Skip to:
Content

BuddyPress.org

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#8038 closed defect (bug) (fixed)

wp-signup.php seems doesn't managed properly in multisite

Reported by: oxibug's profile oxibug Owned by: boonebgorges's profile boonebgorges
Milestone: 5.0.0 Priority: normal
Severity: normal Version: 4.1.0
Component: Registration Keywords: dev-feedback close
Cc:

Description

Hi There!

There's a big issue in WordPress Multisite, I think it MUST be fixed urgently ASAP.

  1. WordPress Multisite configured correctly with constant BP_ROOT_BLOG in {wp-config}.
  2. Of course you know that there's only one table users not for every site. JUST a HINT
  3. Sites: (x.com) (x.com/forum) (x.com/themes)
  4. Defined blog is [forum]

In Multisite there're couple scenarios ( NON - BP_ENABLE_MULTIBLOG )

  1. Activate as Network
  2. Activate in a certain blog

But both of 'em must configured in {wp-config} with constant BP_ROOT_BLOG, Anyway the user going to register MUST see the registration page of the defined blog forum (I THINK it MUST)

Issues

  • Case 1: Activate as Network plugin

In this case when the user click on Register link in any site, The page will go to the BuddyPress register page correctly (Very Nice) but if he write (x.com/signup.php) in the URL, then the old WordPress registration page will open correctly and that will happen...

  1. He can register BUT he won't receive the password in the mail like non BuddyPress so he MUST do forget password step to get his password.
  1. He will be assigned to the defined blog forum NOT the main blog - (Very Important)
  1. Of course I need to customize the BuddyPress registration page with other fields so if the user go to (x.com/signup.php) he won't pass the steps I made, (Very Bad)

Email Received:
You can log in with the following information:
Username: xxxxxx
Password: [User Set]
https://x.com/forum/wp-login.php

  • Case 2: Activate in a blog

In this case when the user click on Register link in any site except the defined one, He will redirected to the old WordPress registration page (x.com/signup.php), and Actually I don't know if that's good or not, I know you might say because the BuddyPress activated in a certain blog BUT there's only a single user table not for every site, So I need to disable registration in all sites except the buddypress one and of course there's a limitation in WordPress to do this.

After registration done in (x.com/signup.php) he didn't assigned in any blog but he can access the defined blog forum and modify the personal information, although he's not a member in that blog.

Attachments (1)

Registration.mp4 (5.2 MB) - added by oxibug 6 years ago.
Registration Issue in Multisite

Change History (6)

@oxibug
6 years ago

Registration Issue in Multisite

#1 @boonebgorges
6 years ago

  • Keywords close added
  • Priority changed from omg pizza to normal
  • Severity changed from critical to normal

Thanks very much for the detailed report.

Technically speaking, it's only possible for BuddyPress to hijack example.com/wp-signup.php if BP is active on example.com. If BP is active only on example.com/forum, then it can't do anything about wp-signup.php. So there's nothing that can be done about your case 2. Moreover, I don't think we'd *want* to change that behavior, as there are probably good use cases for forcing BP signup on a subsite but allowing more general registration on other sites in the network.

As for network-activation: It appears that wp-signup.php redirection has been broken in BuddyPress for a long time. Years ago, if memory serves, we used to redirect aggressively away from wp-signup.php, but things have changed: see #6178, and before that, [6449]. At this point, redirection only takes place if you visit wp-signup.php?action=register.

The reasons behind this look pretty complicated. I don't understand [10665]. The function signature for strpos() is ( $haystack, $needle ), so it seems like [10665] gets it wrong.

cc @imath, who can perhaps clear up my understanding. That said, going back to aggressive redirection at this point feels like it could break stuff. I'd suggest that, if you want redirection on your site, you can implement it yourself. The following should do it:

function bp8038_wpsignup_redirect() {
	// Bail in admin or if custom signup page is broken.
	if ( is_admin() || ! bp_has_custom_signup_page() ) {
		return;
	}

	// Not at the WP core signup page and action is not register.
	if ( ! empty( $_SERVER['SCRIPT_NAME'] ) && false === strpos( $_SERVER['SCRIPT_NAME'], 'wp-signup.php' ) ) {
		return;
	}

	bp_core_redirect( bp_get_signup_page() );
}
add_action( 'bp_init', 'bp8038_wpsignup_redirect', 0 );

#2 @imath
6 years ago

Ouch! Thanks for the ping I'm going to look at this asap.

#3 @imath
6 years ago

Sorry @oxibug & @boonebgorges It's my bad about the redirection break :(

I've just reopened #6178 and attached a .3 patch to bring it back and to make sure it's still possible to create a new site from the WordPress Administration even if the blogs component is not active.

Here's the patch

#4 @boonebgorges
6 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 12356:

Improve wp-login and wp-signup redirects.

This changeset restores the following intended behavior:

  1. On non-Multisite, redirect from wp-login.php?action=register to the BP account registration page
  2. On Multisite, redirect from wp-signup.php to the BP "Create a Site" page when the wp-signup.php is intended to trigger new site creation and the Blogs component is enabled
  3. On Multisite, redirect from wp-signup.php to BP's registration in other cases

Props imath.

Fixes #6178. Fixes #8038.

#5 @boonebgorges
6 years ago

  • Milestone changed from Awaiting Review to 5.0.0
Note: See TracTickets for help on using tickets.