Tornevall Networks

← Back to docs

vBulletin Registration Flow & External Group Administration

Language: EN | EN | SV

vBulletin Registration Flow & External Group Administration

Tools now includes a dedicated vBulletin registration layer that keeps the invite state, review queue, and final access decision in Tools while the actual forum account still lives in vBulletin.

Short version for operators who keep a separate Google Drive document:

What the current registration flow covers

  • Admin page under /admin/security/vbulletin
  • Dedicated admin key-generator page under /admin/security/vbulletin/onboarding/keys
  • Dedicated public registration page under /vbulletin/onboarding
  • Public registration start page via either /vbulletin/onboarding/{slug} (enter the invite code manually) or /vbulletin/onboarding/{slug}/{inviteKey} (the code is already filled in)
  • Each registration flow can now also have its own optional welcome message on the public invite page
  • The public registration page now lists only flows that are explicitly marked for public listing; hidden flows still work through shared direct links
  • Public registration pages and status pages available in both English and Swedish
  • Status page per registration request
  • Configurable registration flows with their own intro text, rules, and allowed vBulletin group IDs
  • Empty registration-group config now falls back to vBulletin group 155 by default
  • Optional mapping from a registration flow to a specific vBulletin custom profile field (for example field66)
  • Optional per-flow mode where the forum account must already exist before the public registration request starts
  • Referral / one-time keys with max-uses and optional expiry
  • Clearer reusable-vs-single-use wording in the key generator, so Referral link is now presented as the reusable invite option and One-time key stays the single-use variant
  • Bulk invite creation for admins and delegated key creators, including no-expiry, exact-expiry, and extend-by-days expiry modes
  • Delegated key-creator page for non-admin users under /vbulletin/onboarding/keys
  • The delegated key page now shows all invite keys for the registration slugs the current user is allowed to manage, not only keys created by that same user
  • The admin and delegated key pages can now also delete invite keys over AJAX
  • Each invite key can now also store its own per-key recipient/assignee name and recipient email, and those fields autosave over AJAX on both the admin and delegated key pages so operators can see which person already received which key and which address is ready for invite mail
  • The admin and delegated key pages now also include an invite-outreach composer where you pick one saved recipient from a list, open a configurable messenger-ready message template, or switch to an HTML email template for direct invite sending
  • The invite-outreach composer now waits until you leave the current template/sender field (or switch invite) before it saves, so longer edits no longer throw the cursor out of the textarea mid-typing
  • The invite-outreach composer now also shows each invite key's live status directly in the recipient list (Active, Consumed, Expired, or Inactive), and keys that are already consumed/expired/inactive stay visible only for review while recipient edits plus Messenger/email send actions are locked
  • Invite keys can now also be marked as Test code / dry-run only. Those keys still let operators and invitees walk through the full onboarding flow, but approval never grants real forum access or live vBulletin group membership.
  • Invite keys can now also be marked as This is a trusted user on the admin key page, the delegated /vbulletin/onboarding/keys page, and in the inline recipient editor. When that invite later gets approved, Tools can use the saved recipient email to unlock /vbulletin/onboarding/keys for that same person and send one follow-up mail with the delegated key page plus the currently visible invite list for that slug
  • Waiting/review/approved/rejected/revoked lifecycle stored in Tools
  • AJAX-searchable vBulletin user lookup from the admin page
  • Limited forum-group grant/revoke based on the selected registration config
  • The same scoped group writes now also trigger one remote core/api.php save step and then a separate-host-safe cache refresh step, so forum-side cache state can be refreshed immediately even when Tools and the forum do not run on the same server
  • Scheduled forum-account matching through php artisan vbulletin:onboarding-sync
  • Welcome/info messages that can be rendered inside vBulletin via a small hosted JavaScript include
  • Profile-field assignment history that links older replaced invite values to the newer Tools key plus the affected vBulletin username

Admin workflow

Open:

  • /admin/security/vbulletin Required permission:
  • vbulletin.manage
  • actions such as approve/reject/revoke/link/group writes additionally use vbulletin.onboarding.review
  • delegated invite-key creation for non-admin users uses vbulletin.onboarding.keys.create plus a per-config grant from the admin page

1. Create a registration configuration

Each config represents one registration flow, for example:

