Skip to:
Content
Pages
Categories
Search
Top
Bottom

User Profile Url uses the username. Can that be changed?

  • @paradox_designs

    Participant

    Hi,

    Using bbP 2.3.2 on WP 3.6.

    This may seem silly but isn’t using a user’s username (aka their login username) in their public profile url a reduction in security?

    In any case, I want to see if there is any possibility to change that. the main reason is that for other reasons we have used people’s email addresses as the usernames when creating accounts. This made some sense at the time but provides an issue where now that we have added bbPress, people’s profile url includes their email address. something most of them will probably not like, and is reduction in security and privacy.

    Is there a way to make it something like http://www.sitename.com/users/firstname_lastname/ instead?

    or is there any other ideas as how to solve this dilemma?

    Thanks

Viewing 21 replies - 1 through 21 (of 21 total)
  • @paradox_designs

    Participant

    After 2 months I have resolved this. if anyone else needs help just ask

    @dotdatdot

    Participant

    Please do share your solution here as I agree with this being an issue. Thanks in advance!

    @paradox_designs

    Participant
    
    add_action( 'init', 'nicenames_to_display_name' );
    function nicenames_to_display_name() {
        foreach ( get_users() as $user ) {
    		if ( $user->data->user_status == 0 && $user->data->user_nicename != $user->data->display_name ) {
    			$user_ids[] = $user->ID;
    		}
    	}
    	foreach( $user_ids as $uid ) {
    		$info = get_userdata( $uid );
    		$display_name = $info->data->display_name;
    		if ($display_name) {
    			$args = array(
    				'ID'            => $uid,
    				'user_nicename' => strtolower(str_replace(" ", "_", $display_name))
    			);
    			wp_update_user( $args );
    		}
    	}
    }
    

    @jgonl

    Participant

    Where to put the code?

    @jgonl

    Participant

    Thanks … ok

    @paradox_designs

    Participant

    Damn, sorry. i hate when others do it and I end up doing it myself…

    This goes in functions.php

    @jgonl

    Participant

    I figured I should go where the code and may assert.
    Thank you again

    @fatsandrew7

    Participant

    wow! exactly what i was looking for!

    thanks so much!

    @bjornwebdesign

    Participant

    Thanks for sharing this! WHAT was BP thinking when they decided to use the username as profile url… I know why (only mandatory userdata on register), but imho the first thing to develop next is a solution to change this..

    EDIT

    When implementing your solution i found something.
    Doing $user->data->user_nicename != $user->data->display_name in the first foreach loop will not work because when updating (second loop) the user_nicename you do a strtolower and str_replace.
    If you want the check to work use the same conversion on the first loop.

    @bjornwebdesign

    Participant

    Wanted to share my finished code:

    // Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
    // Wheb using the 'init' action hook this will always run, we should only do this once and then on user register & profile update..
    // Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
    // And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url.
    $search = array( ' ', '.' ); 
    $replace = array( '_', '' );		
    foreach ( get_users() as $user ) {
    	if ( $user->data->user_status == 0 && $user->data->user_nicename != strtolower(str_replace( $search, $replace, $user->data->display_name)) ) {
    		$user_ids[] = $user->ID;
    	}
    }
    foreach( $user_ids as $uid ) {
    	$user_data = get_userdata( $uid );
    	$display_name = $user_data->data->display_name;
    	if ($display_name) {
    		$args = array(
    			'ID'            => $uid,
    			'user_nicename' => strtolower(str_replace( $search, $replace, $display_name))
    		);
    		wp_update_user( $args );
    	}
    }

    @bjornwebdesign

    Participant

    LoL, I thought i was finished, but i noticed the second loop isn’t necessary.
    So here’s my finished/tested code:

    /*
     * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
     * This conversion runs allways, we should only do this once and then on user register & profile update..
     * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
     * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url.
     */
    $search = array( ' ', '.' ); 
    $replace = array( '_', '' );
    $all_users = get_users();		
    foreach ( $all_users as $user ) {
    	$display_name = $user->data->display_name;
    	if ( $user->data->user_status == 0 && $display_name ) {
    		$new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) );
    		if ( $user->data->user_nicename != $new_user_nicename ) {
    				$args = array(
    					'ID'            => $user->ID,
    					'user_nicename' => $new_user_nicename
    				);
    				wp_update_user( $args );					
    		}
    	}
    }

    Put this in a function and call it on an action hook, can be done in your theme’s functions.php just like the OP already explained here.

    The function will change something like this: ‘Mr. A.T. Testing123’ into ‘mr_at_testing123’.

