User Sign Up: Disable activation code requirements

[kathreenriel]

The current process directs users to their email, to click on an activation code to confirm their account details. The current activation code no longer works.
Deactivate this process. This may require installing a plugin.

This issue is connected with #527 in its description of what to put in place of an activation code via email.

[alex-418]

Ready for validation. There was quite a bit to think about, so here's the sequence/workflow of how user registration now works. Just wanted to document this here and the registration flow.

Solution:

1. Added a plugin which handles removing the BuddyPress Activation. (I don't like the plugin much very much as it's very outdated, not maintainedm but does the trick... I'm assuming this is a short-term solution until Commons In a Box updates their version of BuddyPress)

2. Created a function via 8e4eb5a which :
   A.) Uses the registration forms$_POST['signup_username'] value to generate their profile URL (each is unique, requires the username)
   B.) Redirects the user to edit their profile
   C.) Removes the default text which is no longer relevant.

The Registration flow:
User registers -> Account Automatically Activated -> No activation e-mail is sent to user -> New account activation sent to admin -> User is automatically logged in ->Webpage displays Success and Redirection message -> If redirection fails, manual link is provided -> User lands on edit Profile page

I've tested this on my local and on cert, would like someone else to confirm this as well.

[kathreenriel]

@alex-418 Super
Re: B. Please change direction from profile page to homepage. All the current fields are mandatory so no need to go to the profile page.
Re Profile page (Select if you are an Organizer of training) user filled in the current form with the Organization - they don't need to do this since they selected an organization on the sign up page.
For future development: All users Learners and Organizers need to select their agencies/organization from the drop-down list not just Organizers remove (Select if you are an Organizer of training)

[alex-418]

@kathreenriel Right, got mixed up with the new registration workflow.

[alex-418]

@kathreenriel Completed via 2d9e70b

Ended up being quite a chunk of work because BP extended profile fields ID's differ on cert/prod so I couldn't retrieve/check the value of these to do the redirection without updating the Field ID for each environment. Anyways, implemented a solution that searches for $_POST for a field value equivalent to "Learner" or "Organizer, but please test throughly to ensure it works as expected.

[kathreenriel]

Thanks @alex-418
For new Learner sign ups please re-direct to myEYPD page not the home page.

For new Organizers sign ups there needs to a clearer explanation of acceptable email addresses (should I create a new issue?) Please see new description in graphic.
The direction to Edit Events page is correct.

[alex-418]

@kathreenriel now redirecting learners to myEYPD via 4fe72e1 , and no need to make a separate issues as I've changed the email field validation text via BCcampus/validate-by-domain@3c75e1f

[mandily-p]

@kathreenriel I like where you're going with trying to explain to users what's happening. Can we give an example and make this even more lay person speak?

What do you think about using something like, "The part of your email address that follows the @ symbol must match your organization's website. (sarah@bccampus.com must be used if Sarah's work's website is bccampus.com)

[kathreenriel]

@mandily-p How about if we add this to the FAQ? @paulagaube could we add this as a FAQ for Organizers?
How can I check that my work email matches the Internet domain of my organization?

[paulagaube]

Yes, I can create an FAQ for this.

I tested the signup as an Organizer and it worked seamlessly. I was taken to my Events page after creating the account and could immediately start posting events.

HOWEVER, @kathreenriel, it occurs to me that if we allow an Organizer to immediately post after creating an account, what is to stop me from entering a fake, yet valid, email address, and then immediately posting fake events? This seems a little more dangerous than just immediately allowing a Learner to start adding events to their myEYPD page.

I think we need to consider adding a way to manually validate an Organizer before allowing them to post on the site. OR something like that....??

[paulagaube]

I created a Fake Event by a Fake Organizer.
https://eypd.bccampus.ca/events/fake-event-by-fake-organizer/
You can register today for only $1000!

[kathreenriel]

@paulagaube yes I agree this is risky and it will require closer monitoring of events that are posted.

[kathreenriel]

@paulagaube ha..ha...point taken! :) I think this is still the best option until Comments In A Box provides an update.

[mandily-p]

Ideally sites don't require FAQ's because most things are intuitive and anything that isn't has contextual help build in :)

I'd be curious to know - out of the spam accounts that were getting created when there was no protection - how many were learners vs organizers, and out of the organizers, how many actually posted events?

[alex-418]

@kathreenriel @paulagaube I've added a check via abb1a91 to ensure that if the plugin is not active, it'll behave like normal (there should be no redirection after registration if plugin is disabled). Please test user registration with both the plugin enabled and disabled to ensure it works as expected before we push to prod.

[kathreenriel]

thanks @alex-418 how/where do I disable this plugin to check?

[alex-418]

@kathreenriel in the dashboard there's a "Plugins" menu. You can activate/deactivate the plugin there. It's called "BP Disable Activation Reloaded"

[kathreenriel]

@alex-418 thanks, yes I disable, and checked Learner and Organizer registrations without the plugin and it works.