Site Access v2.2

Release Notes

Built to work with Elgg 1.5

Site Access readme can be found here.

Site Access Settings Overview and Configuration details here.


  • Allows for the administrator to approve/reject new user registration on the site
  • Provides finer grain control on activating an account vs validating emails
  • Sub-Menu options have been added to the user profile allowing you to activate a non activated user, Also allowing you to view friends a user has invited
  • Integrates with the "invitefriends" plugin built into elgg 1.5
  • Plugin setting to require that a user was invited with "invitefriends" to register
  • Integrated Coppa, also provides a setting to require coppa to register
  • Plugin setting to require a site password to register, this is definable from the plugin settings.
  • Integrates into the cron plugin and will notify you on a specified time interval if you have users that are waiting to be activated.
  • Will update the River Dashboard upon successful activation on the site
  • Allows for the user to activate their account via the email confirmation link
  • Plugin setting to allow for automatic account activation after account creation (This setting does not enforce email validation)
  • Intigrates walledgarden into the site, allowing you to enable or disable this feature. 
  • Provides an option to enable Wallrdgarden Debug Mode: Which prints out the URI that is being blocked by walledgarden.
  • Provides an access control list to specify which pages are allowed outside of walledgarden.
  • If the user changes his email address it will now send out another email confirmation link requesting them to validate there email address again.
  • Allows you  to browse non-activated users, banned users, users who haven't validated there email address.
  • Provides a page that allows you to customize the email templates that get sent to users for your site. Provides some built in macros to be used inside of the emails
  • Implements a captcha system on the login and registration page.  captcha is required to login after 3 invalid login attempts.  The captcha is site specific.


Screenshot of Site Access Users Page


Screenshot of Plugin Settings


Screenshot of Login Box



Install this plugin into your mod directory.

Goto -> Administration -> Tool Administration -> siteaccess -> enable


I suggest setting Site Access at the bottom of your plugin list so that it functions properly and loads last, for security measures.


make sure to goto settings and click save.  This is no longer necessary unless you want to change some of the options.

For feature requests and issues go here:

Start a thread in my group... Shellcode's Plugins

Anyone that has spent the time to update the language file please send them to me so I can include them in the release. Feel free to send any updates to my language file.. I am by no means a word smith.

Plugins Replaced: (Deactivate the following Plugins)

  • uservalidationbyemail
  • walledgarden
  • coppa

Incompatible Plugins:

loginbyemail  (Remove this plugin)

  • Any Ideas?

     having issues with:

    when this plugin is enabled the registration isnt being passed on to my phpbb3 forum via the phpbb3 mod.


    When siteaccess is de-activated,, the phpbb3 bridge mod works great.


  • @siteaccess: The plugin is awsome, just have 1 minor issue that im seeing and not sure if it is the plugin. So far anyone that has registered to site with a yahoo email address does not get the validation email and cant access the site unless i approve them.

    I made a test account with my yahoo email and had the same result. Got nothing. Not in inbox or spambox.

    Any ideas....    ?

  • Hi,

    i have tested the siteaccess plugin on my elgg 1.5 site.

    I couldn't make the email validation work. Afetr some investigations, i made some changes to the confirm.php, i give them to you if needed

    here they are :

        global $CONFIG;

    //make disable entities visible
      $user_guid = (int)get_input('u');
        $user = get_entity($user_guid);
        $code = sanitise_string(get_input('c'));
        if ( ($code) && ($user) )
            if (siteaccess_validate_email($user_guid, $code)) {
                            siteaccess_notify_user($user, 'validated');

                           //enable the user is confirmed
            } else

      //Go back to the standard behaviour


  • @fusion: yahoo works just fine for me... from my site...  the only thing I can think of is to check to make sure yahoo isn't using an RBL that has you listed.

  • @Fabrice: thanx, I will add access_show_hidden_entities to the next release.  Although I'm not sure why it is broken for you and why this one function allows it to work...

  • Great plugin!

