User Profile Url uses the username. Can that be changed?
-
Hi,
Using bbP 2.3.2 on WP 3.6.
This may seem silly but isn’t using a user’s username (aka their login username) in their public profile url a reduction in security?
In any case, I want to see if there is any possibility to change that. the main reason is that for other reasons we have used people’s email addresses as the usernames when creating accounts. This made some sense at the time but provides an issue where now that we have added bbPress, people’s profile url includes their email address. something most of them will probably not like, and is reduction in security and privacy.
Is there a way to make it something like http://www.sitename.com/users/firstname_lastname/ instead?
or is there any other ideas as how to solve this dilemma?
Thanks
-
After 2 months I have resolved this. if anyone else needs help just ask
Please do share your solution here as I agree with this being an issue. Thanks in advance!
add_action( 'init', 'nicenames_to_display_name' ); function nicenames_to_display_name() { foreach ( get_users() as $user ) { if ( $user->data->user_status == 0 && $user->data->user_nicename != $user->data->display_name ) { $user_ids[] = $user->ID; } } foreach( $user_ids as $uid ) { $info = get_userdata( $uid ); $display_name = $info->data->display_name; if ($display_name) { $args = array( 'ID' => $uid, 'user_nicename' => strtolower(str_replace(" ", "_", $display_name)) ); wp_update_user( $args ); } } }
Where to put the code?
Thanks … ok
Damn, sorry. i hate when others do it and I end up doing it myself…
This goes in functions.php
I figured I should go where the code and may assert.
Thank you againwow! exactly what i was looking for!
thanks so much!
Thanks for sharing this! WHAT was BP thinking when they decided to use the username as profile url… I know why (only mandatory userdata on register), but imho the first thing to develop next is a solution to change this..
EDIT
When implementing your solution i found something.
Doing$user->data->user_nicename != $user->data->display_name
in the first foreach loop will not work because when updating (second loop) the user_nicename you do astrtolower
andstr_replace
.
If you want the check to work use the same conversion on the first loop.Wanted to share my finished code:
// Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... // Wheb using the 'init' action hook this will always run, we should only do this once and then on user register & profile update.. // Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. // And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url. $search = array( ' ', '.' ); $replace = array( '_', '' ); foreach ( get_users() as $user ) { if ( $user->data->user_status == 0 && $user->data->user_nicename != strtolower(str_replace( $search, $replace, $user->data->display_name)) ) { $user_ids[] = $user->ID; } } foreach( $user_ids as $uid ) { $user_data = get_userdata( $uid ); $display_name = $user_data->data->display_name; if ($display_name) { $args = array( 'ID' => $uid, 'user_nicename' => strtolower(str_replace( $search, $replace, $display_name)) ); wp_update_user( $args ); } }
LoL, I thought i was finished, but i noticed the second loop isn’t necessary.
So here’s my finished/tested code:/* * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... * This conversion runs allways, we should only do this once and then on user register & profile update.. * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url. */ $search = array( ' ', '.' ); $replace = array( '_', '' ); $all_users = get_users(); foreach ( $all_users as $user ) { $display_name = $user->data->display_name; if ( $user->data->user_status == 0 && $display_name ) { $new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) ); if ( $user->data->user_nicename != $new_user_nicename ) { $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); } } }
Put this in a function and call it on an action hook, can be done in your theme’s functions.php just like the OP already explained here.
The function will change something like this: ‘Mr. A.T. Testing123’ into ‘mr_at_testing123’.
OMG… We webdesigners are never finished š
After some more testing I noticed that the function did not change all user_nicename.
The DB type of user_nicename = VARCHAR(50) and the type of display_name = VARCHAR(250).
If the updated user_nicename exceeds 50 chars the DB field will not update and nothing changes. So I added asubstr
to resolve this.
Thankfully thewp_update_user()
takes care off special characters like Ć«.Updated code:
/* * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... * This runs allways (with init hook), we should only do this once and then on user register & profile update.. * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url. */ $search = array( ' ', '.' ); $replace = array( '_', '' ); $all_users = get_users(); foreach ( $all_users as $user ) { $display_name = $user->data->display_name; if ( $user->data->user_status == 0 && $display_name ) { $new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) ); if ( strlen ( $new_user_nicename ) > 50 ) { $new_user_nicename = substr ( $new_user_nicename, 0, 50 ); } if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it. $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); } } }
Ok, last time, I promise :p…
I updated all my users with the above function, but I don’t want it to run every time on the init hook.
So I changed it into:/* * Do stuff when the user's xprofile is updated */ function xprofile_updated ( $user_id, $posted_field_ids, $errors, $old_values, $new_values) { /* * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. * Altough this should run AFTER updating profile fields (saving to DB), the nicename is only updated after a second save. So we need to check from $new_values */ $new_display_name = ''; foreach ( $new_values as $key => $value ) { if ( is_array($value) && $key == 1 ) { // field display_name = 1, make sure this is correct foreach ( $value as $k => $v ) { if ( $k == 'value' ) { $new_display_name = $v; } } } } //error_log('******** xprofile_updated: '.$user_id.' | NEW DISPLAY_NAME: '.$new_display_name.' *********'); $search = array( ' ', '.' ); $replace = array( '_', '' ); $user = get_user_by( 'ID', $user_id ); if ( $user ) { if ( $user->data->user_status == 0 && $new_display_name ) { $new_user_nicename = strtolower(str_replace( $search, $replace, $new_display_name) ); if ( strlen ( $new_user_nicename ) > 50 ) { $new_user_nicename = substr ( $new_user_nicename, 0, 50 ); } if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it. $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); //error_log('******** updated user_nicename: '.$user->ID.' | NEW USER_NICENAME: '.$new_user_nicename.' *********'); wp_redirect( get_site_url().'/leden/'.$new_user_nicename.'/profile/edit/group/1/' ); // we cant use bp_core_get_user_domain() here, because it still uses the old user_nicename exit; } } } } add_action( 'xprofile_updated_profile', 'xprofile_updated', 100, 5 );
Please note, it has some site specific code, like the wp_redirect.