  • a forum category/team/community area
  • a special invited group
  • a one-off trial registration track Important fields:
  • Name / slug
  • Invite-code profile field ID when the registration flow should sync each invite code into a hidden/editable vBulletin custom profile field such as field66
  • Existing forum account required first when applicants must register in vBulletin before they open the actual Tools-side registration form
  • Introduction text shown on the public registration page
  • Optional welcome message shown as a separate welcome/info block on the public invite page when configured
  • Rules / minimum terms
  • List on public registration page when this flow should appear on the public entry page; leave it off when the link should be shared privately only
  • Forum destination URL / label used by the public status page when access is ready; if left empty, Tools falls back to https://forum.tornevall.net
  • Allowed vBulletin group IDs
    • when left empty, Tools now falls back to group 155
  • Manual review required
  • Auto approve
  • Relevant forum IDs (metadata/scope helper for later expansion)

2. Create a referral or one-time key

Every registration link belongs to one config. Key options:

  • referral or one_time

  • preferred public language (English or Svenska)

  • optional profile-field override when one specific key should use another vBulletin custom field than the config default

  • target vBulletin user.userid when the key belongs to one already known forum account

  • label

  • inviter/referrer name

  • optional inviter email (used when Tools detects the registration)

  • optional success destination URL / button label when one specific invite key should send the finished applicant to another destination than the onboarding config default

  • max uses

  • optional expiry

  • optional batch quantity when several invite links should be created in one go

  • expiry handling can now be no expiry, one exact date/time, or a relative extension by days

  • optional group override if the key should grant different groups than the config default After a key is created, Tools shows both:

  • the slug-only public URL (/vbulletin/onboarding/{slug})

  • the direct invite URL (/vbulletin/onboarding/{slug}/{inviteKey})

Invite outreach templates

Admins can now configure three optional template fields per onboarding flow:

  • Messenger registration template
  • Registration email subject template
  • Registration email HTML template

The same onboarding flow can now also keep default email sender values for outreach mail:

  • Registration email from name
  • Registration email from address

On the outreach composer, both sender fields autosave just like the templates do, so operators can prepare one reusable sender identity per registration flow instead of retyping it for every invite.

Those invite-composer template/sender fields are now saved when the operator leaves the field or switches to another invite, instead of interrupting typing in the middle of the textarea.

The registration email HTML template now also follows the Messenger registration template automatically until an operator explicitly writes a separate custom HTML version. That means changing the Messenger wording first is now enough for the default email body to stay in sync too.

Supported placeholders include:

  • {{recipient_name}}
  • {{recipient_email}}
  • {{invite_code}}
  • {{invite_url}}
  • {{config_name}}
  • {{forum_destination_url}}
  • {{forum_destination_label}}
  • {{inviter_name}}
  • {{inviter_email}}
  • {{tools_user_name}}
  • {{tools_user_email}}
  • {{tools_support_email}} (the configured support address, support@tornevall.net by default)

When the default templates should point people to support, they should now prefer {{tools_support_email}} instead of hardcoding a specific address.

On the admin and delegated key pages, the invite-outreach composer can then:

  • open a messenger-ready message for the selected invitee
  • keep already consumed/expired/inactive keys visible with a clear lock status instead of letting operators accidentally edit or send the same invite again
  • switch into an HTML email composer for the same invitee
  • send a test email / dry run to the current Tools account email
  • send the real HTML invite email to the saved recipient email when one has been stored on that key

Important behavior:

  • the dry-run/test action always sends the rendered message to the currently signed-in Tools account email
  • it never sends a dry run to the saved invite recipient by mistake

Recommended wording for both Messenger and email templates:

  • explain that the recipient should open the registration link or enter the code manually
  • tell the recipient to finish the forum registration before expecting approval
  • remind the recipient to save the personal status page shown by Tools afterwards
  • always mention that if the code or link does not work, they should contact {{tools_support_email}} and the person who gave them the invite

The built-in default templates now follow that more pedagogical wording automatically when no custom template has been saved yet.

Registration audit trail

The admin page now keeps a clearer audit trail for registration-related steps.

Recent audit rows can now show events such as:

  • when someone opens the public registration page for an invite code
  • when an invite code is actually used to create a registration request
  • when Tools is still waiting for the forum registration to be completed
  • when someone reopens the personal registration status page later

This makes it easier to confirm both code usage and real registration progress without having to guess from forum-side timestamps alone.

If the key was created with Swedish selected as the preferred public language, the generated URLs also carry the language choice so the public slug page, onboarding form, and later status page open in Swedish by default.

If a key-specific success destination URL is saved, the public status page uses that destination first when the onboarding finishes successfully. Otherwise, Tools still falls back to the onboarding config destination and then the main forum URL.

