PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

User Registration Issue on Multiple Site

  1. Hi!

    I'm running into an issue on the multisite project I've been working on and which I mentionned in previous threads.

    The problem is that, when a user registers to one site then tries to register to another one on the network, the registration fails on the second site saying that the username and email are already in use. That may be true but it would be a much better option to either, just add the user to the current site automatically if they are already registered to another on the network or give them the option to register themselves to the current site (notifying them they are already registered on the network) or make it an option for the admin when the User Registration is created or edited.

    Simply failing the second site registration is the worst option possible, especially since a user can be attached/registered to multiple sites on the network in WordPress. Registration should only fail if the user is already registered to the particular site they're trying to register to at that time.

    Thoughts?

    Posted 13 years ago on Tuesday February 15, 2011 | Permalink
  2. This is a known issue. The problem is in how WordPress Multi-Site stores users, it uses the same user table. So if a user has registered on Site A then he already exists un the user table for Site B because it's shared.

    We haven't come up with a good way to solve this issue and would definitely appreciate feedback.

    The issue is how do you intuitively handle this situation so it's not confusing to the end user?

    We can certainly add an option or automatically detect if the user already exists in the database and simply add them to the site, the problem is how do you handle this on the front end? The user thinks they are registering so they have entered a password in the registration form, but if their user account already exists in the user table... they already have a password. Do we change that password? If we change the password based on this new registration, doesn't that pose a security issue because it would make it possible for someone to hijack an account by registering again with the same username but a different password?

    The only real way to handle this is the user would have to enter the correct username, email and password when they are registering. The problem is the user doesn't know the logins are shared, so what if they use a different username? What if they use a different password? Because the email exists it's going to return this error.

    This issue is complex once you start breaking it down to see how to best handle it. If you have any suggestions, we are all ears... we'd like to solve this issue but it has to be intuitive for both the site owner and the user who is registering.

    Posted 13 years ago on Tuesday February 15, 2011 | Permalink
  3. Hi Carl,

    Thanks for the prompt reply!

    From a UX perspective (I'm doing UX design too, not just WP site development), here's how I would handle it.

    First, the base info item should be the email. If a user is already registered on the network and tries to register on another site using the same email and happens to use the same username and/or password, then I would just notify them that they are already registered to site "x" and do they really want to register to (current) site "y". They might get Confirm and Cancel buttons.

    Second, if they do the same but use either a different username or password (or both), I would notify them that they are already registered to another site "x" on the network using that email address but tell them which of un or pw or both are different. Then I would offer them two options:

    1- to re-enter the un and pw they used on site "x" and if it's a match, proceed with adding them to site "y". If not, I don't know if it's possible to trigger a password reset email programmatically and have that sent to the email they used and then they can try to register to site "y" again.
    2- Offer them the possibility to create a new "identity" and tell them to enter a different email/pw/un combination.

    Most people will probably go with option 1

    Make sense? Doable?

    Thanks again for being this responsive. You guys rock!

    Posted 13 years ago on Tuesday February 15, 2011 | Permalink
  4. Your first suggestion with the Confirm/Cancel is out, it's not going to work with the way things are setup.

    The only thing that would really work is if a user account already exists with that same email address on another site, we would have a custom validation message that shows saying a user account already exists on site X if you'd like to register site Y enter the same username and password when registering.

    We could only do it on the email address field. If they used the same username but a different email address we would simply tell them that the username is already in use and they would have to pick a different username.

    This is a complex issue with a lot of different scenarios and it's complicated by the fact that Multi-Site could be used for all sorts of things. Some people may not want users to know that Site A and Site B are in anyway affiliated or connected to each other. However, if we implement things this way that sill be hard to disguise if this scenario occurs.

    It's too bad WordPress handles the user table the way it does with Multi-Site. I know it made things easy to share the user table from a development standpoint, but it certainly adds it's own complications as far as complex usage goes.

