Site Access 2.6. Full working release for 1.7+ v2.6

Release Notes

In this release:

*Added direct email confirmation support (no more use of token or token errors during email confirm)

With Love,Uddhava dāsa

  • The mod I mentioned is friend_request. As I said it requires the person you want to friend to approve and it automatically makes the friendship reciprocal.

  • @stan & RPGRealms

    Thanks for your comments.
    I am using v1.7.1 and have friend_request installed.
    Do you think thay friend_request is stopping invited members becoming the invitee's friend?

    The Riverdashboard states that they are both friends, so I would like this to happen - or change it so the Riversdash doesn't state they are ;)

  • @elggfan

    I do not have friend_request installed.  It is a good chance friend_request is conflicting with site access.  I have seen where some plugins do not work 100% together.  Try disabling it and see what happens.

  • Has anyone tested this on Elgg 1.7.2? I am considering doing so. I had wished that ShellCode would come back and upgrade/update his own plugin. Uddhava, thanks for  your efforts. When was the last time this plugin was updated? ...I don't like the plugins pages here on Elgg; it doesn't actually say when the plugin itself was updated.

  • Hello,

    I have done only maintenance releases, latest was 90 days ago for 1.7.1. Haven't tested 1.7.2. Is it worth upgrading? I saw the changes in the new release, and they are minimal.

    With Love,
    Uddhava dāsa

  • @ All.
    It appears to be working fine in 1.7.2

  • Uddhava, do you use it in conjunction with other plugins, like Kevin's form plugins, flexprofile, flexreg, etc.? Or how about with Jeroen's profile manager plugin? How well does it go?

  • catchpa is not showing in 1.7.3

  • There appears to be a conflict with our theme:

    Elggzone Darkgrey 1.7.1 (elggzone_darkgrey)

    and the plug-ins captcha (guess  the fields are hidden by the theme)...

  • There is a file called register.php in the /actions directory. Recommendation is to rename the existing register.php to registerBU.php, then copy the register.php file from the extracted Site Access into the /actions directory. Just as other plugins that you install, you'll need to copy the siteaccess directory (from /siteaccess/mod) into the existing /mod directory. And finally enable the plug-in in Administration under Tool Administration.

    Note: I'm experiencing issues with the installed theme (noted above) and the Site Access captcha (not being displayed in the theme). Haven't yet found a work-around...

  • Many thanks the siteaccess Version: 2.4

    Author: Uddhava dasa 1.6 Update.

    After two weeks test.

    The plugin works like a dream without any problems so far running with

     elgg Release - 1.7.3, Version – 2010071002.


    Before using this security plugin our site was bombarded with spammers

    Posting hundreds of spam blogs.


    It’s quite simple now to check new members email address and delete their accounts before they cause havoc.


  • @Udhava dasa

    I tried the fix that slyhne suggested for the problem when a user changes his email address (see page 3), but it did not work.  The reason is that when the user list is generated in index.php, it calls siteaccess_users() in start.php, which calls elgg_get_entities_from_metadata(), looking for the "validated" metadata.  Since that metadata is deleted when the email address is changed, the user is not listed.  Probably the best way to fix the problem is to update engine/lib/users.php on lines 1328 and 1329 from this:

                          (delete_metadata($validated->id)) &&

    to this:

                          (create_metadata ($user_guid, 'validated', false, '', 0, ACCESS_PUBLIC)) &&
                          (create_metadata ($user_guid, 'validated_method', $method, '', 0, ACCESS_PUBLIC))

    This will simply set the "validated" metadata to false and the "validated_method" to blank.  after this fix, the unvalidated users will show up in the list.  Since this is in the elgg base code, should we ask Brett to make the change?  What is the process?


  • CAPTCHA NO BEUNO in 1.7.4, either doesn't show up or shows and you get "you entered the wrong text". Then if you use Profile Manager and set for mandantory icon upon register, it acts like it takes the icon upload, it does register, but no icon when you log in!

    Can someone consider improving these oh so important plugins working together-Site Access, Vazco Gmap, Profile Manager and Captcha in EVeRY release!

  • Site access seems to also have bad code in 1.7.4 no captcha, when it does show, it work take the code.

    Prof Man no good, Site Access not good....sigh

  • Did you try to register or just screen shot the fields and captcha? I get the fields and captcha also, then when I try to register I get "the text you entered does no match..."  This is brand new 1.7.4 install with brand new Dbase.

    Screen shot is on my other machine. Try yourself at

  • Confirm Site Access was the only plugin loaded other than all stock plugs.

  • I am also using Dark Gray theme and I am having the same problem as S3Indiana. The captcha image and input fields are not showing up on the registration page. Im assuming just a little code should be entered into a register.php somewhere just not sure which code and which register.php. ????? Please some help?

