Site Access v2.2

Release Notes

Built to work with Elgg 1.5

Site Access readme can be found here.

Site Access Settings Overview and Configuration details here.


  • Allows for the administrator to approve/reject new user registration on the site
  • Provides finer grain control on activating an account vs validating emails
  • Sub-Menu options have been added to the user profile allowing you to activate a non activated user, Also allowing you to view friends a user has invited
  • Integrates with the "invitefriends" plugin built into elgg 1.5
  • Plugin setting to require that a user was invited with "invitefriends" to register
  • Integrated Coppa, also provides a setting to require coppa to register
  • Plugin setting to require a site password to register, this is definable from the plugin settings.
  • Integrates into the cron plugin and will notify you on a specified time interval if you have users that are waiting to be activated.
  • Will update the River Dashboard upon successful activation on the site
  • Allows for the user to activate their account via the email confirmation link
  • Plugin setting to allow for automatic account activation after account creation (This setting does not enforce email validation)
  • Intigrates walledgarden into the site, allowing you to enable or disable this feature. 
  • Provides an option to enable Wallrdgarden Debug Mode: Which prints out the URI that is being blocked by walledgarden.
  • Provides an access control list to specify which pages are allowed outside of walledgarden.
  • If the user changes his email address it will now send out another email confirmation link requesting them to validate there email address again.
  • Allows you  to browse non-activated users, banned users, users who haven't validated there email address.
  • Provides a page that allows you to customize the email templates that get sent to users for your site. Provides some built in macros to be used inside of the emails
  • Implements a captcha system on the login and registration page.  captcha is required to login after 3 invalid login attempts.  The captcha is site specific.


Screenshot of Site Access Users Page


Screenshot of Plugin Settings


Screenshot of Login Box



Install this plugin into your mod directory.

Goto -> Administration -> Tool Administration -> siteaccess -> enable


I suggest setting Site Access at the bottom of your plugin list so that it functions properly and loads last, for security measures.


make sure to goto settings and click save.  This is no longer necessary unless you want to change some of the options.

For feature requests and issues go here:

Start a thread in my group... Shellcode's Plugins

Anyone that has spent the time to update the language file please send them to me so I can include them in the release. Feel free to send any updates to my language file.. I am by no means a word smith.

Plugins Replaced: (Deactivate the following Plugins)

  • uservalidationbyemail
  • walledgarden
  • coppa

Incompatible Plugins:

loginbyemail  (Remove this plugin)

  • Ugg.. Hopefully this one is issue free for months.   Last Public Update for a bit I hope.

  • Hi Shellcode when i enable the plugin sort out the settings and then logout i can't log back in! I disabled all the plugins that were specified before enabling site access even my admin account doesnt log in. I'm running Elgg 1.5. Need help! Thanks!

  • you can rename the siteaccess directory.  Log back in as admin, rename the directory back after you logged in and enable walledgarden debug.  Then try to login again.  See what error it pops up.  

  • Hi Shellcode did as you said still cant login maybe another plugin is conflicting not sure heres what is says when i login :

    "We couldn't log you in. This may be because you haven't validated your account yet, the details you supplied were incorrect, or you have made too many incorrect login attempts. Make sure your details are correct and please try again."

    I disabled uncapcha, coppa, uservalidationbyemail!

  • Found problem restored my database disabled all plugins and enabled one by one with site access problem was user contact list plugin! Thanks Shellcode Great plugin!!!

  • issue here: new user receive confirmation link  but when going to login, it ask you to confirm email  again and basically just looping - user can't login.

  • @elggboy: there was a type in the 2.0 and 2.1 release for the confirmation email.. So if you installed 2.0 or 2.1 before 2.2 then you'll have to regerate the confirmation email.

    you need to revert the "Email Confirmation" template it will pick up the changes in the language file.

    You can do that from the pg/siteaccess/templates as a site admin.  Make sure it was %confirm_url% and not %site_url%.

  • Thanks, I will do that and let you know how it went.

  • Interesting problem I have...

    I installed, then deleted, now have reinstalled the plugin. However, I can't get the coppa to disable.  Just not sure what to do here.  I tried the steps above.  Just trying to figure out how to reset without going into the database directly...


  • Oh never mind.  Silly thing I forgot...