    We will continue to look into how to best handle this, I can't guarantee a solution for this issue will be in the final 1.0 release. It may come in an update after the 1.0 release.

    Posted 13 years ago on Tuesday February 15, 2011 | Permalink
  5. Hi again Carl,

    I was describing what would be the best case scenario from a UX standpoint. From my point of view at this time, I would be MORE than happy with the very sensible solution you outline in your last message's second paragraph: if users entered an existing email and other creds don't match, then show a validation message telling them the email is already used in the network and they need to use the same username and password in order to be added to the current site. An awesome bonus would be to offer to send the creds to the email address in the account if they forgot the un and pw but that is absolutely not necessary for me right now.

    On the other hand, if they did enter an existing email (site x) when they're trying to register to site y AND they used the correct un and pw from site x then I'd simply register them to the new site no questions asked. If some admins would like to have an option to present the user with a message notifying them that they are already registered on site x and they just registered on site y then it might be a great nice-to-have for some but absolutely not needed in this case for me.

    I get your point about networks where each site is completely separate and visitors should remain unaware that the site they are visiting is on a network with several sites in it. In my case, it's the opposite and it's clear the "sub-sites" are on a network with the main site and share branding and all that. All the sub sites have the same look and structure (pages) and only the main site is different (much larger in terms of pages, etc). It's a completely gut feeling guess on my part but I would bet my situation is much more common than networks of isolated sites. I mean, even on wordpress.com users know their blog is on that one huge network.

    So, would this be doable for 1.0 (or 1.x.x update soon after) :

    On registration attempt to site y from user with existing account on different site(s) on network, either of these two scenarios would be covered:

    Case 1- If user used entered an existing account's email but supplied incorrect un and pw then notify user of duplicate email and tell them to enter correct un and pw from existing account (would be nice to tell them what site(s) the account is already registred to)
    Case 2- If user used entered an existing account's email and supplied matching un and pw then simply register them to site y without further hassle to them (that is basically what I expected to happen as I had entered the correct un and pw)

    Thanks again very much for your responsiveness! Have you got any feedback from your Twitter enquiry on this matter?

    Stéphane

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  6. We will have some more internal discussion on this. I didn't get any good feedback from Twitter. I discussed with a few people, including some core team members on the WordPress team, but couldn't come to a consensus of how to best handle it.

    All were in agreement it's a unique situation and not an easy one to solve in a graceful manner. We will do some more internal discussion to try to come up with a solution that is intuitive for both the site owner and the user that is registering.

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  7. Thanks for pursuing this.

    I'm not sure the situations is so unique though. For starters, a super admin in a WP multisite network can add an exisitng user to any site very easily so this is already covered in the backend.

    Secondly, with the release of WP 3.0, more and more WP developers use the multisite functionality and will be faced with this exact issue of how to handle users wanting to register on more than one site on the same network. I think that, if user registration is enabled in the WP network options, then users should be allowed to register to as many sites as they want unless admins do not want them to and that should probably be an option in the User Registration addon as WP itself offers no way to control this that I am aware of. In a WP multisite install, user registration is enabled or disabled network wide in the Super Admin>Options page but there's no parameter there controlling wether a user can register to more than one site and, since admins can already do it then users should too IMO.

    More food for thought... :).

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  8. Hi again Carl. A quick question that just came to me following my last post:

    In this case we've been discussing, when a user that is already registered with another site tries to register on the current one and registration fails because the email/username already exist, does the original error come from WordPress itself or does the addon do its own check for a duplicate and if it finds one, it fails the registration?

    I'm asking because, if admins can add one user to any number of sites, I doubt WordPress itself objects to the registration on the additional site so it must be the addon that stops the process.

    If that is so then, for me the easiest thing to do might be to offer a new option in the User Registration addon to permit multiple site registration or not. Then if that is enabled, add the logic we discussed: if user entered a duplicate email and gave matching username and password, then just register them on the new site. OR, if they provided mismatching username or password, notify the user and ask them to enter the same un and/or pw as their existing registration before they can be registered on the current site (and possibly tell them which site(s) they are already registered to on the network so it may jog their memory).

