Ask your WordPress questions! Pay money and get answers fast! (more info)

multisite - regstration for one site = access for one site only WordPress

  • SOLVED

Wordpress multisite.
Three subsites.
Connexion with psw and id for each site.
I use this plugin : https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681

Problem : when a user is registred for one subsite, he can visited all sub-sites.

What I need :
if a user is only registred for site1.mydomain.com, he can just acceded to site1.mydomain.com. Not to site2.mydomain.com !


I have try this solutions :
https://wordpress.org/plugins/network-subsite-user-registration/
https://www.cozmoslabs.com/56583-enable-wordpress-user-registration-subsite/
Thats doesn't work...

Answers (2)

2017-06-19

Cesar Contreras answers:

Make sure you do not register as superuser and check your rools for a new user


Sébastien | French WordpressDesigner comments:

Default role : subscriber

But you know, that the Wordpress works like that : the registration is for all the network, not for one site. No ?


Luis Abarca comments:

Hi, yeah my_set_default_blog_to_user() subscribe the user to default blog.

i updated the gist to subscribe to default blog users with "subscriber" role only.

The check for login is not performed on normal users anymore, only on subscribers.

https://gist.github.com/luisabarca/39dffb5bc1ebc587b0bb79b0c738409d


<?php
/*
Plugin Name: bPlus User per site
*/

// Url to redirect
define( 'BP_DEFAULT_URL', 'http://superpositif.com/interne/');

function is_valid_user_login( $user = null ) {
// Current site
$current_site_id = get_current_blog_id();

if ( is_null( $user ) ) {
$user = wp_get_current_user();
}

if ( is_user_member_of_blog( $user->id, $current_site_id ) ) {
return true;
}

return false;
}

function my_check_user_blogs( $user_login, $user ) {
if ( current_user_can( 'edit_posts' ) ) {
return false;
}

// check if user is in the current site
if ( ! is_valid_user_login( $user ) ) {
wp_redirect( BP_DEFAULT_URL );
exit();
}

}

add_action('wp_login', 'my_check_user_blogs', 10, 2);


function my_set_default_blog_to_user( $user_id ) {
// Subscribers are added to default blog
if ( ! user_can( $user_id, 'edit_posts' ) ) {
add_user_to_blog(1, $user_id, 'subscriber' );
}
}

add_action( 'wpmu_new_user', 'my_set_default_blog_to_user' );

function my_check_user_access_for_site() {
// check logged in users only
if ( ! is_user_logged_in() ) {
return false;
}

// dont perform check on normal users
if ( current_user_can( 'edit_posts' ) ) {
return false;
}

if ( ! is_valid_user_login() ) {
wp_redirect( BP_DEFAULT_URL );
exit();
}
}

add_action( 'init', 'my_check_user_access_for_site' );


Sébastien | French WordpressDesigner comments:

I prefer my code :)
Here : https://wpquestions.com/multisite_regstration_for_one_site_access_for_one_site_only/27457#comment_38846
Are you sure the function my_set_default_blog_to_user is useful ?

2017-06-19

Luis Abarca answers:

Maybe this idea could work.

When the user logins (with actions), get a list of sites the user belongs to.


<?php
global $current_user;
get_currentuserinfo();

// if user does not belong to the current blog, logout the user.
$sites = get_blogs_of_user( $user_id );

// or check if user is in the current site
if ( ! is_user_member_of_blog( $user_id, $blog_id ) ) {
// log out
}

?>



I can't add more comments, i dunno why, i think we need to modify the registration process.

Contact me on skype luis_abarcag or hangout [email protected]


Sébastien | French WordpressDesigner comments:

Where I place this code ?


Luis Abarca comments:

Something like this.


<?php

function my_check_user_blogs( $user_login, $user ) {
// Current site
$current_site = get_current_site();

// check if user is in the current site
if ( ! is_user_member_of_blog( $user->id, $current_site->id ) ) {
// log out
wp_logout();
}
}

add_action('wp_login', 'my_check_user_blogs', 10, 2);

?>


Cesar Contreras comments:

In your finctions.php file


Sébastien | French WordpressDesigner comments:

Sorry but where in my plugin do I use that ?


Sébastien | French WordpressDesigner comments:

I paste this code in my functions.php and that's all ?


Luis Abarca comments:

Anywhere, it will run only on the user login event only, your plugin is activated multisite ?