    @bjornwebdesign

    Participant

    OMG… We webdesigners are never finished šŸ˜›

    After some more testing I noticed that the function did not change all user_nicename.
    The DB type of user_nicename = VARCHAR(50) and the type of display_name = VARCHAR(250).
    If the updated user_nicename exceeds 50 chars the DB field will not update and nothing changes. So I added a substr to resolve this.
    Thankfully the wp_update_user() takes care off special characters like Ć«.

    Updated code:

    /*
     * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
     * This runs allways (with init hook), we should only do this once and then on user register & profile update..
     * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
     * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url.
     */
    $search = array( ' ', '.' ); 
    $replace = array( '_', '' );
    $all_users = get_users();		
    foreach ( $all_users as $user ) {
    	$display_name = $user->data->display_name;
    	if ( $user->data->user_status == 0 && $display_name ) {
    		$new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) );
    		if ( strlen ( $new_user_nicename ) > 50 ) {
    			$new_user_nicename = substr ( $new_user_nicename, 0, 50 );
    		}				
    		if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it.
    			$args = array(
    				'ID'            => $user->ID,
    				'user_nicename' => $new_user_nicename
    			);
    			wp_update_user( $args );					
    		}
    	}
    }

    @bjornwebdesign

    Participant

    Ok, last time, I promise :p…

    I updated all my users with the above function, but I don’t want it to run every time on the init hook.
    So I changed it into:

    /*
     * Do stuff when the user's xprofile is updated
    */	
    function xprofile_updated ( $user_id, $posted_field_ids, $errors, $old_values, $new_values) {
    	/*
    	 * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
    	 * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
    	 * Altough this should run AFTER updating profile fields (saving to DB), the nicename is only updated after a second save. So we need to check from $new_values
    	 */
    	$new_display_name = '';
    	foreach ( $new_values as $key => $value ) {
    		if ( is_array($value) && $key == 1 ) { // field display_name = 1, make sure this is correct
    			foreach ( $value as $k => $v ) {
    				if ( $k == 'value' ) {
    					$new_display_name = $v;
    				}
    			}
    		}
    	}
    	//error_log('******** xprofile_updated: '.$user_id.' | NEW DISPLAY_NAME: '.$new_display_name.' *********');
    	$search = array( ' ', '.' ); 
    	$replace = array( '_', '' );
    	$user = get_user_by( 'ID', $user_id );		
    	if ( $user ) {
    		if ( $user->data->user_status == 0 && $new_display_name ) {
    			$new_user_nicename = strtolower(str_replace( $search, $replace, $new_display_name) );
    			if ( strlen ( $new_user_nicename ) > 50 ) {
    				$new_user_nicename = substr ( $new_user_nicename, 0, 50 );
    			}				
    			if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it.
    				$args = array(
    					'ID'            => $user->ID,
    					'user_nicename' => $new_user_nicename
    				);
    				wp_update_user( $args );
    				//error_log('******** updated user_nicename: '.$user->ID.' | NEW USER_NICENAME: '.$new_user_nicename.' *********');
    				wp_redirect( get_site_url().'/leden/'.$new_user_nicename.'/profile/edit/group/1/' ); // we cant use bp_core_get_user_domain() here, because it still uses the old user_nicename
    				exit;					
    			}
    		}
    	}
    }
    add_action( 'xprofile_updated_profile',  'xprofile_updated', 100, 5 );

    Please note, it has some site specific code, like the wp_redirect.
    Any questions? Feel free to ask.


    @mod
    : Hoping my code snippet is not too long.

    Regards, Bjorn

    @casiepa

    Moderator

    @bjornwebdesign,
    Your snippets are not that long, so that’s ok, just the number of snippets is maybe too high šŸ™‚
    My only remark is you’re based on a BuddyPress function and this is a bbPress forum. But still useful anyway!
    Thanks,
    Pascal.

    @sociality

    Participant

    Hi there I had the same problem and I used this solution that does not use buddypress. The sanitize title I use if for greek so I do not post it here but you should use something for sure.

    //This is used to hide the username from the profile url
    function tpp_forum_profile_url( $user_id, $old_values) {
    	$user = get_user_by( 'ID', $user_id );	
    		$display_name = $user->data->display_name;	
    	if ( $user ) {
    		if ( $user->data->user_status == 0 && $display_name ) {
    			$new_user_nicename = tpp_sanitize_title($display_name );
    			if ( strlen ( $new_user_nicename ) > 50 ) {
    				$new_user_nicename = substr ( $new_user_nicename, 0, 50 );
    			}				
    			if ( $user->data->user_nicename != $new_user_nicename ) { 
    				$args = array(
    					'ID'            => $user->ID,
    					'user_nicename' => $new_user_nicename
    				);
    				wp_update_user( $args );
    				wp_redirect( get_site_url().'/forums/user/'.$new_user_nicename.'/edit/' ); 
    				exit;					
    			}
    		}
    	}
    }
    add_action( 'profile_update',  'tpp_forum_profile_url', 100, 5 );

    @robin-w

    Moderator

    thanks for posting this – it will help others

    @sino27

    Participant

    Hi there. Sorry for reviving this thread. But I had to as this is some serious privacy issue.