    If the addon would be modified to work that way then it would be perfect for my needs and I'm pretty sure for a number of others facing the same issue. If the new option were disabled then behavior would remain as it is now so admins can keep using it as it works now.

    Would that be ok with you and would that be doable for 1.0?

    Thanks!

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  9. The error comes from WordPress because the user already exists, so it is unable to create the new user.

    The issue isn't the technical aspect of adding a user to the site. The issue is how to present that to the user submitting the form so it isn't confusing.

    The user submitting the form may not understand the concept of Site A and Site B being on the same network because depending on how WordPress Multi-Site is being used Site A and Site B may be completely unrelated. Telling them to use the login for Site A and enter the username/password exactly as it is for Site B when they are registering for Site B could be very confusing for some users. You have to remember that while we may understand these concepts, the average user does not and it could cause confusion.

    So the issue isn't the functionality, it's how to implement it so that it makes sense. You are looking at it from your use case perspective, but we have to look at it from a variety of use cases for how WordPress Multi-Site is used. So what works for you may not work for all of our users.

    We will implement this when we have a solution that we think is sufficient for most use cases. We are still discussing the best way to handle this.

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  10. Understood! And thanks again for all your help and taking the time to discuss this with me. I really appreciate that! A couple of last points for now.

    I do indeed speak from my use case. But in any case I think that, aside from what is presented to the user, any options to enable or disable registration to more than one site on a network should be the site admin's decision. They at least know if enabling it makes any sense for their particular network and situation. In the case of a network of obviously related sites like mine then it would make sense to do so whether the admin chooses to enable it or not. At least users will probably understand that they are interacting with related sites even if they have no grasp of what a WP network is. But in a network of isolated sites it might or might not make sense and again, I think the admin should decide.

    Secondly, after that decision is made and if multiple registrations is enabled, it may be a case of setting up some kind of conditional logic in the addon where admins can decide what happens if either of the two conditions we've been discussing happens and what messages to present the user in either case. Maybe that would "relieve" you from the burden of coming up with a "best solution" for everyone and let the site admins decide what should happen on their particular network for a specific condition.

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  11. The admin configurable notification is a good idea, that may be something we can take into consideration when we implement this functionality. Thanks for the suggestions, we'll figure out a way to handle this i'm sure.

    Posted 13 years ago on Wednesday February 16, 2011 | Permalink
  12. Hi Carl,

    I'm having some localization issues with the error messages related to registration. I might have started another thread but since it's closely related to the discussion we've had here, I decided to post it here.

    Btw, I'm using the CodeStyling Localization plugin. The problem is that, I cannot find the strings to translate for the error messages displayed when user registration fails for duplicate email/username.

    Specifically, I get "This email address is already registered" and "This username is already registered." messages when trying to register on a new blog with existing credentials. This is a French WP install for French blog owners/users and visitors so these cannot stay this way. Do these messages come from the User Registration addon or from WordPress itself? If they come from the addon, I would need a way to translate or customize them. The regular form validation messages of course don't apply as they're triggered by empty fields or a badly formed email, not a registration failure.

    Regardless if any of the features we discussed here make it into 1.0, I think we would really need to be able to customize these error messages or at the very least, have the ability to translate them for the initial release.

    Thanks!

    Posted 13 years ago on Thursday February 17, 2011 | Permalink
  13. @webfocusdesign The User Registration has not had it's POT file generated yet. As it's still in development we are waiting until development and changes are final for the 1.0 release before finalizing the localization. The final 1.0 release will be localized and ship with a POT file that can be translated and localized. This will happen at the end of this month.

    Posted 13 years ago on Thursday February 17, 2011 | Permalink
  14. Ok awesome! I'll be waiting for that then. Thanks again!

    Posted 13 years ago on Thursday February 17, 2011 | Permalink

This topic has been resolved and has been closed to new replies.