Luis Abarca comments:

It mus run on a multisite plugin to track login events on all subsites


Sébastien | French WordpressDesigner comments:

that doesn't work... :-/


Sébastien | French WordpressDesigner comments:

and, when I try to log in as superadmin at wp-login.php, that doesn't work anymore ! :-/


Luis Abarca comments:

I'm testing on my multisite installation


Sébastien | French WordpressDesigner comments:

just for info : with "userpro" plugin the login form is in frontend, maybe is it important...


Luis Abarca comments:

try this version.
https://gist.github.com/luisabarca/39dffb5bc1ebc587b0bb79b0c738409d

it will set the default site to users on registration and check if they can login on the subsite.


<?php
/*
Plugin Name: bPlus User per site
*/

function is_valid_user_login( $user = null ) {
// Current site
$current_site_id = get_current_blog_id();

if ( is_null( $user ) ) {
$user = wp_get_current_user();
}

$sites = get_blogs_of_user( $user->id );

//var_dump($sites);
//die;

if ( is_user_member_of_blog( $user->id, $current_site_id ) ) {
return true;
}

return false;
}

function my_check_user_blogs( $user_login, $user ) {
if ( current_user_can( 'manage_options' ) ) {
return false;
}

// check if user is in the current site
if ( ! is_valid_user_login( $user ) ) {
wp_logout();
wp_redirect( get_bloginfo('url') );
exit();
}

}

add_action('wp_login', 'my_check_user_blogs', 10, 2);


function my_set_default_blog_to_user( $user_id ) {
add_user_to_blog(1, $user_id, 'subscriber' );
}

add_action( 'wpmu_new_user', 'my_set_default_blog_to_user' );

function my_check_user_access_for_site() {
// check logged in users only
if ( ! is_user_logged_in() ) {
return false;
}

// dont perform check on admins
if ( current_user_can( 'manage_options' ) ) {
return false;
}

if ( ! is_valid_user_login() ) {
// log out
wp_logout();
wp_redirect( get_bloginfo('url') );
exit();
}
}

add_action( 'init', 'my_check_user_access_for_site' );


Luis Abarca comments:

You can edit and customize it, just upload the file to plugins and "network activate" the plugin.


Sébastien | French WordpressDesigner comments:

huummm...that seems not work...
And no possible to log in at wp-login.php


Luis Abarca comments:

Im using the plugin here.

http://bplus.mx/wp-admin

User: luigi1604
Password: demo


Then try to login here:
http://villasdelsol.bplus.mx/wp-admin


Sébastien | French WordpressDesigner comments:

I use your plugin. The homepage of the network : http://urlz.fr/5qv6
Each grey button go to a sub-site.

user:luisabarca
psw:[email protected]$$

luisabarca is registred for "acces interne" (the first button)
but he can log in "liberte" ou "securite" (the second and third button) and when he is connected, he can visited all sub-sites...


Luis Abarca comments:

i can't login with user: luisabarca and password: [email protected]$$


Sébastien | French WordpressDesigner comments:

it's ok now

subsite 1 : http://urlz.fr/5qvc
subsite 2 : http://urlz.fr/5qvb
subsite 3 : http://urlz.fr/5qve


Luis Abarca comments:

Yeah, i can login on all sites.

Did you activate the plugin network wide??


Sébastien | French WordpressDesigner comments:

Yes it's activate on the network. It's activate by just one click on all the network here http/::mymaindomain.com/wp-admin/network/plugins.php


Sébastien | French WordpressDesigner comments:

very strange : If i add a user in a site like test.maindomain.com, I can see in the users of the network (here : maindomain.com/wp-admin/network/users.php) that my new user is linked to the site test.maindomain.com

But if I log in with this new user I can visited all sites
AND AND AND...................

When I come back to maindomain.com/wp-admin/network/users.php the user is now linked to test.maindomain.com AND liberte.maindomain.com (log id = 2) ! Why ??


Sébastien | French WordpressDesigner comments:

1/ first info
---------------

In my header I paste your code :

$current_site_id = get_current_blog_id();
echo "current site id = " . $current_site_id;
echo "<BR><BR><BR>";
if ( is_null( $user ) ) {
$user = wp_get_current_user();
}

//print_r($user);
$sites = get_blogs_of_user( $user->id );
print_r($sites);


I log in the sub-site "http://mydomain/test" with a user who have access to this site.
The code displayed is :


Array (
[3] => stdClass Object ( [userblog_id] => 3 [blogname] => Formule Liberté [domain] => mymaindomain.com [path] => /liberte/ [site_id] => 1 [siteurl] => http://mymaindomain.com/liberte [archived] => 0 [mature] => 0 [spam] => 0 [deleted] => 0 )
[5] => stdClass Object ( [userblog_id] => 5 [blogname] => test [domain] => mymaindomain.com [path] => /test/ [site_id] => 1 [siteurl] => http://mymaindomain.com/test [archived] => 0 [mature] => 0 [spam] => 0 [deleted] => 0 )
)


This user seems to be regitred at http://mymaindomain.com/liberte
In fact, that is the same thing for all users !