  • Is it possible to validate the email, when instant activation is enabled? because i have many users whose emails are not validated.

  • Is it possible to reduce the number of required registration fields, or is that an ElggUsers requirement?

    Ideally, I'd like to have the registration be just email and password.  (No double-password check, username defaults to email, and Display Name can stay blank until filled out [or defaults to email]) 


  • @prem: Right now there isn't a way to turn off email validation... so it's just on... if they change their password in the user profile it will reset the email validation flag and send a request to validate their email.  They will then show up on the site access tab uder "Emails Not Validated" If they never click the link.  Only users however do not show up because this flag was never created for their account.  I could add something to go through the users list and add the flag.

    @db: I like it.. I'll see about how to include some more customizations options to the registration page with the next release.

  • as an alternative to site-password, what about letting only people with a given email-domain register? i.e only from @mycompany.comor something

    it would be very useful for organizations that want to restrict access, but let their employees register by themself. (something like they have over at

  • Hey there!

    I was able to create the extra field in the register.php file by adding

    in line 5:

    $blog = get_input('b');

    and in line 14:

    $form_body .= "<label>" . elgg_echo('blog') . "<br />" . elgg_view('input/text' , array('internalname' => 'blog', 'class' => "general-textarea", 'value' => $blog)) . "</label><br />";
        $form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";

    and the 'blog' field appears in the registration page... but when i go to

    site access question
    the username and email show up, but the blog url doesn't show up. that's the vital information i need to be the gatekeeper..

    so I'm wondering which file i need to alter to get the blog to show up here in the moderation queue. hopefullly it can be a link so it's easy to check to make sure the url is valid.

    any help is certinaly appreciated, I'm about to lose my head over this.

  • Jennine: You would need to modify the "user_view.php" file located: siteaccess/views/default/siteaccess


  • i am trying to install the site access plugin, but after unzipping to the mod directory and going to the Tool Administration page, i don't see an Enable link. i can see the section for site access, but there are no links for it

  • The only thing I can think of is it wasn't extracted properly...

  • @ shellcode - Absolutely great advancement's you're making with this great plugin. I just have one issue at present with ver 2.2;

    I can't seem to get the captcha on the Loginbox and only the Registration Box page, is that normal?

    I also have another previously installed plugin calle;

    "uncaptcha - Provides protection against spam bots by using a reverse captcha and removes the need for an email validation."

    Does the captcha you run in your SiteAccess plugin run pretty much the same way as the one mentioned above? Can you cofirm that I need to disable / uninstall this plugin mod if running your SiteAccess plugin?


  • @Rob: I would say that you don't need both plugins...  Uncaptcha from what I read just has a hidden form field that doesn't allow registration if it's filled in.  With the captcha on the registration page it requires that the sequence of numbers is entered to register. The only way to bypass it would be to have something that could ocr the image which is a bit more complicated then having something fill in all the form fields... uncaptcha does not protect against bots filling in only the visible fields.     As for the captcha not showing up on the login page... it only appears after the 3rd unsuccessful login.  The idea behind this is to not annoy the user trying to login.. but slow them down if they are trying to hack an account.   also prevents brute forcing with bots. 

  • I have a problem with this page breaking my index layout design in ie6 when the catchpa is invoked.

    Is there a way to increase the catchpa setting from 3 to  say 6 if so which file could I hack to do this

  • @Malaga Jack: The html for the catchpa is located here: mod/siteaccess/views/siteaccess/code.php

    I'm not sure which captcha setting your refering too... what to you mean 3 to 6?  If you come up with a fix.. I would be happy to impliment it.

  • @Shellcode :

    I've installed this great plugin in my fresh elgg 1.5 installation.

    We need to manually activate users, maintaining email check, so setting are theese:

    Allow account activation via email: No Auto activate account : No Require invitation to register: No Require coppa to register: No Enable walledgarden: Yes Require site password to register: No Frequency of notification: hourly Bud after a user registration (and email validation) the user don't appears in "User wainting to be activated" panel.
    Thanks a lot for your help.

Project Info


  • Category: Site admin
  • License: FreeBSD license
  • Updated: 2015-9-18
  • Downloads: 9755
  • Recommendations: 6

Other Projects

View shellcode's plugins