Support inviting non site members

The default use case would be this:
1. Then admin enters one or more emails of non-registered users.
2. The users get the mails with the invite links in them.
3. They access the link and are redirected first to the registration page.
4. After they register, they are subscribed to the group.

When a non-registered member is invited, a row is also created in the invite table, with uid=0. When the link is accessed and the account is created, based on the token, the uid can be changed to store the uid of the newly created user. (The token can be stored as a value field in the registration form).

Now, possible issues that may appear:
1. The registration not available.
Proposed solution: The admin will not be able to invite non-registered members (the check can be made in the form validation function).

2. Should any group member be able to do this?
Proposed solution: I would say yes...

3. What happens if admin approval or email verification is required for registration?
Proposed solution: when the user is created, as I mentioned above, the uid of the row in the invite table that corresponds to the token is updated. We can then introduce a new field in the invite table, some sort of status field. The values can be for example: 0 (invitation not accessed), 1(invitation accessed and the user subscribed), 2 (invitation accessed, but the user not yet subscribed). Then, in the hook_init() we can check if the current user has entries with status = 2 in the invite table. The disadvantage here is that we use hook_init() every time to query the table. Another solution could be to just subscribe the user to the group, even if the email was not yet verified, but in this case we may have groups with members that will never verify their accounts...

4. Check any issues that may appear with some external authentication modules (like fbconnect).

When will this be implemented?

Hi jaxpax,

I plan to implement this in maximum 3-4 weeks from now (but I hope to be sooner.)

Sounds great, looking forward to it! Thanks for your quick reply.

Regards

Is this going to obey the general rules of this module so that if a group has moderated access, and a non-group-admin user invites a new user to sign up to a site, on successful registration, membership of a group is automatically requested but not pre-approved. Unless invited by the group admin in which case they are automatically subscribed?

If so sounds great! For my use case, as part of Drupal Commons, this is one of the only features that Open Atrium does better for me with the U Create module, by allowing group admins to do some of their own user management. Especially as I don't really want group admins to create users, better if they just invite registration.

What will happen if a user enters the email address of a user who is already a member?

For the first issue, if the group has moderated access and the invitation has been made by a non-admin member, then the membership will not be automatically approved, just requested.

For the second, if there is already a member with that mail, no new user is created, but the invitation is sent to the existing user, so it is like entering an username.

Subscribing...

I actually developed a version of this for a site we are making in Drupal 7, with functionality to invite non-members, based upon OG Invite Link -- see http://drupal.org/node/1129198#comment-4777836

Great james.williams. I will have a look at that. Thanks for your generous contribution.
-Patrik

Hi vasi1186, is there any news on your progress? I am really looking forward to this functionality.
Tim

Hi,

I will try to find some time in the near future to release a next stable version, but right now I am quite busy with some projects and do not have too much time. But I hope that in a few weeks to have the next version released. Sorry for the delay, it's just that the time seems to be my worst enemy at the moment :)

Best,

Vasi.

subscribing

subscribing. also waiting on pins and needles for this fabulous feature!

I'm looking into this.

That's good to hear... will this be for a next major release of Commons or sooner?

Here's an initial patch to make this feature possible. Note, this depends on #1267964: Coding standards formatting.

It provides a site-wide setting that lets admins specify whether to allow people who do not have accounts to be invited using their email address. It also allows the person sending invites to specify either username or email address for registered users.

@lightsurge - You can help this get into og_invite_link and Commons sooner by testing the patch :).

og_invite_link_update_6201 - comment missing for this function?

am I too paranoid to say this is too weak? hash_hmac for the win? return md5(md5($invitation->invite_key) . md5($invitation->group_nid . '-' . $invitation->mail . '-' . $invitation->timestamp));

Otherwise looks good.

This doesn't work for me on Commons 2.0.

The og_invite token doesn't get populated in the link that's sent out, it just ends with the '='.

You need to run update.php after applying this patch.

Thanks for that.

Was going round in circles trying to see a problem with your code, but at least, in terms of my limited skills, I can say it all looks good ;-) All is well now, will see if it turns up any problems as I test.

Here's a revised version of this patch: Changes from #17:

- Update function comment added per meba
- A setting is added for "Allow user registration with a valid invite even when site-wide user registration is disabled" that allows registering users to access user/register even when site-wide user registration is disabled as long as they have a valid invitation link and email address combination
- The email address of anonymous users is used in the "An invite has been sent to" text, instead of just saying "Anonymous."

Perhaps I'm taking this too far, but could this module do with checking access rules (for email address allow/deny) before sending out an invite. Otherwise it appears to the user that the invite is successful, when in fact it will fail.

@lightsurge Could you elaborate on the access checking feature you're talking about? I'm not sure I follow.

