Guest Mode Extension

huseyinfiliz

📝 Description

Guest Mode revolutionizes forum accessibility by allowing users to participate instantly without registration. Perfect for quick questions, one-time contributions, or users who want to test your community before joining!

🎯 Why Guest Mode?

Ever lost a potential contributor because registration felt like too much friction? Guest Mode removes barriers while maintaining security and control. Let users experience your community first, then convert them to members when they're ready.

🛠️ Latest Update

v1.5 - December 2024

✨ Features

🚀 Quick Access

One-Click Entry: Join discussions instantly with a single click
Smart Session Management: IP-based sessions (GDPR compliant with hashing)
Auto-Generated Names: Unique guest identifiers (e.g., Guest1234)
Seamless Experience: Full posting capabilities without registration

🛡️ Security & Control

Post Limits: Configurable maximum posts per guest (default: 3)
IP Tracking: Secure SHA-256 hashed IPs for privacy protection
Spam Prevention: Same IP returns existing guest session
Admin Control: Full configuration from admin panel

⚙️ Admin Features

Complete control over guest behavior:

Customize guest username prefix
Set maximum post limits (1-10)
Monitor guest activity
GDPR-compliant data handling

🎨 User Experience

Welcome Modal

Friendly greeting for new guests
Clear explanation of limitations
Professional, non-intrusive design

Smart Recognition

Returning guests get their previous session
No duplicate accounts from same IP
Smooth re-entry experience

📥 Installation

composer require huseyinfiliz/guest

Or use Flarum Extension Manager:

huseyinfiliz/guest

♻️ Updating

composer update huseyinfiliz/guest
php flarum migrate
php flarum cache:clear

🔧 Compatibility

✅ Flarum: 1.8.1+
✅ PHP: 8.1+
✅ GDPR: Privacy compliant

🌍 Translations

Currently available in:

🇬🇧 English

Want to translate? Contributions welcome!

🐛 Found a Bug?

Please report issues on GitHub

🔗 Links

💬 Feedback

I'd love to hear your thoughts! Please share your feedback, suggestions, or feature requests in the discussion thread.

If you find this extension useful, please consider:

⭐ Starring on GitHub
👍 Liking this post
💬 Sharing your experience

Thank you for using Guest Mode! 🙏

huseyinfiliz

First of all, this is a modern rebuild of the extension originally released as Finteger Guest Login at. Since the source code of the old extension was not available, it was written from scratch. In terms of logic, it follows a similar approach.

clarkwinkelmann

Great job!

Looking at the source code though, I think it would be quite easy for a malicious actor to spoof their IP address and create unlimited accounts.

If you are not hosted on Cloudflare, then the CF-Connecting-IP header wouldn't be safe to read. Same thing for X-Forwarded-For, if you are not behind a proxy that implements this feature, that value can be set to anything by the user.

Either these need to be optional headers behind a Flarum setting, or users of this extension should explicitly blacklist those headers in their Apache/Nginx configuration so they never reach PHP/Flarum.

It also seems like if someone creates a regular forum account and intentionally or unintentionally uses the guest prefix in their username, then their regular account will also be subjected to the guest post limit.

huseyinfiliz

clarkwinkelmann You make very valid points. Without Cloudflare IP detection, this extension would not function properly for forums running behind Cloudflare, since the client IP would not be accessible at all.

Of course, as you mentioned, IP-based protections are inherently weak—rotating IPs through proxies is trivial. From that perspective, Cloudflare headers do not drastically change the risk model, but I wanted to ensure compatibility for forums hosted there.

For administrators seeking stronger moderation, I suggest using this extension together with First Post Approval. That way, guest submissions can always be routed through moderators before becoming visible.

As for the global guest prefix, this was an intentional design decision. Any account using the same prefix will be subject to the same restrictions. This is consistent with the behavior in the original Finteger Guest extension, which inspired this project.

That being said, I completely understand your concerns. I initially postponed publishing this extension for the very same reasons, as I couldn’t find a perfect solution that applied across all environments.

I’m very open to exploring alternatives—especially around Cloudflare header handling or IP restriction mechanisms. If you have suggestions on how to make these aspects more robust without sacrificing compatibility, I’d be glad to hear them.

Currently, the extension also blocks the creation of multiple guest accounts from the same IP.

Umutcan

Good job @huseyinfiliz 💫💫

huseyinfiliz

Umutcan Thanks! ✨

Turkish language is now added for Guest Mode. If you like the extension and want to contribute, you can help translate it into your language for free via Weblate: HuseyinFiliz/Guest-Mode at Weblate