[Elgg 1.8-1.12 & 2.X: Login required] v1.8.3

Release Notes


  • Only code clean-up. No changed functionality.
  • How do you get content marked with access level public to show up without login prompt? Surely this must be a bug in Elgg, because turning on the walled garden setting explicitly says that: 

    Enable the site to run as a private network. This will not allow non logged-in users to view any site pages other than those specifically marked as public.

  • Also, any idea what to put as the regexp to allow rss feeds as public? I tried allow[] = 'view\=rss'; but it doesn't work.

  • @Thomas:

    This is not a bug. There's a difference between the object-based access level ("Public", "Logged-in" etc,) and the so-called walled-garden mode. The object's access level is a more granular definition of access / visibility for each object while the walled-garden mode will gain / restrict access on a per-page level. For example the walled-garden functionality would block the display of the "all blogs" page entirely while you would see at least the blog postings with "public" setting when not logged in otherwise.

    If you want objects (blog postings, files, profile fields etc.) that have access-level "public" to be accessible when not-logged in, you must not activate the "Restrict pages to logged-in users" option in Elgg or use the Loginrequired plugin (btw. you can only use either the built-in option or the Loginrequired plugin but not both at the same time).

    The description for the walled-garden option in Elgg core ("...pages other than those specifically marked as public") does not refer to the objects access level but to whole pages (= "Elgg views"). This includes for example the login / registration pages and also the pages defined with the externalpages plugin ("About", "Terms", "Privacy"). More allowed pages can be added via the 'public_pages', 'walled_garden' plugin hook. For the Loginrequired plugin the allowed pages are defined in its start.php and it also triggers the 'public_pages', 'walled_garden' plugin hook and its own 'login_required','login_required' plugin hook.

    Regarding giving access to RSS feeds:

    It's not possible. The rss view is only a "viewtype". The URL of an Elgg view / a page to be displayed consists of "site url" + "view name (pagehandler url)" + "viewtype". The Loginrequired plugin manages the access based on the "view name (pagehandler url)" part and completely ignores the "viewtype" part (or anything else that follows after a "?"). You wouldn't be able to give access to rss feeds only without giving general access to this page in general. Also, the "view name (pagehandler url)" is different for every rss feed. Basically, you would need to grant access to many, many pages for people not logged-in - which is exactly the opposite of the walled-garden mode.

  • It seems like new users cannot validate their email when using this plugin (User Validation by Email).  When a newly register user follows the link to verify his/her email an error is generated: "You must be logged in to view this page."  But how can the user be looged in if the email hasn't been validated yet?  Trying to log in re-sends the User validation email, resulting in a loop of a user trying to validate his/her email, and the system to keep sending emails to validate.  Any ideas?

  • @diamantis: Sorry, I can't reproduce the error you are describing. Registration / activation / log in works for me.

    What version of Elgg are you using? Are you using any 3rd party plugins that modify the registration options (a theme, some plugin to allow for registration/login with facebook/twitter etc. accounts)?

  • Thanks iionly.  I am using 1.8.6...you know it's probably not your plugin.  It seems that the email validation is not working properly in general (for me).  I don't have many plugins installed, and I am using the default theme.  I actually disabled all the extra plugins (not many, just Mobilize, Rename Friends, and GDocs File Previewer), and still the same issue.


  • @diamantis: my first guess is that your problem with validation emails is not caused by any Elgg plugin and also not directly by your Elgg installation.

    There are two possible reasons why you have problems with notification emails:

    1. Does sending/receiving of email notifications work in general? If you notice that you receive no emails telling you about new private messages and/or about new comments/content posted though you've enabled email notifications in your user settings, the problem is most likely caused by the setting of the email server (for example sendmail or postfix) on your server. In this case you need to get the config of the email server working. Then Elgg will be able to send mails including validation emails.
    2. Email notifications get sent and maybe even some validation emails reach their destination: in this case the missing validation emails get blocked by some email providers because they are identified as spam wrongly.