I mean core access rules http://drupal.org/node/107557

If a user were at the registration screen, using an email address fitting a deny mask like "%@drupal.org", they would be prevented from registering. It would seem to make sense not to send out an invite that the invitee will not be able to take advantage of, as well as not reporting to the inviter that the process was a success.

Having said that, I don't know if any invite modules make this check, it just seems to make sense that they should.

If you agree, something like this is probably what's needed somewhere:

http://api.drupal.org/api/drupal/modules--user--user.admin.inc/function/...

Easiest way of solving this is to change:

if (!$account->status) {
        if (variable_get('og_invite_link_invite_unregistered', 0)) {
          $account = new stdClass();
          $account->uid = 0;
          $account->mail = $name;
        }
        else {
          $invalid[] = check_plain($name);
          continue;  
        } 

to:

if (!$account->status) {
        if (variable_get('og_invite_link_invite_unregistered', 0) && !drupal_is_denied('mail', $name)) {
          $account = new stdClass();
          $account->uid = 0;
          $account->mail = $name;
        }
        else {
          $invalid[] = check_plain($name);
          continue;  
        } 

and:

if (!empty($invalid)) {
      $messages[] = t('The following invitees are not users: !users', array('!users' => $invalid));
    }

to:

if (!empty($invalid)) {
      $messages[] = t('The following invites failed to send: !users', array('!users' => $invalid));
    }

But maybe this is too inelegant. I did think however that the reasons a non-member could not be added shouldn't be too descriptive (i.e. this user is banned), because this will be a tool for group admins.

Perhaps extending the 'invites failed' string with "These invites may have failed due to email policies in force, non-existent usernames, or typing errors in the email address or username. Please contact a site administrator with any queries." would be a good thing.

Testing the patch from #22 found these errors so far:

When sending the invitation:
warning: Missing argument 2 for variable_get(), called in /home/client/drupal6/sites/all/modules/og_invite_link/og_invite_link.module on line 398 and defined in /home/client/drupal6/includes/bootstrap.inc on line 583.

Same error when clicking the link and creating the account:

warning: Missing argument 2 for variable_get(), called in /home/client/drupal6/sites/all/modules/og_invite_link/og_invite_link.module on line 61 and defined in /home/client/drupal6/includes/bootstrap.inc on line 583.

Seems like the call to variable_get is just missing its default definition. I added ", FALSE" after the variable name and all was good.

My line 61:

  if ($form_id == 'user_register' && variable_get('og_invite_link_invite_unregistered', FALSE) && !empty($_GET['og-invite-token'])) {

My line 398:

  if (!is_object($account) || (!$account->uid && !variable_get('og_invite_link_invite_unregistered', FALSE)) && empty($account->mail) ) {

I had the same error, cheers @ymmatt

I had a few invites sent out today with badly formatted email addresses (i.e. user.domain.com), we probably ought to be checking for this as well as whether an email address is banned.

so maybe:

if (!$account->status) {
        if (variable_get('og_invite_link_invite_unregistered', 0) && !drupal_is_denied('mail', $name) && valid_email_address($name)) {
          $account = new stdClass();
          $account->uid = 0;
          $account->mail = $name;
        }
        else {
          $invalid[] = check_plain($name);
          continue;  
        } 

The invites don't work for a group marked a 'private group'.

I actually don't know what a private group is though apart from not appearing in the group directory.

Another issue, the @sent-to token for the 'Group admin invite notification subject:' notification doesn't get filled in.

Testing in pre-production ..

Bit confused about the invite-only / closed groups.

With invite-only/moderated:

So if a non-admin sends out an invite, does the invitee accepting the invite go into the admin's 'request for access' queue?
If an admin sends out invite, invitee is automatically accepted?

With closed:

Only admins can send out invites, but invitees responding are automatically accepted?

Think I'm mostly still confused because of #1271454: Limit sending ability to group admins only

Great job btw!

Ahhh... has that always been there?! I've been trying to reverse engineer the whole philosophy... lol

Not yet, was mulling over whether or not to keep Ezra's changes in #1271454: Limit sending ability to group admins only and ran out of time today, but now I understand the og_invite_link group types I don't think I need to.

Although, the setting to allow inviting of non-users to sites that don't normally accept new users might have some usefulness to some. (Edit: Sorry that was part of this patch, so all's good).

Sorry I dont' know where to paste the patch??

Anonymous users is just greate to invite!

My case is Facebook connecte - users dont have to register!!! XD

So I'd like to invite them directly to a group :)

I'd also like any member to be allowed to invite, or maybe better to be able to set permissions.

This has been committed to the dev release on the project page.

Thank

You mean commited is already implemented in current dev version ? :]

Yes

sure I will test ;]
do you think it is possibly safe for production site?

Using this and all seem's fine.