If the onboarding config uses an invite-code profile field and a target forum user is supplied, Tools now also writes the generated invite code into that user's userfield.fieldN column in vBulletin when the key is created. This lets one onboarding key be tied directly to one existing forum account before the applicant even opens the Tools-side onboarding page.

If that same profile field already contained an older invite value, Tools now stores a small assignment-history row that links the replaced value back to any matching older Tools key together with the vBulletin username that was affected.

Any public invite page backed by an invite-code profile field is now treated as an existing-account-first onboarding flow on the Tools side, even when the key already targets one known forum user. In practice that means the public page leads with the profile-field instructions first, shows the exact invite code clearly, and only then exposes the minimal Start onboarding step.

When admins or delegated key creators generate several invite links in one batch, Tools keeps the shared settings for every key, numbers the label automatically when a label was supplied, and lets the batch either stay without expiry, expire at one exact timestamp, or expire after a chosen number of days from creation.

Tools intentionally blocks bulk creation when the same batch would also write directly into one specific existing vBulletin account/profile field, because that would otherwise overwrite the same forum profile with a whole chain of different invite codes. Those account-bound invite keys should still be created one at a time.

When the onboarding config instead uses Existing forum account required first, the same invite-code profile field can be used without a preset target user. In that mode the applicant registers the forum account first, stores the invite key in the configured profile field manually, and then starts the Tools-side onboarding request.

Admins now also have a separate page at /admin/security/vbulletin/onboarding/keys focused on the day-to-day key workflow. The main /admin/security/vbulletin page is now the place where the flow itself is preconfigured (groups, templates, destination, profile-field mapping, and default max uses), while the key page stays simpler and expects most new keys to reuse those saved defaults.

Both the admin page and the delegated key-creator page now focus on one concrete recipient at a time instead of large bulk copy lists. Operators choose the onboarding flow, fill in the recipient/inviter details, and only open Advanced overrides when one specific key should behave differently than the preconfigured flow. Those same pages can still delete older referral/one-time keys that should no longer be used.

Those same key pages now also show one inline Sent to / assigned to field per invite key. As soon as an operator types the recipient's name there, Tools stores that name on the key itself and treats it as the current assignment marker for that invite link. Clearing the field removes that assignment again.

2b. Delegate key creation for one slug

Admins can now grant a normal Tools user access to create more invite keys for one specific onboarding config.

  • grant this from the config section on /admin/security/vbulletin
  • the invited/delegated user still also needs the permission vbulletin.onboarding.keys.create
  • the delegated user then gets a separate page at /vbulletin/onboarding/keys
  • that page shows the onboarding slugs delegated to that account, all invite keys tied to those slugs, and recent profile-field replacement history for those same flows
  • that delegated page now follows the same simplified pattern as the admin key page: normal users mostly pick the flow, recipient, and language, while admins keep the real flow defaults on the main vBulletin admin page

Both the delegated and admin key views now also keep a lightweight per-key recipient assignment field, so invite batches can be created first and then tagged afterwards with names such as Jessica, Menekse, or another real recipient without reopening a larger edit form.

The admin key-generator page at /admin/security/vbulletin/onboarding/keys now also includes a Google Docs export section for active invite keys. Each export block can copy:

  • one heading (Inbjudningskoder och länkar)
  • two short registration instructions
  • a real table with Kod, Länk, and Person?

There are two copy modes:

  • Copy as Google Docs table tries to place both rich HTML and plain text on the clipboard so Google Docs can paste it as a real table
  • Copy plain text keeps the same content as a fallback when the browser cannot write rich clipboard data

The page shows one export for all active invite keys together with per-flow exports, so operators can keep one broader overview or paste only one selected onboarding flow into a separate shared document.

If one invite is also marked as This is a trusted user, and that invite later reaches an approved onboarding decision, Tools can now grant the same recipient email delegated access to the slug on /vbulletin/onboarding/keys automatically and send one follow-up mail that points the person to that page. This trusted-user shortcut is intentionally tied to invites that have a real saved email recipient.

For ordinary invitees, the important part is now that the public page uses simpler wording: registration link, invite code, and a clearly named field where the code should be pasted.

