IMPORTANT: There have been some major changes since earlier versions of the plugin, so you won’t be able to just overwrite the old plugin this time.
According to Dave Edis, from Interactive Tools, “There's no easy upgrade so you need to use this (latest version) on new sites or recreate the pages.”
YOU MUST MODIFY SOME OF YOUR WEB PAGES TO USE THIS NEW VERSION
According to Robin Brayer from Interactive tools, the pages that need to be updated to upgrade the Website Membership plugin from 1.03 to the latest version are:
login password-reset user-profile user-signup
He said, “The simplest thing to do is to replace the whole block of php at the top of each membership page (login, password-reset, user-profile and user-signup pages) with the new block from the example files. If there are any custom changes, you'll need to re-integrate them.”
NOTE: This recipe I've tried to present a pretty detailed, step by step approach, so even inexperienced programmers shouldn’t have too much trouble upgrading.
So...
Here we go...
CAVEAT: If you’re not running at least version 2.08 of CMS Builder, you’ll have to upgrade to that version. V 1.04 of the membership plugin won’t work without it. Later versions may require the then current version of CMSB to operate. (membership V1.06 and V1.07 require CMSB 2.13)
UPGRADING CMS BUILDER You can download the current CMSB version from:
http://www.interactivetools.com/upgrade/
To begin the upgrade to the latest version of CMSB, backup your entire MySQL database through the general settings page of your current CMSB Admin interface.
It's a good idea to download your entire cmsAdmin directory to your local computer just in case the upgrade doesn’t work as expected and you have to restore the old CMSB version. I'd suggest that you download a copy of your existing membership related pages as well, since you're going to be making some pretty drastic changes to them.
Once you’ve backed up all the files, upload all of the new folders and files from the latest version of CMSBuilder to your on-line cmsAdmin folder and overwrite all of the old CMSB operating files with these new files.
Beginning with Version 2.08 the concept of user password encryption was incorporated to CMSB.
IMPORTANT: Make sure that you don’t choose to encrypt your passwords at this point because your current version of the website membership plugin won’t work with encrypted passwords.
ALSO: If you’ve made any custom changes to your CMSB operating files for added functionality, you’ll have to make those changes again to restore that functionality.
UPGRADING THE PLUGIN
Once the new version is installed and working correctly, it’s time to begin the upgrade to V1.07 of the website membership plugin
First download the latest version of the Website Membership plugin from:
http://www.interactivetools.com/add-ons/
and extract the files to a new folder so you don’t overwrite your older plugin files.
*** You'll have to update a number of file paths at the top of the new plugin so that your log in and update files can be found. Sp do that before you upload the new version to your plugins folder.
Next, make a copy of all of the pages that you’re planning to update. (the log in page, the user profile page, the password reminder page, etc.)
If you’re like me, you’ve customized the code on those pages to match your site’s requirements, so you won’t be able to just cut and paste a lot of the code.
Instead, you’ll probably find yourself comparing the active code line by line and updating as required.
THE LOG IN PAGE Start with the easiest one, which is probably your login page.
Open the copy you made of your current user login page and also the current plugin’s sample login page (user-login.php) from the “examples” directory.
Examine the active code of both, line by line and if you find something that you need to update, change that code and then move to the next.
When you’re done, move on to another pair of pages, like the user signup form.
The first place in the signup form that I found that needed changing was to change the // load viewer library code from absolute to relative paths.
The next was to change the password related values in the // Add User section to accommodate the use of encrypted passwords.
After that there are changes the send email section.
In the old form, that code started with:
_websiteLogin_sendSignupMessage();
Since the plugin now incorporates the ability to automatically send emails using emails/user-new-signup.php The code in the new form starts with:
// send message $emailTemplate = "emails/user-new-signup.php";
First, copy any custom error message code you created, then replace the code from:
_websiteLogin_sendSignupMessage();
up to:
$_REQUEST = array(); // clear form values
with the new block of code.
THE PASSWORD REMINDER PAGE If you've got a password reminder page, the active code it will have to be replaced.