I note that my superadmin profile is registred for "libert" too. And I create all users when I am connected as superadmin. Maybe the problem comes from that.


2/ second info
------------------
this user can visited all sub-sites. It's not normal.


3/ Third info
---------------
When I activate your plugin I can't no more access to the backoffice.


4/ Fourth info
-----------------
I activate your plugin and I log in with this user (user of 1/first info)
That works fine !................... except for http://mymaindomain.com/liberte
The user is able to visit this url, but this is not what I want.

5/ info 5 :
------------
When you visited a site which you're not registred, you're logout.
It's not a good idea because you're logout from all sites.
I try to redirect to main url like that

// log out
//wp_logout();
//wp_redirect( get_bloginfo('url') );
wp_redirect( network_site_url() );
exit();


But that doesn't work fine, there is a problem of rediretion.

CONCLUSION
------------------

There are therefore two problems :
1- why all user seems able to access at the subsite "liberte" ?
2- How redirect a non-registred user to the main page of the network ?


Sébastien | French WordpressDesigner comments:

and 3- Why can I no more log in the backoffice ?


Sébastien | French WordpressDesigner comments:

I do many many tests. Whatever I do, at the end the user is able to log in the sub-site "liberte". I am able to create a user not registred in "liberté", but when the user is connected, boum, there is a change in BO and DB and the user is registred in "liberte"...
The only particularity of this sub-site is "bbpress" to generate forum...

To be continued...


Sébastien | French WordpressDesigner comments:

Here is what I discovered :
If bbpress is deactivate, no problem,a user can registred for just one susbsite.
If bbpress is activate on the sub-site "liberte", as soon as a user visits this site, it will be considered registered on this site. It's very strange but I've seen it by myself.


Sébastien | French WordpressDesigner comments:

I solved this problem by unchecking the setting of bbpress : "new user is automatically subscribed to a forum" (Hoping that it will not be embarrassing for the future)

I have only two problems about your plugin to solve :
1- How redirect a non-registred user to the main page of the network ?
2- Why could I no more log in the backoffice ?


Sébastien | French WordpressDesigner comments:

function my_set_default_blog_to_user( $user_id ) {
add_user_to_blog(1, $user_id, 'subscriber' );
}
add_action( 'wpmu_new_user', 'my_set_default_blog_to_user' );


All new users must be transformed automatically into subscribers for the blog 1 with this code, isn't it ? That seems not work.

But is this code really useful ?


Sébastien | French WordpressDesigner comments:

All poblems are solved when I cusomze your plugin like that :
<?php
/*
Plugin Name: bPlus User per site
*/

function is_valid_user_login( $user = null ) {
// Current site
$current_site_id = get_current_blog_id();

if ( is_null( $user ) ) {
$user = wp_get_current_user();
}

//$sites = get_blogs_of_user( $user->id );

//var_dump($sites);
//die;

if ( is_user_member_of_blog( $user->id, $current_site_id ) ) {
return true;
}

return false;
}

function my_check_user_blogs( $user_login, $user ) {
if ( current_user_can( 'manage_options' ) ) {
return false;
}

// check if user is in the current site
if ( ! is_valid_user_login( $user ) ) {
// log out
//wp_logout();
//wp_redirect( get_bloginfo('url') );
wp_redirect( network_site_url() );
exit();
}

}

add_action('wp_login', 'my_check_user_blogs', 10, 2);


// function my_set_default_blog_to_user( $user_id ) {
// add_user_to_blog(1, $user_id, 'subscriber' );
// }
// add_action( 'wpmu_new_user', 'my_set_default_blog_to_user' );


function my_check_user_access_for_site() {

$current_site_id = get_current_blog_id();
if($current_site_id==1) {
return false;
}
// check logged in users only
if ( ! is_user_logged_in() ) {
return false;
}

// dont perform check on admins
if ( current_user_can( 'manage_options' ) ) {
return false;
}

if ( ! is_valid_user_login() ) {
// log out
//wp_logout();
//wp_redirect( get_bloginfo('url') );
wp_redirect( network_site_url() );
exit();
}
}

add_action( 'init', 'my_check_user_access_for_site' );


Could you confir that the function my_set_default_blog_to_user is not useful please ?
What do you think about this code ?