THE WEBSITE MEMBERSHIP PLUGIN - Apr 16th, 2013


There are some interesting features built in to this plugin. I’m sure that there will be many more to come.

Here’s the brief summary:

Website Membership works by allowing site visitors to sign-up for a user account. Once signed up they can log in to view
password protected content on your website. At any time, if your visitor has forgotten their password they can request
to have it emailed to them.

The changes in Version 1.08+ require some code changes in viewers to work correctly, I'll be documenting them over the
next few weeks.

Version 1.10 Released 3/18/13

SERVER REQUIREMENTS: CMS v2.52

NEW FEATURES
- Security: Added blacklist of top 100k common passwords. Found in /lib/login_password_blacklist.txt
- Usability: Whitespace is removed from beginning and end of username and password on login (to prevent copy and paste
errors)
- Usability: Passwords that start or end with spaces are no longer allowed.
NOTE: If upgrading, use Code Generator to recreate the Password Reset and Edit Profile pages to take advantage of new
features.

MINOR CHANGES & BUG FIXES
- Misc Code and other minor improvements


Version 1.09 Released 1/29/13

NEW FEATURES
- Login Form: Users can now login with either username or email (on sites supporting usernames)
- Signup Form: Username support can be disabled by setting $useUsernames = false;
- Profile Form: Username support can be disabled by setting $useUsernames = false;
- Profile Form: Added sample commented code for adding "Agree to Terms of Service" checkbox
- Email Templates: can now be edited in CMS under: Admin > Email Templates
- Example Pages: can now be generated under: Admin > Code Generator
- Account Table: Changing account table name will cause new table to be created if it doesn't exist


MINOR CHANGES & BUG FIXES
- Enabled "Required System Plugin: True" in plugin so plugin can't be accidentally disabled
- Fixed bugs related to invalid links being generated in some instances
- Logoff now redirects back to referring page if no other url specified
- Login page now redirects back to referring page if no other url specified
- Removed files: Old email templates folder /emails/ has been removed
- Removed files: Old example files folder /examples/ has been removed
- Misc Code and other minor improvements

Version 1.08 Released 10/29/12

MINOR CHANGES & BUG FIXES
- Added a plugin hook 'wsm_loginSuccess' to allow custom code to always run after a user successfully logs in
- Added a plugin hook '_websiteLogin_init.pre_actionHandler' to support future social media login plugins
- Added new option 'WEBSITE_LOGIN_REQUIRED_FIELDS' to force users to fill out required profile fields
- Fixed bug where entire $_SESSION array would be erased when a user was not logged in

Version 1.07 Released 1/27/12

MINOR CHANGES & BUG FIXES
- On save of WSM_ACCOUNTS_TABLE, if it's not accounts, encrypt passwords if needed
- Example files now use $GLOBALS['WSM_ACCOUNTS_TABLE'] instead of 'accounts' so they recognize different accounts
tablenames
- Sign-up example file no longer updates the _accesslist table if using a seperate table for website users


New in Version 1.06

NEW FEATURES
- You can now specify a separate accounts tables for website users (see WSM_ACCOUNTS_TABLE in plugin code)
- You can now login to the CMS and website as different users simultaneously (see WSM_SEPARATE_LOGIN in plugin code)

MINOR CHANGES & BUG FIXES
- Fixed bug where plugin code was being automatically run by command-line scripts
- Fixed typo on examples/user-signup.php. Changed $errors to $mailErrors on line 96

New in Version 1.05

MINOR CHANGES & BUG FIXES
- Fixed display of mail errors in email template
- Fixed issue with reset password feature causing an error

New in Version 1.04
NEW FEATURES
- Updated Plugin and sample_profile.php to support new Encrypted Passwords feature in v2.08
- Email templates are now available in /emails/

MINOR CHANGES & BUG FIXES
- You can now add false to websiteLogin_redirectToLogin(false) to prevent the user from being redirected back to the
previous page after login
- Profile: You can now avoid having users logged out after changing their username and/or password by calling the new
websiteLogin_setLoginTo() function

New in Version 1.03
MINOR CHANGES & BUG FIXES
- Login: After login users are now directed to the last "login-required" page instead of WEBSITE_LOGIN_POST_LOGIN_URL
- Docs: Added section to readme.txt: How to display custom login errors (Not approved yet, etc)
- Errors: Message is now displayed for disabled accounts on login: "Your account has been disabled!"

New in Version 1.02
- Docs: Added section to readme.txt: How to add a custom text field
- Docs: Added section to readme.txt: How to add radio fields with values loaded from CMS
- Erase Account: Added new button on profile page to allow users to remove their accounts
- Misc Code and other minor improvements

New in Version 1.01
Signup: user is now emailed a random password to confirm their email address (they can't login without receiving
password)
- Edit your Profile: added new form to allow user to update their profile details and change their password, and any
other fields you've setup.
- Docs: Added section to readme.txt on how to use email as the username (if you don't want users making up their own
usernames)

Along with other functionality that’s built in to this module, you can display certain information in your viewers on
a restricted basis.

To determine if the current user is logged in, you can test with:



<?php if (current_user): ?>
only logged in user will see this...
<? php endif ?>



You could set up a separate (text or check box) field in the user accounts editor and assign it a value for that
particular class of users. Then test with:



<?php if ($CURRENT_USER['your_field'] == "your_value"): ?>Current user will be able to see this<?php endif ?>



Only user(s) who have that value entered/selected in their user record will be able to view the protected information on
the web page.

Chris Waddell from Interactive Tools added these hints:

To determine if the current user is the "author" of a record, you can test with:



<?php if ($record['createdByUserNum'] == $CURRENT_USER['num']): ?>Only the author will be able to see this<?php endif ?>



You may want to also allow admins to see your protected information:



<?php if ($record['createdByUserNum'] == $CURRENT_USER['num'] || $CURRENT_USER['isAdmin']): ?>Author and administrators
will be able to see this<?php endif ?>



The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service