One of the sites I work on has recently been suffering private message spam, ranging from fake market research to child porn. Needless to say this needed solving, and since I couldn’t disable private messaging, there was only one option, and that was to only allow Buddypress friends to send private messages to each other.

The is a “bug” in Buddypress that allows any user to send a private message to any other user simply by entering the username in the “to” field of the compose message form. This isn’t an obvious flaw since the ajax function that shows the available users as you type in the box does indeed only show your friends.

I looked all over the web for a solution, but the only one I found, a hack at that, wasn’t compatible with the version of BuddyPress I’m using. There was only one thing for it, and that was to roll my sleeves up and sort it myself.

The solution I came up with, while not the most elegant, works.

This may vary slightly depending on your version of BuddyPress, so instead of offering line numbers, I’ll explain where in the code you need to look. Don’t worry, you only have to edit a single file with just a few lines.

The file you want is /wp-content/plugins/buddypress/bp-messages/bp-messages-classes.php

Annoyingly, because I hate doing this, there are a few classes in the same file, so you need to find “class BP_Messages_Message”

In there is the method, “send”.

Quite near to the top of that method is the line “if ( $this->thread_id ) {”

That is instructing the code to take a different path is the “message” already exists, i.e., somebody is replying to an existing thread. We don’t want to change this, so look for the else component of that if statement; it should be marked with the comment “// Create a new thread.”

Directly under that, paste this code.

foreach ($this->recipients as $recipientName)
{
$recipientId = get_user_id_from_string( $recipientName );
if (!friends_check_friendship($bp->loggedin_user->id,$recipientId))
{
return false;
}
}


Save the file, upload it to your site, and you’re done. Users can now only send a message to their friends.

The only downside to this is that the failure message isn’t ever so elegant. Rather than giving the reason for the failure, it simply says that sending the message failed. This shouldn’t be a problem for normal users though, if anything it just makes the spammers life a little more confusing, which I’m sure we can all agree is a good thing.

So there you go, that’s how to prevent spam private messaging within BuddyPress.

This entry was posted on March 16, 2010 at 6:58 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in Coding Tips and Tutorials by admin No Comments Yet