    Solving the second issue is a bit more difficult. First, you should check if you find any delivery failure notifications in the inbox of your server admin account (not the Elgg admin but for example the CPanel admin account). Normally, the email config should be set up to redirect any notifications about undeliverable emails to this account. Within these notifications you might find some error codes telling you about why emails couldn't get delivered. If the email address the validation email should have gone to does not exist, you can't do much - either manually activate the account or delete it (if the user can't provide or don't want to provide a valid email I kick them out...).

    You might also find some other error codes telling you that the email delivery was blocked because it was assumed to be spam. For the meaning of the error codes you need to do some research either on the website of the email provider or via Google.

    In case you notice a lot of blocked emails due to possible spamming assumed by the email providers, you should check if the IP address of your domain is blacklisted: http://cbl.abuseat.org/ and  http://www.Spamhaus.org and http://www.senderbase.org. You need to remove your IP address from the blacklists. There are several reasons why your IP can end on a blacklist: if your site is new even a few possible spam mails send from the IP can be enough for one email provider adding this IP on a blacklist. Other email providers will then also block this blacklisted IP. Maybe you don't have your own dedicated IP address for your domain. In this case other sites on the same server might have been sending spam. The site that used the IP address before you might have been responsible for the blacklist entry...

    So, if your site is blacklisted, you need to get your IP address removed from the blacklist. But this is no guarantee that the IP will not get added later again. To make your domain/the IP address more trustworthy you should enable some verification methods on your server to allow for the email providers to check the origin of the emails are okay:

    1. make sure that your domain has a correct enty to allow for reverse DNS-lookups. The dafault entry won't be enough. It must fit to your domain. For example ATT wants a correct entry. Most likely you can't set up the entry yourself but only your webhoster.
    2. other verification methods are DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). I'm using SPF and made good experience with it. I had my IP getting blocked twice by MS right at the beginning (including all the domain connected with MS: msn, live.com, hotmail etc. etc.). SInce using SPF everything is fine.
  • This is very useful information iionly.  I indeed need to check all this, and it's excellent insight.

    The emails do get to their destination though (at least those i tested), and when the newly registered user clicks on the validation link, the opened webpage dispays: "you must be logged in to view this page."  I deactivated your plugin, and I get the same error when I enable the walled-garden (with your plugin deactivated)...just to clarify, I uncheck the walled-garden when I enable your plugin.  Basically I get the same error either way (your plugin, or the walled-garden option).  The users do appear in the "Unvalidated Users" queue in the admin utility.

  • @diamantis: Sorry I think I need to change my mind on the possible reason for your issue. I just now noticed (again) that you had already posted before telling about your issue - and I also had already responded.

    Taking into account that the validation email is sent and received but the validation by clicking on the link does not work when either the Loginrequired plugin is enabled or Elgg core walled-garden option is enabled then you can surely forget about emails blocked by spam (at least regarding this issue). As I had stated in my response on your first posting, the problem most likely is caused by some other plugin you are using on your site. This plugin needs some action and/or view to be accessible by site visitors before the login. Likely candidates would be any plugins that add the option to join/login with an account of Facebook, Twitter etc. For the authentification process using an external account there are some scripts included in these plugins called. By default Loginrequired or Elgg core walled-garden block access to any scripts or views not defined as publically accessible.

    You know best what plugins you have installed. Without more information - at least knowing what plugin exactly is causing the issue - I can't help you any further. For testing: disable any 3rd party plugins to see if account validation works then. If yes, you need to do some more testing to figure out what plugin is the blocker. You might also find some entries in your server log / Apache log telling you what script/view was blocked.

    If you know the plugin, I might be able to help you. Or you might be able to solve the issue on your own. You simply need to add the views/scripts that need to be available when not logged in to the allowed urls in Loginrequired's start.php. Alternatively, you can also define these views/scripts as plublic using the "'public_pages', 'walled_garden'" plugin hook. When using this hook, you would preferably define the public views in start.php of the other plugin. Then it will work both for the Loginrequired plugin and Elgg's core walled-garden.

  • This might be a stupid question..