    A code from “bjornwebdesign” is definitely working but not completely. I mean on this code posted in his “Ok, last time, I promise :pā€¦”

    /*
     * Do stuff when the user's xprofile is updated
    */	
    function xprofile_updated ( $user_id, $posted_field_ids, $errors, $old_values, $new_values) {
    	/*
    	 * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
    	 * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
    	 * Altough this should run AFTER updating profile fields (saving to DB), the nicename is only updated after a second save. So we need to check from $new_values
    	 */
    	$new_display_name = '';
    	foreach ( $new_values as $key => $value ) {
    		if ( is_array($value) && $key == 1 ) { // field display_name = 1, make sure this is correct
    			foreach ( $value as $k => $v ) {
    				if ( $k == 'value' ) {
    					$new_display_name = $v;
    				}
    			}
    		}
    	}
    	//error_log('******** xprofile_updated: '.$user_id.' | NEW DISPLAY_NAME: '.$new_display_name.' *********');
    	$search = array( ' ', '.' ); 
    	$replace = array( '_', '' );
    	$user = get_user_by( 'ID', $user_id );		
    	if ( $user ) {
    		if ( $user->data->user_status == 0 && $new_display_name ) {
    			$new_user_nicename = strtolower(str_replace( $search, $replace, $new_display_name) );
    			if ( strlen ( $new_user_nicename ) > 50 ) {
    				$new_user_nicename = substr ( $new_user_nicename, 0, 50 );
    			}				
    			if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it.
    				$args = array(
    					'ID'            => $user->ID,
    					'user_nicename' => $new_user_nicename
    				);
    				wp_update_user( $args );
    				//error_log('******** updated user_nicename: '.$user->ID.' | NEW USER_NICENAME: '.$new_user_nicename.' *********');
    				wp_redirect( get_site_url().'/leden/'.$new_user_nicename.'/profile/edit/group/1/' ); // we cant use bp_core_get_user_domain() here, because it still uses the old user_nicename
    				exit;					
    			}
    		}
    	}
    }
    add_action( 'xprofile_updated_profile',  'xprofile_updated', 100, 5 );

    – but there is one critical flaw. After code is applied, user can not update their profile anymore. Like you can go to (example) update name or nickname. You press save and nothing changes. Profile is not updated.

    If I apply “bjornwebdesign” previous code (meaning code he posted just before his latest code) –

    
    /*
     * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP...
     * This runs allways (with init hook), we should only do this once and then on user register & profile update..
     * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404.
     * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url.
     */
    $search = array( ' ', '.' ); 
    $replace = array( '_', '' );
    $all_users = get_users();		
    foreach ( $all_users as $user ) {
    	$display_name = $user->data->display_name;
    	if ( $user->data->user_status == 0 && $display_name ) {
    		$new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) );
    		if ( strlen ( $new_user_nicename ) > 50 ) {
    			$new_user_nicename = substr ( $new_user_nicename, 0, 50 );
    		}				
    		if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it.
    			$args = array(
    				'ID'            => $user->ID,
    				'user_nicename' => $new_user_nicename
    			);
    			wp_update_user( $args );					
    		}
    	}
    }
    

    then updating of profile is working. User can update profile but after pressing “Save” there is 404 error. Even 404 is acceptable as at least user can update their profile. However performance is severely degraded on a website with many members.

    So basically only his latest code is working in a way that their profile URL is hidden, performance is not degraded but user profiles can not be saved or updated. Can anyone help and update his code so that user are able to update their profiles?

    @bjornwebdesign

    Participant

    Well, as you can see, the code posted here is almost 5 years old. So it’s understandable it doesn’t work anymore ;-). Also, I don’t think a 404 means it’s a “serious privacy issue”. Something isn’t working correctly, so my first step would be to check the logs and see what is causing the 404 and go from there.

    Very busy atm and currently don’t have a BP test setup running. If you still need a solution maybe I can find some time in the coming days.

    @sino27

    Participant

    Thanks for your input but don’t waste time. I contacted some developers and they were able to provide me the code. It worked and I moved on to another project, I don’t even remember it. Anyway it was possible.

    All the best to you and stay healthy.

    Cheers

    @alexrivas

    Participant

    Could you please share the solution?

    @sino27

    Participant

    Unfortunately I can’t recall it anymore. Don’t know what was it. In the end I moved to BuddyBoss Pro product and never looked back.

    Good luck.

Viewing 21 replies - 1 through 21 (of 21 total)
  • You must be logged in to reply to this topic.
Skip to toolbar