    I made a small change to allow partial matches (all URLs starting with the specified acl) in start.php:

             /* Original version
            foreach($accesslist as $acl) {
                $acl = trim($acl);
                if(strcmp($url, $CONFIG->wwwroot . $acl) == 0) {
                    $allowed = true;

             //* // New version
                    foreach($accesslist as $acl) {
                            $acl = trim($acl);
                            // ABP: changed to partial match
                            if((strcmp($url, $CONFIG->wwwroot . $acl) == 0) || ($acl && strpos($url, $CONFIG->wwwroot . $acl) === 0)) {
                                    $allowed = true;



  • @shellcode

    the point is that the user is not enabled before the email validation (that is how it behave on my side)

    so i couldn' get an entity with the $user = get_entity($user_guid);

    That is done by the  get_access_sql_suffix function which is called during the get_entity process and which doesnt return any entity if $ENTITY_SHOW_HIDDEN_OVERRIDE is set to false, which is the standard setting.

    Thats why i used the access_show_hidden_entities() function to set it to true, and back to false at the end of the emil validation process.

    I had to add a $user->enable() too, otherwise the user wouldn't be enabled.

    I dont know why it works that way on my side, as i didn't change any standard setting ....


  • I just noticed that when I enable the site_access with walled garden and in my customized index page (before the user logs-in) I display data like the newest groups then the user gets the error message that he/she isn't authorized to view the page and they need to log-in first.

    Is this a known issue/is there a fix for it? (is it related to the order of the plugins?)


  • hello so I have integrated this plugin in my site but now i have a problem... I have vazco_topbar installed and i have turned the login box off at my site so that I only have a login box on the topbar but after i installed your plugin i can't turn it off....The login box shows up all the time... Is there any help????

  • nevermind i found the problem.... just upload the login.php from your vazco_topbar folder /views/default/account/forms in the one of the site access folder /views/default/account/forms and it will work

  • This is a cool plugin and comes in very handy, however i wish it worked with email login/superid.

    Any work-arounds for that?

  • We are using the PHPMailer plugin, in conjunction with this one. All system messages, except for the activation emails, are received by users almost immediately but people aren't getting the activation emails at all. Can anyone offer some advice on what I should troubleshoot? Does it have anything to do with how the plugins are loaded? I have Site Access enabled at the bottom of the tool list and PHPMailer enabled just above it.

  • why signup members get 2 comfirmation email for verify?Anyone know how to make it one?

  • @Ken Yeap

    You probably still have uservalidationbyemail enabled.

  • How do I add more fields in during registration and those same fields (with the info filled in) get added in the Profile / edit profile form as well..

  • I wrote a site access demo to show how to do this...  look for my other addon I wrote to demonstrate this.

  • I still want to show up all the images like newest members,lastest images when the walledgarden is enable.Does anyone know how to do that?

  • @ ken yeap ... try inserting "mod/profile/icondirect.php" in the walled agrden options field in the admin options.

  • Shell code ... this is an awesome plugin ... one of the best in my opinion.

    A couple of obeservations that I hope might help you and/or other users in the future.

    It is compatible with skot's slim login box but slim login needs to be below site access.

    Also regarding Cash's uncaptcha, just in case there's any misunderstanding, I believe that uncaptcha does stop bots from registering. It has an additional 'email' feed when registering, a human eye will not see it, a bot will see it and enter an email. If that 'invisible' box contains information, the plugin refuses it. I've found it effective.


    I hope the info saves you responding to enquiries or helps in a little way because you've contributed a great deal, it's the least I can do.

    cheers :)


  • 'email' field ... not 'email' feed

  • I'm having trouble ... can somebody please tell me what I need to enter into the walled garden exclusions options so that group icons will show on my front page.


    Also ... having enabled the debog info ... where can I see the debug info (probably stupid questions I know!).

  • @phil clicking on a link on the main page pops up a message with the debug info for that link. 

    I too would like to know how to enable latest images icons, at moment just getting either empty space where icon should be in ff or that horrible little box with a red x in ie7.

    @shellcode thanks for this great plugin!

  • I was wondering if you could have multiple passwords?


Project Info


  • Category: Site admin
  • License: FreeBSD license
  • Updated: 2015-9-18
  • Downloads: 9738
  • Recommendations: 6

Other Projects

View shellcode's plugins