    With the social login plugin and the login required plugin, it seems even with "Allow new users to register" turned off users will still get auto-registered when using a social login..

  • @buraddo: are you really sure that the Loginrequired plugin makes a difference regarding restricting account registration with the Social Login plugin?

    I rather suspect that the Social Login plugin does not care about the "Allow new users to register" setting at all. This setting is mainly aiming on turn on/off the account registration "on-site". It does not block account creation via other than the Elgg core method. I don't know if the state of the "Allow new users to register" setting can also be used by other plugins - this would be a question to ask for example the developer of the Social Login plugin. Are you needing the Social Login plugin to be active (for existing accounts maybe), if you don't want new users to login with their accounts from other social networks?

  • I might have had the same problem as diamantis.. Someone was registering after being invited, had to validate his email nevertheless and got an "access denied" while trying.

    I could solve that by allowing the action performed by the "uservalidationbyemail' plugin. This can be achieved by adding "$allow[] = 'uservalidationbyemail/confirm';" in the "allow"-array in start.php of your plugin.

    By the way, iionly thanks for this plugin. The Login-page is customizable in my interest, just in contrast to the "walled garden"-core function.

  • @henner: does this only happen with invited users? Which version of Elgg are you using and are you using the latest version of the Loginrequired plugin? I just checked the start.php of uservalidationbyemail included in Elgg 1.8.8. The "uservalidationbyemail/confirm" url is already configured as "public page" for Elgg's built in walled-garden function. These "public pages" defined within other plugins are also added automatically to the "allowed urls" of the Loginrequired plugin. Therefore, it should not be necessary to add the same url again manually. I just tested it and for me it worked with an invited users without any changes necessary. Though you might need to use Elgg 1.8.8 - I don't know (at least not without checking) if there had been an issue with the "uservalidationbyemail/confirm" url in earlier version of Elgg.

  • Hm, I am using elgg 1.8.8 and loginrequired 1.8.3. But it could be, that I had just needed to move your plugin to a position where it loads after uservalidationbyemail. For some reason I thought I had tried that as well... I will test it and see whether that was what I missed.

  • Yepp, that was the problem. Maybe you add this to your installation instructions? I could imagine there are others as slow as me. I just did not get the point of "It checks Elgg's walled-garden plugin hook for public pages".

    Thanks anyway for looking into my issue!

  • This plugin restricts access to some pages, but I want to decide what buttons to show on the home page so that after login the other buttons can display. plz advice

  • @kxx4: sorry for the late response. I'd been on vacation. I don't understand what you mean with "buttons". The plugin restricts/gains access for pages based on their URLs. You can add URLs of site pages to be allowed to be visited by anonymous users by adding the URLs to the array of allowed URLs in start.php of the Loginrequired plugin. This will not modify the layout / "buttons" on your home page though. To configure the home page layout you will have to add the corresponding code to loginrequired/views/default/page/layouts/loginrequired_index.php and maybe include if-statements (logged in or not) to offer different layout for logged-out and logged-in visitors.

  • hello iionly
    Elgg met recently, my knowledge is very limited. could you help me how to change the position of the login widget, taking him to the right.
    Sorry about the lack of consistency, and thank you already.
    Congratulations plugin ... recommended!

  • Hi jerffeson,

    in the directory mod/loginrequired/views/default/page/layouts you will find the file loginrequired_index.php. Within this file the look of the login page is defined. In the same directory you will also find an example of how you can populate the right hand column with content. The example shows how to add a widget to the right column than will show an image (you would only need to change the path to the image that should be shown and of course rename the file to loginrequired_index.php as this file will actually get used by the plugin to built the login page). The loginrequired plugin is also very similar to the custom_index plugin that is bundled with Elgg. You could look into the code of the custom_index plugin to find out to add other widgets to the login page, if you want to.

