Show new user form to only logged in users

Hi @temak

I hope you’re well today!

Let me break that down into two separate parts:

1. “admin” user role for new users

When plugin creates a new user, it automatically assigns a role that’s set in form configuration. This isn’t a bug – it’s for you to decide which role to assign. In “User Registration” setting of the form under “User Role” option you can set which role should be automatically assigned to newly registered users. It can be “fixed” or “conditional” (based on content/choices of other form fields) but still – the only role that can be assigned by Forminator is the one that is set there.

If it is set to admin – it will create an admin user.

Please double-check it and make sure that you have correct role set there.

If you have role lower than admin and yet, still an admin user is created it would mean that there is some conflict on the site – with some other other plugin or custom code and that would require full conflict test to pinpoint such conflict.

Knowing what’s causing such conflict, we could then look into it to check if/how it could be solved.

2. Logged-in restriction

User Registration form does not have option to be restricted to logged-in users indeed. This type of form was never meant to be for site admins/managers to help “manage users”. It’s only a way to create additional custom registration form to be put on any other page than default/standard registration. A logged-in user cannot register “own” account as they are already registered – hence no such limitation (as it’s not “user management” form).

The simplest workaround for that is to block access to the page with that form for visitors (not logged-in users). For example:

– you can set page with the form to be “Private” and that will only be available to admins and editors

– or you can instead set it to be password protected – all users that have that passwords will be able to access it but not anyone else

– or you can use this simple free plugin to restrict access (for logged-in users only) to the page with the form:

https://www.ads-software.com/plugins/pagerestrict/

Kind regards,
Adam

Hi @wpmudev-support8

1. Yes the form correctly creates the new user and assigns the role set in the form to that user for the particular network site. For some reason though, that same user with restricted access on network site 1 is set as an admin on network site 2 for example. Not sure how this is happening.
2. The use case here is that ‘managers’ create user/client accounts and not that the managers are creating their own accounts. The form isnt open to all site visitors and can only be accessed by a logged in account manager but the form doesnt have that option to show only to logged in users and this restriction has to be set on a per-page level. Could this feature be added at some point to user forms, since its optional and users setting up forms can choose to toggle the logged in option on/off just as is available in other forminator forms.

Cheers

Hi @temak

Thank you for response!

Yes the form correctly creates the new user and assigns the role set in the form to that user for the particular network site. For some reason though, that same user with restricted access on network site 1 is set as an admin on network site 2 for example. Not sure how this is happening.

So yes – that definitely is not an expected behavior if it comes to the Forminator form. There must be something additional on site that’s causing that.

I understand that this is a multiiste setup. The Forminator form in questeion – is on the main site or one of subsites. Are there any other plugins whatsoever on site that may be in any way related to either user registration or user managment (e.g. some other plugins that also have registration feature built-in or some “membership”/user acess type plugins)? If yes – what are they?

Could you also check one additional thing?

– as super-admin go to “Network Admin -> Sites -> All sites” page
– find one of sub-sites where you know such new user was created incorrectly as “admin”
– and click “Edit” link
– then switch to “Settings” tab
– and find “default_role” line

What does it say there – is it “subscriber” in option field or is it “administrator”?

but the form doesnt have that option to show only to logged in users and this restriction has to be set on a per-page level. Could this feature be added at some point to user forms,

That’s right, registration forms only have option to be hidden from logged-in users. They don’t have option to be hidden for visitors – as I explained previously they were never meant to be used this way. They are intended to be used only as additional custom front-end registration forms for new users to create their own accounts easily.

But I see your point. I’ve suggested it to our Forminator Team so our developers will look into it and there’s a chance will add it in future. I’m not able to give ETA, though.

Best regards,
Adam

Hello @temak ,

We haven’t received a response from you for some time so I will close this topic.

If you need more help let us know.

kind regards,
Kasia

Hi Adam @wpmudev-support8,

Apologies for the delayed response. Here are the answers to your queries:

I understand that this is a multiiste setup. The Forminator form in questeion – is on the main site or one of subsites. Are there any other plugins whatsoever on site that may be in any way related to either user registration or user managment (e.g. some other plugins that also have registration feature built-in or some “membership”/user acess type plugins)? If yes – what are they?

Yes we have other plugins on the site for forms such as advanced forms pro by hookturn and user role editor (adds new custom user roles). At the moment, they work fine and the login/reg form we have using the other plugin is on a separate page with no issues so far. The forminator form is only available on a restricted page for managers only and has been working fine but recently noticed that a new subsite was added for one of the new users created via this form.

Could you also check one additional thing?

– as super-admin go to “Network Admin -> Sites -> All sites” page
– find one of sub-sites where you know such new user was created incorrectly as “admin”
– and click “Edit” link
– then switch to “Settings” tab
– and find “default_role” line

On the new site, the default role says ‘subscriber’

That’s right, registration forms only have option to be hidden from logged-in users. They don’t have option to be hidden for visitors – as I explained previously they were never meant to be used this way. They are intended to be used only as additional custom front-end registration forms for new users to create their own accounts easily.

But I see your point. I’ve suggested it to our Forminator Team so our developers will look into it and there’s a chance will add it in future. I’m not able to give ETA, though.

Ok great thanks. It will be a helpful feature since its already available for other form types and the user can simply choose if they want the form to be shown only to logged in users or not

Hi @temak

There is one thing that is missing here and this is the default core feature. In Network -> Settings please check your “Allow new registrations” section. With or without Forminator this part is responsible for allowing any logged-in users to register new sites if “Logged in users may register new sites” is selected.

Kind Regards,
Kris

Hi Kris @wpmudevsupport13

The setting doesnt allow registrations on the network level – https://prnt.sc/nuB4LcdXpfAA

Kind regards

Hello @temak ,

I’m not sure what do you mean by that? Those options allow to register new subsites and users.

kind regards,
Kasia

Hi Kasia @wpmudev-support2,

I’m not sure what you mean by that. I was responding to the previous reply asking what the network settings are. The current setting has registrations disabled so new users on one site shouldn’t be able to create new sites on the network.

Kind regards.

Hi @temak

Sorry, that was probably some small misunderstanding or mistake post on our end.

Anyway, it does seem that creating of new sites is indeed disabled and then this means that:

– only super-admin account can create new sites (users can’t)
– or there is some code/plugin on site that is able to override that restriction (e.g. able to create sites/change user permissions directly by hooking to WordPress core/using WordPress core functions).

Forminator can’t do this. With setings (of site and form) that you described only thing it can do is create new user account of subscriber role and that’s it. After that is done it’s not done by Forminator because it does not have any features for “user management” – it can’t further edit or manage user accounts.

Now if the same user that is set correctly as subscriber on a site they register on is at the same time set as admin on some other site – despite not being registered before and not being admin of that other site already – then it means there must be some other additional code causing it. I’m not sure if you have any custom code on site but if not, it would usually mean that some other plugin is involved in the case.

I would expect either other form plugin (if it also has any user registration or site creation features built-in; even if they are not in use currently) or some plugin(s) related to user management/membership/access control.

Obviously on a live multisite it would be rather difficult to do more “invasive” testing but it would be best to do full conflict test. If you have or can have some kind of staging/dev site (which would be a copy of live one) – disabling other plugins and keeping only Forminator, then testing if the same issue happens, then if it doesn’t – testing again and again with original plugins enabled one-by-one – should help find the culprit.

Other than this, would you be able to provide a full list of currently installed (and which ones are network-active, which ones are only per-site enabled on affected sub-sites) plugins? It may help us suggest what to check next.

Kind regards,
Adam