Site Access v2.2

Release Notes

Built to work with Elgg 1.5

Site Access readme can be found here.

Site Access Settings Overview and Configuration details here.


  • Allows for the administrator to approve/reject new user registration on the site
  • Provides finer grain control on activating an account vs validating emails
  • Sub-Menu options have been added to the user profile allowing you to activate a non activated user, Also allowing you to view friends a user has invited
  • Integrates with the "invitefriends" plugin built into elgg 1.5
  • Plugin setting to require that a user was invited with "invitefriends" to register
  • Integrated Coppa, also provides a setting to require coppa to register
  • Plugin setting to require a site password to register, this is definable from the plugin settings.
  • Integrates into the cron plugin and will notify you on a specified time interval if you have users that are waiting to be activated.
  • Will update the River Dashboard upon successful activation on the site
  • Allows for the user to activate their account via the email confirmation link
  • Plugin setting to allow for automatic account activation after account creation (This setting does not enforce email validation)
  • Intigrates walledgarden into the site, allowing you to enable or disable this feature. 
  • Provides an option to enable Wallrdgarden Debug Mode: Which prints out the URI that is being blocked by walledgarden.
  • Provides an access control list to specify which pages are allowed outside of walledgarden.
  • If the user changes his email address it will now send out another email confirmation link requesting them to validate there email address again.
  • Allows you  to browse non-activated users, banned users, users who haven't validated there email address.
  • Provides a page that allows you to customize the email templates that get sent to users for your site. Provides some built in macros to be used inside of the emails
  • Implements a captcha system on the login and registration page.  captcha is required to login after 3 invalid login attempts.  The captcha is site specific.


Screenshot of Site Access Users Page


Screenshot of Plugin Settings


Screenshot of Login Box



Install this plugin into your mod directory.

Goto -> Administration -> Tool Administration -> siteaccess -> enable


I suggest setting Site Access at the bottom of your plugin list so that it functions properly and loads last, for security measures.


make sure to goto settings and click save.  This is no longer necessary unless you want to change some of the options.

For feature requests and issues go here:

Start a thread in my group... Shellcode's Plugins

Anyone that has spent the time to update the language file please send them to me so I can include them in the release. Feel free to send any updates to my language file.. I am by no means a word smith.

Plugins Replaced: (Deactivate the following Plugins)

  • uservalidationbyemail
  • walledgarden
  • coppa

Incompatible Plugins:

loginbyemail  (Remove this plugin)

  • I have the following plugins enabled that deal with registration:

    • siteaccess 2.4 (installed 2.6 but it says ver 2.4)
    • captcha 1.7
    • registrationterms 1.0

    It seems that siteaccess over-rides the view of captcha and registration terms where the latter two actually extend the original registration form.

    Anyone have any ideas on how to use site access with the original captcha and plugins like registrationterms?

    Thank you

  • My work around was to disable captcha and registration terms.

    I used the site access capture (tho It's not a pretty as the default) and I added a registration terms enable/disable to the site access plugin.

    This seems to work fine, Take a look and let me know if you want the modifications published here.

  • Thats the trouble - I think most people would prefer a version that used the defaults rather than the site access versions..

  • I think that we should all get together and chip-in to fund the re-development of SIte-Access to incorporate all the neat features from everywhere else to make S/A the best Security PlugIn ;-)

  • Let's start with  ->

    • a list of it's current functionals
    • what works and what does not work
    • describe in terms in user/layman terms not techie talk

    Draw list of new features -

    • must-have
    • wannna-have
    • nice-to-have

    We can develop more from there..


  • New features:

    1. Use the default catchpa

    2. Admin should be able to decide when there is a registration if they join automatically, verify by email or admin should manually verify.

    3. Actions/register file should not have to be manually changed and an override should be in the mod.

  • Hi,

    For some members the confirmation link appears like this :

    It sounds like an encoding problem, no? I tried to change UTF8 by ISO-8859-1 : no change.

    Content-Type: text/plain; charset=ISO-8859-1; format=flowed

    Any idea ?

  • HI , Thanks a lot for this extension. Will it be possible to make this compatable with 1.8 Please???? I think it is really useful extension for the community and i am sure that it will be used for the new version as well.

  • A small site access hack, for those who wish to use generic whitelist filtering instead of exact URL only :

    in mod/siteaccess/start.php :

    1. find function siteaccess_allowed_pages
    2. find this part :     foreach($accesslist as $acl) {
          $acl = trim($acl);
          if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
            $allowed = true;
    3. Add following piece of code between $acl = trim...  and before if(strcomp... :

        // Facyla : allow generic URL filtering, like pg/blog/$
        $cutat = null;
        $cutat = strpos($acl, '$');
        if ($cutat > 0) {
          $acl = substr($acl, 0, $cutat);
          $url = substr($url, 0, strlen($CONFIG->wwwroot . $acl));
          if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
            $allowed = true;
            //system_message('Matching generic filtering on : ' . $url);


    You should end up with (inserted => bold) :

        foreach($accesslist as $acl) {
        $acl = trim($acl);
        // Facyla : allow generic URL, like pg/blog/$
        $cutat = null;
        $cutat = strpos($acl, '$');
        if ($cutat > 0) {
          $acl = substr($acl, 0, $cutat);
          $url = substr($url, 0, strlen($CONFIG->wwwroot . $acl));
          if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
            $allowed = true;
            //system_message('Matching generic filtering on : ' . $url);
        if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
          $allowed = true;


    Finally add generic URL(s) in plugin settings : write request URI (eg. : pg/blog) followed by the dollar ($) symbol ; all URL beggining by this exact match will become accessible.

    In extenso, il you add the line : pg/blog/$, URL like pg/blog/username/read/... will become publicly available..

    Enjoy ;)

  • Hello,

    When I try to use Site Acess, the captcha image doesn't appear, so I cant' use the form :

    I'm using Elgg 1.7.8

    Thank you

Project Info


  • Category: Site admin
  • License: FreeBSD license
  • Updated: 2015-9-18
  • Downloads: 9737
  • Recommendations: 6

Other Projects

View shellcode's plugins