    Now if you only want to move the login widget from the left to the right, you would need to add a second column of content and then move the code that displays the login widget from the left column to the right one. Here's the code for the file mod/loginrequired/views/default/page/layouts/oginrequired_index.php that would do this:

     * Loginrequired Login page layout

    $mod_params = array('class' => 'elgg-module-highlight');

    <div class="loginrequired-index elgg-main elgg-grid clearfix">
            <div class="elgg-col elgg-col-1of2">
                    <div class="elgg-inner pvm prl">

            <div class="elgg-col elgg-col-1of2">
                    <div class="elgg-inner pvm">
    $top_box = $vars['login'];

    echo elgg_view_module('featured',  '', $top_box, $mod_params);

    echo elgg_view("index/righthandside");


  • iionly thanks for listening. helped me a lot.

  • Hi iionly,

    Hope you're still monitoring this site, last messages was 4 months ago..
    I use login required on elgg 1.8.3 to have a public page, which I customized in the loginrequired_index.php and in start.php. This works fine, thanks for the good work !!

    However this plugin renders gdocs file previewer unusable. Actually, with loginrequired active, gdocs veiwer loads the loginrequired_index.php page in xml view. This gdocs plugin works only if I disable loginrequired. Have been trying to declare some hooks etc required for gdocs to loginrequired start.php and the allow tray. So far no luck.

    Any idea on this? Thanks !

  • I had another thought, inspired by you story on the plugin order, and indeed, after I moved the loginrequired plugin to the bottom, the issue is fixed !

  • Do you really need this plugin? Just have your site on open garden and put the following in the start.php of your theme depending on which pages you want to protect:


    // gets current site url

    $url = "http://" . $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; 


    // list the pages you want to protect

    if ((false !== strpos($url, 'activity') || strpos($url, 'thewire') || strpos($url, 'photo') || strpos($url, 'group') ||  strpos($url, 'member') || strpos($url, 'profile') || strpos($url, 'video') || strpos($url, 'event') || strpos($url, 'news') || strpos($url, 'poll') || strpos($url, 'answer') || strpos($url, 'page') || strpos($url, 'blog') || strpos($url, 'file') || strpos($url, 'group') || strpos($url, 'bookmark') || strpos($url, 'friend') || strpos($url, 'job'))  && elgg_is_logged_in() == FALSE) {




    // protecting upgrade might be a good idea

    if (false !== strpos($url,'upgrade')) {




    // to hide search from not logged in visitors

    elgg_register_event_handler('init', 'system', 'minimal_hide_search_init'); 

    function minimal_hide_search_init(){ 


        elgg_unextend_view('page/elements/header', 'search/header');




  • @Daniel Hazelzet: The Gdocs plugin version 1.02 description mentions something about Walled-garden to work with the 1.02 version (but not earlier versions). In start.php of Gdocs plugin a public accessible page for the file viewer is defined which should be fully compatible with the Loginrequired plugin. Though you would need to place the Loginrequired plugin below the Gdocs plugin - as you've already found out. :-)

    @armanda: Feel free to use the Loginrequired plugin... or not to use it. Of course, there are other ways to create a walled-garden site. You might even be fully okay with the way Elgg's core walled-garden option works. Personally, I prefer to use the Loginrequired plugin - which is also fully compatible with the way Elgg's built-in walled-garden approach works -  as I find it easier to configure / add new exceptions. But everyone should test out what to use on their own and use what works best for them.

  • @Amanda, I prefer the login required plugin too, as it easily seperates my public and private content. The public content has a totally different purpose while the private content is only for registered users.
    thanks for the tip though, certainly for the Search hiding option, that was one thing I had not resolved yet.

    @iionly, Thanks. I now have an issue with my "Login with Facebook" plugin and the "Uservalidation by Admin". Login with Facebook account works, but does not load the registration page and bypasses the validation by admin too. A succesful registration mail is send to the new user though.
    I've been looking into the options within the created app on Facebook for this, but can't find anything to have it respect the registration form, and preload the Facebook data.
    I've read your comments above on these social plugins, but the subjects are different.



  • Category: Misc
  • License: GNU General Public License (GPL) version 2
  • Updated: 2016-12-11
  • Downloads: 8387
  • Recommendations: 26

Other Projects

View iionly's plugins