Begin with the code in the error checking section at the top of the page, and just below your "Already logged in / logoff" code after the brace, add:
### send reset email if (@$_REQUEST['action'] == 'sendPasswordReminder') { global $SETTINGS, $TABLE_PREFIX;
// display errors if (!@$_REQUEST['usernameOrEmail']) { $errorsAndAlerts .= "No username or email specified!<br />\n"; }
// send emails if (@$_REQUEST['usernameOrEmail']) { $where = mysql_escapef("? IN (`username`,`email`)", $_REQUEST['usernameOrEmail']); $user = mysql_get('accounts', null, $where);
// send message if ($user) {
// get reset password url $resetCode = _generatePasswordResetCode( $user['num'] ); $resetQuery = "?userNum={$user['num']}&resetCode=$resetCode";
// $emailTemplate = "emails/user-password-reset.php"; $emailHeaders = emailTemplate_load(array( 'template' => websiteLogin_pluginDir() . "/$emailTemplate", 'subject' => '', // set in template 'from' => '', // set in template 'to' => $user['email'], 'placeholders' => array( 'username' => $user['username'], 'loginUrl' => "http://" . $_SERVER['HTTP_HOST'] . $GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL'], 'resetUrl' => "http://" . $_SERVER['HTTP_HOST'] . $GLOBALS['WEBSITE_LOGIN_RESET_URL'] . $resetQuery, ), )); $mailErrors = sendMessage($emailHeaders); if ($mailErrors) { die("Mail Error: $mailErrors"); }
// $errorsAndAlerts .= "Thanks, we've emailed you instructions on resetting your password.<br /><br />
If you don't receive an email within a few minutes check your spam filter for messages from {$emailHeaders['from']}<br />\n";
// clear form $_REQUEST['usernameOrEmail'] = ''; }
// if (!$user) { $errorsAndAlerts .= "No matching username or email was found!<br />\n"; } } }
THE PASSWORD REMINDER EMAIL To implement the password reminder (now a password reset request) you'll need to have 2 new files on your site in addition to the revised "password reminder".
1) A sample password reminder email template that comes with v1.07 of the plugin can be found in the "emails" folder. Change the message text if required, and upload the file to your plugins folder. This send an email to the member requesting their password.
2) A user-password-reset.php that can be found in the examples folder of the plugin. This file updates the user's password Re-skin this file and upload it to the same directory that stores the other user forms, usually the root directory of your site.
Since the idea of resetting passwords may be new to your members, you may find it handy to change the original sample email message from:
Hi <?php echo htmlspecialchars($PLACEHOLDERS['username']) ?>,<br /><br />
You requested a password reset for <?php echo htmlspecialchars($_SERVER['HTTP_HOST']) ?>.<br /><br />
To reset your password click this link:<br /> <a href="<?php echo $PLACEHOLDERS['resetUrl'] ?>"><?php echo $PLACEHOLDERS['resetUrl'] ?></a><br /><br />
to:
Hi <?php echo htmlspecialchars($PLACEHOLDERS['username']) ?>,<br /><br />
For security reasons, passwords can no longer emailed. If you have forgotten your password, you will have to reset it to a new value for access to <?php echo htmlspecialchars($_SERVER['HTTP_HOST']) ?>.<br /><br />
To reset your password click this link:<br /> <a href="<?php echo $PLACEHOLDERS['resetUrl'] ?>"><?php echo $PLACEHOLDERS['resetUrl'] ?></a><br /><br />
THE PROFILE CHANGE REQUEST PAGE If you're not too confused yet, the next change is to your user profile change request page:
The first change is in the "// new password checking" section at the top of your viewer. Copy the entire block and paste it just before the corresponding block in your existing viewer. Change any messages that you've modified, and then delete your old code block.
Then after //update password insert the entire new "// update password if needed", code block:
// update password if needed $password = @$_REQUEST['newPassword2'] ? @$_REQUEST['newPassword2'] : $CURRENT_USER['password']; if (@$SETTINGS['advanced']['encryptPasswords']) { $passwordHash = getPasswordDigest($password); } else { $passwordHash = $password; }
Next, in your $query = "UPDATE `{$TABLE_PREFIX}accounts` SET section, replace:
password = '".mysql_escape( $CURRENT_USER['password'] )."',
with:
password = '".mysql_escape( $passwordHash )."',
That should do it.
If you are using CAPTCHA creator, see the recipe entitled, "IMPLEMENTING CAPTCHA ON THE WEBSITE MEMBERSHIP PLUGIN 1.04+ SIGNUP FORM".
If you're using the updated SpamBot plugin 2.0 and you are getting strange results returned in your email form fields, consider adding <?php $GLOBALS['SEP_DISABLED'] = 1; ?> to the top of those pages, before any includes or requires. This will disable the plugin on those pages annd your results should look normal again.
If you find anything that I've forgotten, or that needs further explanation, please send me an email and I'll add your discovery to this recipe.
|