Just one small thing, the invalid text doesn't appear (Second Edit: the invalid text does appear, I was looking in the wrong place - like on the registration screen - time to sleep I think).

Edit: thought this might be down to a typo of invitation ($invitiation_result) but I see you're declaring that.

Another smallish problem with this.

When a non-admin member of an Open group sends out an invitation, the process is treated as with a moderated/invite-only group - the invitee gets the message that their request is awaiting approval, and the group administrator has to approve access.

I know this is true for inviting non-members, not sure about members.

seems to be fine :)

Ok I did some more testing

When inviting a new user (not registered) using his e-mail he gets a link in his invitation:

mysite.com/user/register?mail=hisemail@gmail.com&og-invite-token=1ee38022a97f3122913f52dfb607e51e

He goes to register BUT he only registers to site, not to a group, and after all he is not in a group from which he got invitation :/

But after registering, when he gets invitation again, he gets this link in invitation:

mysite.com/group/20/join/8/32b55405af0dd178fc3e92d34c6c27a7

This time he clicks and becomes a group member.

Summary:
Invitation works in 2 steps, which is not really user friendly as we suppose it is possible in 1 step only.
Requested behavior is to get that working in one e-mail only (invitation to both site and group approved during registration without the need of additional e-mail)...

You are right - if user is registering (first time visit) it's just fine :)

However if a user has invite link, but he's also logged in via Facebook connect [not have to work out a new login and pass - USER FRIENDLY] he does not get the option to join the group.

This may work with facebook connect only if a user has prevously visited your site, and you invite him using the e-mail address he has on Facebook [and the e-mail address is saved in Drupal database.

If he is connected via Facebook but You use other e-mail to invite him - won't work.
If he didn't yet connected via Facebook - won't work.

Right now - it's fine. But would be great to have max user friendly ways of getting users, and would be greate to get this to work with FB connect [Drupal for Facebook].

Regards

I keep getting this message when trying to send an email to people who are not site users:

The following invitees are either not users, or are invalid email addresses: you@example.com [even though I have a real email address used]

Using Drupal Commons 2.2 (with og_invite_link 1.0xDev

Mark C probably your problem is that you have to set the "og_invite_link_invite_unregistered" variable to 1
drush @nivariakm.pre vset og_invite_link_invite_unregistered 1

It'd be great if it was that simple. What would I need to do if not using Drush to set the "og_invite_link_invite_unregistered" to the correct number? Also, what is the correct number? 0?

In my og_invite_link.admin.inc it says:

$form['registration']['og_invite_link_invite_unregistered'] = array(
    '#type' => 'checkbox',
    '#title' => t('Invite people without accounts'),
    '#description' => t('If enabled, invitations are sent for user registration along with a token so that users can accept invitations when registering.'),
    '#default_value' => variable_get('og_invite_link_invite_unregistered', 0),

and og_invite_link.module has this (amongst other references to "og_invite_link_invite_unregistered"):

 // Check if we are allowed to invite non-users
      else if (variable_get('og_invite_link_invite_unregistered', 0)) {
        // Make sure we have a valid, non-banned email address
        if (valid_email_address($name) && !drupal_is_denied('mail', $name)) {
          // Build a user object
          $account = new stdClass;
          $account->uid = 0;
          $account->mail = $name;
        }

Thanks for the reply.

You can also set it in the settings.php file. At the end of the file you can add this:

$conf['og_invite_link_invite_unregistered']  = 1;

Thanks. I'll give that a shot. Really appreciate all the help, folks.

Sorry for making this active again; overrule me if not appropriate.

I still get issue with empty token (token=). I have installed the latest version of 6.x-1.X, dating from Oct 15. I assume the patch mentioned here was already incorporated?

I have to add that my groups are private and moderated, but I still want users to be able to invite non-members. The registration-page does appear, but once registered or for already members, the message 'access denied' appears, no surprise since the token is missing.

Any known conflicts with other modules? I use commons 6.X-2.3.

The issue of sending out invitations without token is fixed. Nor sure how, maybe through running cron

I'm sorry to re-open this, but it appears that the concern raised in #33 was not addressed. In the latest code for D6, the $sent_to variable in og_invite_link_mail() is populated by user_load(); if the uid is 0, the resultant displayed name in the email is blank. If the D6 version is still open for patches, please let me know and I'll submit one.

Confirm #73, we also are not getting $sent_to populated when inviting someone by their email address instead of username. Latest version.

I've attached a patch which uses the 'To' address for the 'sendto' variable if the username is empty.

There is a typo in the patch
'@sent-to' => (empty($sent_to->name)?"'".$invitiation->mail."'":$sent_to->name),
should read
'@sent-to' => (empty($sent_to->name)?"'".$invitation->mail."'":$sent_to->name),

Beside that, it is OK for me