Authorising and Approving Joomla Users
For my latest project I need, for security purposes, to check the details of every user who registers on the site BEFORE I approve them. Dependent on their answers to the questions on the registration form they will either be rejected, approved or approved as members of a privileged usergroup.
Adding the Registration Questions
By default the Joomla registration form just asks for a name and email address - but I needed more. I could have used an extension but as I try not to use any extensions if I can avoid it (this reduces the pain points on upgrades and reduces site maintenance tasks) I chose to use the User Profile plugin that ships with Joomla. However I needed a few extra questions so I had to modify the plugin - but in most cases this probably won't be necessary.
Forking the User Profile Plugin
If I had simply edited the plugin then I ran the risk of these changes being lost on an update so I had to "fork" it. This is an incredibly easy process for a plugin.
Step 1. Copying the files
Using my ftp client I simply went to the plugins/user/ directory and copied the profile folder with a new name - in my case it was siteprofile.
Step 2. Naming the plugin
Now I just need to rename the plugin so that it will appear in the Plugin list as a new plugin. Open the profile.xml file with an editor and change the value of the <name> and <filename plugin.. as shown below.
Step 3. Installing the plugin
All I have to do now is to make sure that Joomla can see the plugin. Go to Extensions->Manage->Discover and you should see the new plugin listed. If you don't then click on the Discover button and it will be listed. Now you can select it and install - and don't forget to enable the plugin, I always forget that.
Step 4. Adding Extra questions
I can now add and customise the questions in my User Profile plugin simply by editing the relevant xml files. This is a simple process and there are many tutorials online to help you if you get stuck.
A Bug in Joomla 3.6.5
Unfortunately there is a bug in Joomla 3.6.5 that prevents the "required/optional" field process from working correctly. It is listed in the known issues on the Docs web site and has been fixed for Joomla 3.7 but as I needed this on my site I had to apply the patch from Github. (Yes I know I am hacking the core but as this patch has been merged into 3.7 I know I won't lose the change on an update.)
The Registration Process
As I said at the beginning, for this site I need to check the details of every user who registers on the site BEFORE I approve them. To do that I set the following options:
- Allow User Registration - YES
- New User Account Activation - ADMIN
This means that when a User registers on the site then:
- An email will be sent to the User to confirm registration
- The User confirms the registration
- This triggers an email to the Admin
- Admin receives an email with a link to approve the User
The Big Problem in this Process
When the code was added to Joomla to send an email to a User on activation it was only partially done.
There is a link in the Admin email that if you click on it will automatically activate the User and send them an email that their account has been activated. This isn't good enough for me as I need to check the registration details in the profile and this information isn't in the email. Plus in some cases I need to change their usergroup so I need to check the user registration details in the Joomla admin interface.
However there is no code at all to send an email to the user if you activate them from the admin interface - so they never know that they have been approved and can use the web site. This has been reported as a bug several times and is a regular report on the Joomla forum - see https://github.com/joomla/joomla-cms/issues/13620
I did spend some time looking at the code but this was definitely above my skillset to resolve so I needed a different solution. The client pointed out that all we really needed was a button in the admin interface that when clicked would send the email to the user when we approved the account. It wouldn't be automatic but as it was just one click we agreed it was an acceptable solution.
I searched the JED and found nothing, I searched the web and found nothing and then I searched the JED using google and found something - a little plugin called wbReactiv from my good friend Yannick https://extensions.joomla.org/extension/wbreactiv/
Yannick had a different aim for the plugin but it had all the functionality that I required. I just needed to customise the code a little - but that was very simple (with Yannick's help) and mainly just to change the message that was sent to the user.
You can find my fork on github if you think it will be useful to you then go ahead and give it a go. Even better would be if someone looked at resolving this directly in the Joomla core.