develop a new security INVITATION ONLY PLUGIN

hello good people of elgg community,

i have searched the plugins and not found a plugin which can provide what i need for the security of my website. 


so i was wondering whether anyone would like to help me develop a security feature which could be benificial to the elgg community and help me out greatly with my website?


it will be an invitation only plugin and will need to work as follows:

current members can invite new members to join the site via an email generated from their account.


the new member receives the email and a link which takes them to the sign up page of the site.


also included in the email is a 'one time passcode' valid only for that one sign up and expires once the account is activated. (or if not used before 30 days of invitation date)


so only if the new member is invited by a current member can they sign up making it secure for the members of the site knowing that there aren't any fraudsters lurking around etc etc


if anyone likes this idea, would like to propose any sugestion, help or even program this plugin it would be a gret help to me and the elgg community and would increase security for those who rely heavily on it for their sites to function.


thank you for taking your time to read this post.



  • You want yr site to be like Tuenti ?


  • nope,

    just looked at tuenti and anyone can sign up to that.

    my site will simply be invitation only.


  • Hmm..

    Are you sure anyone can ?
    Did you already register on there yourself ?
    I think you should check out thoroughly first.. ;-)

    I got onto Tuenti by 'Invitation Only' while doing some Client's work who wanted me to browse thru some features in there ;-)

    Anyways.. I've thought over this 'invitation-only' aspect - yes, it can be done with the necessary effort - like most other ventures -- if the developer understands the Elgg API and knows how to code rather well with PHP, etc..


  • I had the exact same need and I solved it with SiteAccess plugin plus a default instalation plus some small fixes to SiteAccess. 

    First get the module:

    After you install, go to the plugin settings (from the plugins list page) and enable "invitation only". There are many bugs in the plugin, but you can ignore them if you use it for this purpose only.

    One modification I had to do to get it to work was to anihilate one of the plugin functions by adding

    return true;

    immediately after    

    function siteaccess_validate_captcha() {

    in the start.php file of the siteaccess plugin.

    If you plan to fix additional bugs to get the module working again on 1.8.1, I'd be happy to work with you on a new release.

  • Yeah, S/A can handle the simpler situation of 'invitation-registrations'.. But what Ronnie's asking for is " current members can invite new members to join.. " -- so that will need to tie-in with Invite Friends - to generate the invitation, etc and when a new user 'registers' -- need to check if hey were invited by another existing User and then process that accordingly.

  • I've not yet tested the invitatation of friends feature in Elgg 1.8 when the "allow registrations" option is turned off in site settings. Basically, you can configure Elgg 1.8 to only allow logged-in users to browse your site and you can also disable the normal account registration. Accounts can still be created by admins if the normal registration is turned off. If the registration of accounts for people invited by already existing members would still work, it wouldn't be necessary to code an additional plugin. Although in this case I would guess an additional site administration option would be best to define if invitations should be allowed when normal registrations are disabled. Maybe it would be worth to open a ticket at trac about this issue to inform the core developers about this issue and it might be included in a future Elgg release.