  • I have an update to the fix for listing users to be activated after they change their email address.  I submitted a trac ticket (#2518) to update the core Elgg, but it turns out it was a regression to a previous version.  There was a problem with the uservalidationbyemail plugin that would prevent validation of the email.  I don' t think this is a problem with siteaccess since that plugin should be disabled, but it could be if siteaccess is disabled and uservalidationbyemail is reactivated.  Instead, I have the following fix to siteaccess only, thanks to some code written by Brett.  In the siteaccess top level directory add the following function before function siteaccess_count_users:

     * Returns all users who haven't been validated.                                                                
     * "Unvalidated" means metadata of validated is not set or not truthy.                                          
     * We can't use elgg_get_entities_from_metadata() because you can't say                                         
     * "where the entity has metadata set OR it's not equal to 1".                                                  
     * @return array                                                                                                
    function uservalidationbyemail_get_unvalidated_users_sql_where() {                                              
            global $CONFIG;                                                                                         
            $validated_id = get_metastring_id('validated');                                                         
            $one_id = get_metastring_id(1);                                                                         
            // thanks to daveb@freenode for the SQL tips!
            $where = "NOT EXISTS (
                            SELECT 1 FROM {$CONFIG->dbprefix}metadata md
                            WHERE md.entity_guid = e.guid
                                    AND md.name_id = $validated_id
                                    AND md.value_id = $one_id)";
            return $where;

    Also in function siteaccess_count_users after the "if" line and following comment, add the following:

               if ($meta_name == 'validated')
                   $count = elgg_get_entities(array(
                     'type' => 'user',
                     'wheres' => array(uservalidationbyemail_get_unvalidated_users_sql_where()),
                     'limit' => 9999,
                     'count' => TRUE));

    And add another "}" before the call to access_show_hidden_entities on its own line.

    Then in function siteaccess_users make a similar change with:

              if ($meta_name == 'validated')
                   $entities = elgg_get_entities(array(
                     'type' => 'user',
                     'wheres' => array(uservalidationbyemail_get_unvalidated_users_sql_where()),
                     'limit' => 9999,));

    And add a similar closing brace "}".






  • My lovely elgg friends and siteaccess friends, please I myself and many others really need site access to work with Dark Gray Theme. The captcha does not show up on the registration page. And the bad thing is, people cannot register on my elgg website without site access as it is unless i have the email validation activated. When they try to log-in it says they arn't active.

    So what I am trying to get accomplished is for the captcha from SiteAccess to show up on the registration page when using Dark Gray Plugin because people cannot register without me using it! Thank you,


  • I just wanted to apoligize and say that siteaccess may well work with 1.7.4 etc. as I my Vazco userURL plugin was causing makor problems with standard captcha and other things in 1.7.4. Site access may well be fine as Dhrup said in these newest releases, just be careful if you have Vazco_URL, a plugin I really need!

  • Hi,

    I installed the plugin but when I change line 347 with the code you provided, it breaks the system.  When I try to save settings, I just get a blank white screen.  I can't access the site until I return line 347 to its original content.  I've tried it 3 times and triple checked the line of code.  Does anyone elase have this problem?

  • @MontanaMike

    The instuctions for updating line 347 have an inaccuracy that is probably causing your problem.  In my original line 347 there is no "{" at the end of the line, but there is one on line 348, so when I made that update, I did not include the trailing "{".  You can fix  your problem by making the recommended change but delete line 348 so there is only one "{".  The blank white screen is due to a PHP error, which could be caused by an extra "{".  It confuses the PHP interpreter.

  • Stan

    Thanks.  I should have noticed the extra '{'.  Brain freeze. It works as advertised now. Very pleased

    Several questions and a suggestion.

    First the suggestions.  I installed site access to limit spammers.  But what I didn't anticipate was that when I get a new registration, I have no way of knowing if the new registrant is a spammer or not.  All I have is his username.  What I'm thinking is needed as an additional field where the new potential registrant adds some description of why he/she is signing up.  Of course spammers can lie but it would at least give me some additional information about the person.  My site is regional so I might ask for the city and state of the person who wants to join.  Most of the spammers I see are from .ru


    1.  I want to have paid subscriptions so I'm interested in intergrating paypal.  The scenario is that the person fills out the registration form and submits it.  The next screen whould have a paypal subscription button.  Paypal reurns the user to the subscription process with perhaps a invite code to authorize the user.  Can you suggest how to hook this up.  Is your plugin the right place to do it.

    2.  I still have one "unvalidated email" listed that is a residule of my testing of the plugin.  I cannot delete the entry because its my admin account.



    Love your plugin.


  • I installed siteaccess a few days ago.  I was getting spam registrations at a rate of about 1 or 2 per day.  Last night I got 91 and almost all from China.

    I'm going to enable COPPA and Site Passwords tonight but any ideas on how they are able to register without my approving them?

    Also, it would be nice if the list of new registrants under the "users waithing to be activated" had checkboxes so I could delete or activate them in bulk with one operation instead of one at a time.


    My current Registration Options
    Allow account activation via email?  No
    Auto activate account? (does not enforce email validation) No
    Send join events to River Dashboard? No
    Require invitation to register? Requires plugin "invitefriends" (invitefriends is disabled )
    Require coppa to register? no
    Require site Password to register? no



Project Info


  • Category: User admin
  • License: FreeBSD license
  • Updated: 2014-11-17
  • Downloads: 10352
  • Recommendations: 14

Other Projects

View Uddhava dasa's plugins