3. Public onboarding start

Public entry page:

  • /vbulletin/onboarding

Supported direct entry styles:

  • /vbulletin/onboarding/{slug} → user enters the invite code manually
  • /vbulletin/onboarding/{slug}/{inviteKey} → the code is already embedded in the URL

The invited person opens the slug or key URL, then fills in:

  • name
  • email
  • planned forum username (optional but helpful)
  • note

For flows that require an already registered forum account, and for any direct link where the code must be stored in the profile first, the public page now starts with a welcome/instruction step instead of dropping straight into the form. That step uses simpler wording, shows the exact invite code clearly, shows the exact profile field name, and explicitly tells the applicant to paste the invite code into the shown fieldN field before continuing.

That existing-account step no longer requires the applicant to enter name or email again. The goal is simply: save the invite code in the profile first, then continue from the same page. Inviter/referrer context can still stay attached from the key itself.

The public hub can now be linked from Services / the front page and gives users a separate stylized page where they can:

  • read the onboarding process before they start
  • paste the full registration link or only the invite code
  • read the slug-specific introduction text and rules text with preserved line breaks when those fields are configured
  • switch between English and Swedish directly on the public onboarding pages
  • continue to the actual form without needing to know the admin vBulletin page exists

If one onboarding flow should not be discoverable from that hub, the admin can now keep it hidden there. The direct slug URL and invite URLs still continue to work when they are shared privately.

There is now also a separate screenshot-driven walkthrough for Snöbollseffekten:

Tools creates an onboarding request and then tries to match the forum account immediately if it already exists.

When a key already targets one known vBulletin user through the invite-code profile-field mapping, Tools now prefers that forum user immediately instead of relying only on the older exact email / exact username match.

When the key is not tied to one preset forum user but does carry an invite-code profile-field mapping, Tools now also checks that profile field for the exact invite token. This lets existing-account onboarding tracks match the correct forum account after the applicant has saved the invite key in the profile.

Registration-complete API hook for a future forum frontend script

Tools now also exposes a dedicated completion endpoint for a future vBulletin frontend script that runs after the forum registration page believes the account creation has finished:

  • POST /api/vbulletin/onboarding/invite/complete

Suggested request body:

{
  "invite_code": "once-example-code",
  "forum_user_id": 123,
  "forum_username": "exampleuser",
  "forum_email": "user@example.com"
}

Current contract:

  • the endpoint is public for the forum frontend hook and does not require a bearer token
  • invite_code is required.
  • invite_code may now be either the raw invite token or a full onboarding URL that contains the token; Tools strips the URL down to the actual code before lookup
  • forum_user_id, forum_username, and forum_email are optional hints.
  • forum_email is treated as an untrusted hint only. It can help Tools locate the new forum account, but it is never accepted as proof on its own.

What Tools now does on that endpoint:

  • validates that the invite code exists
  • resolves the forum account as safely as possible from the invite code plus the provided forum identity hints
  • reuses an existing onboarding request for the same invite when one already exists, or creates a new Tools-side onboarding request when the invite is still valid and no earlier request exists yet
  • links the resolved forum account to the invite only when the account matches the expected invite constraints
  • auto-approves and grants forum access only when the existing onboarding config already allows automatic approval without manual review
  • otherwise keeps the request in forum_account_linked or pending_review so a moderator can still make the final decision

Important safety behavior:

  • if the invite key is bound to one specific forum user, the resolved account must match that user
  • if the onboarding flow uses an invite-code profile field, Tools now requires the resolved forum account to still hold the same invite code in that configured vBulletin profile field before the completion call can succeed
  • repeated completion calls for the same already approved invite are idempotent: Tools returns the existing approved state instead of creating a duplicate request or granting access again

Current implementation guidance for the later frontend script:

  • the strongest signal is still the invite code stored in the configured vBulletin custom profile field
  • the future script should therefore try to preserve/read that invite field value together with forum_user_id or forum_username when the forum registration flow exposes them
  • email capture remains optional because Google/Facebook/other external-provider registration flows may not expose the final email address consistently to browser-side JavaScript after registration completes

In practice, the recommended next step for the future forum-side script is still:

  1. keep the invite code tied to the vBulletin custom profile field when that flow uses one
  2. capture forum_user_id when the registration-complete page exposes it
  3. send forum_username as an extra fallback
  4. send forum_email only when it is naturally available from the normal registration form

There is now also a dedicated practical frontend guide for this hook pattern, including hook arguments, adapted field66 bootstrap code, client-side invite-code normalization, a public fetch() example, and a styled success popup example:

4. Review queue

The admin page shows pending requests and lets reviewers:

  • link a forum user manually by forum_user_id
  • approve
  • reject
  • revoke previously granted access

Approve/revoke and the manual grant/revoke buttons now do two things in one step:

  • update the allowed secondary-group membership itself
  • immediately call vBulletin's own API save path afterwards
  • then run a separate-host-safe cache refresh path that prefers either a dedicated remote refresh endpoint or direct cleanup of the forum cache tables through the configured forum database connection

That means the old workaround of opening the forum admin user editor and clicking Save, or manually opening Maintenance → Clear System Cache, should normally no longer be necessary for ordinary onboarding-related group changes even when Tools and vBulletin are hosted separately.

