The WP-Members 2.6.4 release is a bug fix release for the following:
- User activation bug on individual user activation
- Alignment on the login form between “Remember Me” and “Login”
- Improper deprecation of the wpmem_generatePassword function
User Activation Bug
This particular bug was the primary reason for this release. In the 2.6.3 release, some changes were included to the user activation process to better leverage WP functions. The front end user registration had been updated some time ago to utilize the wp_insert_user, which among other things, hashes the password. When WP-Members was first built, WP used an MD5 hash but has since changed phpass. A password that was MD5 encrypted would be automatically updated to phpass when the user logged in, so this was not a critical issue, but it was one of those things that should be updated.
So in 2.6.3, as part of the rebuild of the bulk user management screen, I rebuilt the wpmem_a_activate_user function to use the wp_update_user function. Like wp_insert_user, wp_update_user automatically hashes the password and overall allows us to update the user data with less lines of code. This update worked fine for bulk activation of the users. However, this same function is used by the individual user update page when activating a user, and in that instance the wp_update_user function would hang, resulting in a script timeout.
While I have been unable to determine why this would work for bulk users and not individuals, I was able to correct the problem by rolling back to using $wpdb->update to update the users. Using wp_hash_password still allows us to take advantage of the phpass encryption, it’s just not done on the fly like wp_update_user.
There is an explanation of this in the wordpress.org support forums.
Login Form Alignment
This was not a bug, per se, but more of an annoyance. Since the introduction of the new tabless forms, the alignment of the “Remember Me” checkbox and the Login button have had a <br> tag inserted between them. This breaks the Login button to a new line.
The problem with this is that it was something that was being inserted by WordPress. WP-Members would generate the form, but that was done before WP formatted the content. For those of you unfamiliar with how WP formats, content, it automatically puts in breaks and paragraph tags for you, giving what should be nicely formatted HTML.
In this case, it was not so nice – and also not so easy to figure out how to circumvent the issue. What I ended up doing was creating a filter that overrides the wptexturize process and have it leave a specific shortcode unformatted. It only runs when the login form is generated and prevents WP from inserting the line break.
Improper Deprecation of wpmem_generatePassword
WP-Members has moved forward in its ability to protect the comments template without the addition of any code in the comments.php file. Those of you that have used the plugin for awhile may remember having to put a code snippet into comments.php to manage this.
With the advancement of WP in the template area, this presented some problems is the user didn’t create their theme as a child theme (needing to reintroduce this snippet after upgrading WP) and, no offense, but there are a lot of users the simply do not understand that concept. Secondly, it created a large number of support questions because non-technical users would run into problems with cutting and pasting a code snippet that they didn’t understand.
So with the introduction of more a more advanced comments.php on WP’s part, I was able to integrate the needed comment protection into the plugin without the need for additional code snippets in comments.php.
The problem is that not everyone updated their comments template when this function was fully deprecated in 2.6. I understand that not everyone reads update announcements, most just hit the upgrade now link without thinking (or checking). So there were a lot of users that unknowingly had a site that threw an undefined function error. Easily fixed on their end, and since it comes in the comments, it just throws off the footer on pages that have comments and the user is not logged in, but bad form none-the-less.
So, to accommodate those users, I slipped the function back in.
Hopefully, that wraps up the needed fixes in the 2.6 series and we can now fully move on to the 2.7 project list. 2.7 will focus on building admin panels for customizing all of the email messaging that the plugin sends out.