Any questions? Feel free to ask.
@mod: Hoping my code snippet is not too long.Regards, Bjorn
@bjornwebdesign,
Your snippets are not that long, so that’s ok, just the number of snippets is maybe too high š
My only remark is you’re based on a BuddyPress function and this is a bbPress forum. But still useful anyway!
Thanks,
Pascal.Hi there I had the same problem and I used this solution that does not use buddypress. The sanitize title I use if for greek so I do not post it here but you should use something for sure.
//This is used to hide the username from the profile url function tpp_forum_profile_url( $user_id, $old_values) { $user = get_user_by( 'ID', $user_id ); $display_name = $user->data->display_name; if ( $user ) { if ( $user->data->user_status == 0 && $display_name ) { $new_user_nicename = tpp_sanitize_title($display_name ); if ( strlen ( $new_user_nicename ) > 50 ) { $new_user_nicename = substr ( $new_user_nicename, 0, 50 ); } if ( $user->data->user_nicename != $new_user_nicename ) { $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); wp_redirect( get_site_url().'/forums/user/'.$new_user_nicename.'/edit/' ); exit; } } } } add_action( 'profile_update', 'tpp_forum_profile_url', 100, 5 );
thanks for posting this – it will help others
Hi there. Sorry for reviving this thread. But I had to as this is some serious privacy issue.
A code from “bjornwebdesign” is definitely working but not completely. I mean on this code posted in his “Ok, last time, I promise :pā¦”
/* * Do stuff when the user's xprofile is updated */ function xprofile_updated ( $user_id, $posted_field_ids, $errors, $old_values, $new_values) { /* * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. * Altough this should run AFTER updating profile fields (saving to DB), the nicename is only updated after a second save. So we need to check from $new_values */ $new_display_name = ''; foreach ( $new_values as $key => $value ) { if ( is_array($value) && $key == 1 ) { // field display_name = 1, make sure this is correct foreach ( $value as $k => $v ) { if ( $k == 'value' ) { $new_display_name = $v; } } } } //error_log('******** xprofile_updated: '.$user_id.' | NEW DISPLAY_NAME: '.$new_display_name.' *********'); $search = array( ' ', '.' ); $replace = array( '_', '' ); $user = get_user_by( 'ID', $user_id ); if ( $user ) { if ( $user->data->user_status == 0 && $new_display_name ) { $new_user_nicename = strtolower(str_replace( $search, $replace, $new_display_name) ); if ( strlen ( $new_user_nicename ) > 50 ) { $new_user_nicename = substr ( $new_user_nicename, 0, 50 ); } if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it. $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); //error_log('******** updated user_nicename: '.$user->ID.' | NEW USER_NICENAME: '.$new_user_nicename.' *********'); wp_redirect( get_site_url().'/leden/'.$new_user_nicename.'/profile/edit/group/1/' ); // we cant use bp_core_get_user_domain() here, because it still uses the old user_nicename exit; } } } } add_action( 'xprofile_updated_profile', 'xprofile_updated', 100, 5 );
– but there is one critical flaw. After code is applied, user can not update their profile anymore. Like you can go to (example) update name or nickname. You press save and nothing changes. Profile is not updated.
If I apply “bjornwebdesign” previous code (meaning code he posted just before his latest code) –
/* * Change the user_nicename which is used as profile url, we do NOT want the username in url! Bad bad BP... * This runs allways (with init hook), we should only do this once and then on user register & profile update.. * Please note: the user profile url can now be changed by the user, direct linking from other places on the web may result in 404. * And offcourse allways use something like: 'bp_core_get_user_domain( $user_id )' when you want to get the user's profile url. */ $search = array( ' ', '.' ); $replace = array( '_', '' ); $all_users = get_users(); foreach ( $all_users as $user ) { $display_name = $user->data->display_name; if ( $user->data->user_status == 0 && $display_name ) { $new_user_nicename = strtolower(str_replace( $search, $replace, $display_name) ); if ( strlen ( $new_user_nicename ) > 50 ) { $new_user_nicename = substr ( $new_user_nicename, 0, 50 ); } if ( $user->data->user_nicename != $new_user_nicename ) { // && $user->ID == 80 <-Add this if you only want to run it for 1 user, so you can test it. $args = array( 'ID' => $user->ID, 'user_nicename' => $new_user_nicename ); wp_update_user( $args ); } } }
then updating of profile is working. User can update profile but after pressing “Save” there is 404 error. Even 404 is acceptable as at least user can update their profile. However performance is severely degraded on a website with many members.
So basically only his latest code is working in a way that their profile URL is hidden, performance is not degraded but user profiles can not be saved or updated. Can anyone help and update his code so that user are able to update their profiles?
Well, as you can see, the code posted here is almost 5 years old. So it’s understandable it doesn’t work anymore ;-). Also, I don’t think a 404 means it’s a “serious privacy issue”. Something isn’t working correctly, so my first step would be to check the logs and see what is causing the 404 and go from there.
Very busy atm and currently don’t have a BP test setup running. If you still need a solution maybe I can find some time in the coming days.
Thanks for your input but don’t waste time. I contacted some developers and they were able to provide me the code. It worked and I moved on to another project, I don’t even remember it. Anyway it was possible.
All the best to you and stay healthy.
Cheers
Could you please share the solution?
Unfortunately I can’t recall it anymore. Don’t know what was it. In the end I moved to BuddyBoss Pro product and never looked back.
Good luck.
- You must be logged in to reply to this topic.