5. AJAX-searchable forum user lookup

The admin page also includes a live forum-user search box. Use it to:

  • look up a user by username/email
  • see their group IDs
  • check whether they are already inside the config's allowed group scope
  • grant/revoke the configured groups for that user

Scheduled forum-account matching

Command:

php artisan vbulletin:onboarding-sync

Optional full scan:

php artisan vbulletin:onboarding-sync --force

Laravel scheduler now also runs this automatically every five minutes.

Automatic approval happens when all of the following are true:

  • the onboarding config has Auto approve enabled
  • the same config does not require manual review
  • Tools has already matched the onboarding request to a real vBulletin forum account

If that automatic forum-side group save fails for any reason, the public onboarding request is now still kept instead of crashing the invite page. Tools moves the request into Pending review so an admin can finish the approval later after the forum connection problem has been fixed.

Welcome / info messages inside vBulletin

The admin page lets you create multiple welcome/info messages with:

  • title
  • body text
  • style (info, success, warning, neutral)
  • optional button text + URL
  • optional target onboarding statuses
  • optional target group IDs

The dedicated admin key-generator page also lists these welcome/info messages in a presentation-oriented view so admins can review what applicants and linked forum users may actually see for each slug/status combination. Tools serves them through:

  • /vbulletin/onboarding/messages.js Recommended vBulletin include example:
<script src="https://tools.tornevall.com/vbulletin/onboarding/messages.js?forum_user_id={$bbuserinfo.userid}"></script>

You can also place that script URL inside the existing vBulletin frontend script boxes area on the same admin page.

Public status page

Every onboarding request gets its own status page so the invited user can see whether Tools is still waiting for the forum registration, whether the account has been linked, or whether the request has been approved/rejected.

That status page now also behaves more like a live progress page:

  • it shows one primary status banner instead of duplicate success boxes
  • it keeps polling in the background while Tools is still checking the forum account / group access
  • once the configured forum access is active, the page switches to a clear completed state instead of still sounding like review is pending
  • when access is ready, the page shows a button to the configured forum destination together with a clear manual continue link
  • if no per-config destination URL is saved, Tools falls back to the main forum URL https://forum.tornevall.net

Extra HTML blocks for vBulletin

The main vBulletin admin page now also includes a small widget generator for paste-ready HTML blocks that can be dropped into a vBulletin HTML/snippet block.

Current built-in widgets:

  • Latest member for one or more selected forum groups, for example We welcome our latest member {name}
  • Member count for one or more selected forum groups, for example We keep growing! Right now we are {count} members

These widgets are served from Tools through:

  • /vbulletin/widgets/latest-member.js
  • /vbulletin/widgets/member-count.js

The generator on /admin/security/vbulletin lets the admin choose:

  • one or more forum group ids
  • styled card or plain text output
  • the text template for the latest-member widget ({name} placeholder)
  • the text template for the count widget ({count} placeholder)

The generated output is a ready-to-paste HTML block containing one container <div> plus one hosted <script src="…"></script> include.

For existing-account onboarding tracks, the waiting state still explicitly reminds the applicant to check that the forum account already exists and that the invite key is stored in the configured profile field. The page is still meant to be revisited later, so applicants should bookmark it after submitting the onboarding form.

Invite-key cleanup after approval

When an onboarding request is approved and the configured secondary forum group has been assigned successfully, Tools now also clears the same invite key from the configured vBulletin profile field if that field still contains the exact onboarding token. This keeps the profile field from holding stale invite codes after a finished onboarding.

Notes / current limitations

This first version is intentionally simple:

  • vBulletin remains the source of actual forum accounts
  • Tools only performs scoped secondary-group writes through the configured allowed group IDs
  • the current forum-account match is exact email / exact username based
  • relevant forum IDs are stored now for future expansion, but the first version does not yet inspect thread/post history per forum before approving
  • redirecting the forum user to a specific subforum immediately after vBulletin registration is still a forum-side concern; Tools does not currently override the forum's own post-registration target