User registration for access to entire site with email invite

  • I am building an intranet site for a community to share confidential information. Access to the entire site should require registration and login. Registration should require an email invite with a unique registration code.

    Here is a description of the log-in process:

    1. An administrator user sends an invitation email to a potential user (the admin should be able to batch-send invitations).
    2. The potential user receives an invitation with a unique registration code and a link to the sign-up page.
    3. The user goes to the sign-up page and creates an account by giving the registration code, a username or email address and password. The registration code should then expire.
    4. The user can now login or log out whenever she chooses.
    5. When no user is logged in, a visitor should always be redirected to the registration page.

    So here’s the question: what plugin/plugins do you recommend to implement this authentication flow? I don’t need extra bells and whistles, and the interface should be unobtrusive. Our content craters shouldn’t have to worry about authentication or authorization. At the present, different pages don’t need to have different authorization settings. The whole site is available upon login, and nothing is available when no user is logged in.

    Thank you for your help!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    Why not let the default WP Add User routine handle that for you? You can customize the email message if you want. When an admin adds a new user, they do not assign a password and leave the notify email checkbox marked. The user receives an email with a hash key link that allows them to log in to the site after accepting a random password or choosing their own. Once that is done, they are a full fledged member. Without the hash in the email, they are no one and have no privileged access at all.

    Thread Starter socratic1

    (@socratic1)

    Hey bcworkz, sorry for the late reply.

    That sounds like an excellent suggestion, thanks a lot. Do you have some links or documentation that outlines the steps here in more detail? I’m quite new to WordPress development and have been having some difficulty with their authentication system (for example, I can’t figure out how to prevent access to the site before logging in).

    Moderator bcworkz

    (@bcworkz)

    No worries, I’m always here ??

    Nearly everything is done via filter and action hooks. This is explained in the Handbook linked below. “init” action is a common one. It fires after WP is initialized but before anything related to the request is done. A good place to stop non-logged in users. Hook this action with add_action(). You callback function could then check login status with is_user_logged_in(). If not, you could do wp_die() or wp_redirect() to the login page.

    The authentication part would not help here because it only runs when someone is trying to login. These users are either legit users or hackers. It’s an important part, but does not impact the general public accidentally landing at your domain. “init” covers those folks.
    Query Overview
    Plugin Handbook

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘User registration for access to entire site with email invite’ is closed to new replies.