 3.0-alpha/bp trunk ~ I had a very simple solution to accomplish this eons ago (pre privacy plug) and I’ll look at it again this afternoon in combo with your lockdown code.

@Andy

sorry if my following questions are off-topic:

when I do create a “Private Group” on Group-creation:

– are the members-data who have joined this “Private-Group” visible to search-engines like Google ?

– are the user-images (avatar-images) and user-Profile-Fields of “Private-Group-Members” visible to search-engines ?

– is the user-activity (e.g. Permalink-comments) within a “Private Group” being exploited to search-engines or is it hidden from search-engines ?

– are all data from “Private-Groups” are actually hidden from other members within an installation ?

So if “Private Groups” would be hidden from search-engines, this would be perfect “Privacy” – just need to setup “Private-Groups” only, instead of “Public-Groups” ?

Many thanks.

I know this! .. forward thinking and I’ve found very few errors, 1.2 supports 3.0-alpha much better than is to be expected with very little errors, notices or conflicts on depreciated functions.

I also just tested bp_lockdown() with MU 2.9.1.1 and 1.2 ~ same fail as 3.0-alpha regardless of if I clear cookies or cache. I think andrew_s1 has it right.

When viewing wp-login.php, then:

at line 178 of bp-core.php, both $bp->current_component and $bp->displayed_user->id are empty

at line 138 of bp-core/bp-core-catchuri.php, $bp_uri =array([0] => ‘wp-login.php’), but $component_index = 1

So there’s the problem – when viewing wp-login.php, $bp_uri has value ‘wp-login.php’ at key 0, but $component_index is 1, so $current_component is set to an empty string

[EDIT – value is ‘wp-login’ not ‘wp-login.php’ – sorry. EDIT again – bah – wp-login.php it can be – it’s whatever the user enters in the URL. wp-login.php and wp-login both worth, and each gets carried through as is]

I also edited this line

bp_core_redirect( site_url( 'wp-login.php' ) );

to

bp_core_redirect( site_url( BP_REGISTER_SLUG ) );

And $component_index=1 because VHOST==‘no’ and $is_root_component is empty at line 131 of bp-core/bp-core-catchuri.php

nice analysis ~ I’m also duplicating those errors with the core_redirect pointed to wp-login.php I’d bet Jeff has a good handle on this and I sent a request to help him test the upcoming release. I don’t have a copy of his old release to adapt or modify (if anyone could point me to, or send me the old copy, that might help).. but the hack i put up previously has worked like a charm for me making some pages private while leaving others public without having to expand this into a full on plugin with user options. I simply call that custom header for any pages I want to keep private.

yes, it’s patchy with that. If the link is directly to /register/, then it works fine. But if it’s to wp-login.php?action=register, then it gets stuck in the wp-login loop.