Forum Replies Created
-
I know this is an old topic, but as of the latest release, this is STILL an issue.
Waiting 4 seconds for a register/login screen to slowly appear, with horribly laggy animations is not on.
Fortunately, the solution is “simple”, although nothing with this plugin ever seems to be simple…
1.) Output a dedicated registration, login and forgotten password form in the header of every wordpress page. You can do this using a widget if you have the functionality, or, if like me, you prefer working with the code directly, do a “do_shortcode(‘[userpro template=register type=front-page-login]’); call in the header of WP.
2.) Wrap each form in a different wrapper eg: “instant-reg-wrapper” and make it display:none;
3.) Set the wrapper to a solid background color, width: 100%, height: 100%, position: fixed, top:0, left:0; so that we get a nice background pop up.
4.) Make each form a set width and position it in the middle. Mine is 300px wide, position: fixed, left: 30%, top: 25%.
3.) Write some jQuery that activates the desired wrapper being displayed when your button is pressed. For example:
$(“a.instant-registration”).click(function () {
$(“.instant-reg-wrapper”).fadeIn();
}4.) Repeat for each window.
—
For the pros; I’ve added extra buttons to each of the forms, restyled it in CSS to make it minimal (yes, it is BUTT UGLY out of the box) and then underneath each shortcode, added in buttons for the various other forms. For example, in my registration form, I’ve added a title: “Already a Member?” and then a “Click here to login” button which calls the login window as it has the “instant-login” class on it.
You will of course need to fade out every other window (registration and forgotten password, in this case) and then fade in the desired window.
Eg: my login window code looks like this:
$(“a.instant-login”).click(function () {
$(“.instant-reg-wrapper”).fadeOut();
$(“.instant-pass-wrapper”).fadeOut();
$(“.instant-log-wrapper”).fadeIn();
}Bonus points if you add some FontAwesome rotating fonts on submit, fade everything out and make it clear what the error message is for the user. You’ll have to make some changes to core plugin files, which is an issue with updates coming out for bug fixes and features every week.
If you just stick with the simple JS route of hooking into a new class on every button then you don’t need to over-write anything within the code.
But the result?
No more 4 second delay; no more horrible AJAX behaviour which is worse out of the box than a typical page refresh.Yes, there is some re-writing of code, a lot of bullshit CSS clauses to over-write all the horribly designed !important tags that have been used; and a little out of the box thinking because any code customization that goes on is almost impossible with this lovely spaghetti code.
And to think I thought I would be saving time with this purchase…
—
I’m hoping that the author is reading this, as this is the second time I’ve put together some basic code to fix some glaring issue in this plugin.
Having your users wait a year for something that should be VERY BASIC USABILITY on something that has netted you over $250k in sales is not something that should happen.
This is where you get competitors come in, fix up your holes, and take your market share (what a great idea…)
—
Here is my code:
Header.php (for WP):
Encoding on this form is stuffed up (why are you converting my characters in a code quote to unicode?!)!–Begin instant-load ajax registration form–>
<div class=”ajax-grey-wrapper”></div>
<div class=”frontpage-lp-registration-wrapper userpro-registration-wrapper sidebar-register instant-ajax”>
<div class=”exit-wrapper”>
<i class=”fa fa-times-circle fa-2x”></i>
</div>
<div class=”logo-wrapper”>
</div>
<p class=”lp-sub-cta” style=”background-color: #524f4f; margin-top: 10px; margin-bottom: 20px; font-size: 20px;”>Enter your email and get access to the Academy’s exclusive premium content:</p><?php echo do_shortcode(‘[userpro template=register type=front-page-login register_redirect=”http://www.ozirig.com/academy”%5D’); ?>
<p class=”lp-sub-cta” style=”background-color: #524f4f; margin-top: 10px; margin-bottom: 10px; font-size: 20px;”>Already a member?</p>
Login
</div>—
Here is the JS:
//Make the login, register and forgotten password forms look sexy:
$(‘.sidebar-start-cta’).click(function() {
$(‘.ajax-grey-wrapper’).fadeIn();
$(‘.instant-ajax’).delay(200).fadeIn();
});//Make the windows close when the exit button is pushed:
$(‘div.exit-wrapper i.fa-times-circle’).click(function() {$(‘.instant-ajax’).fadeOut();
$(‘.ajax-grey-wrapper’).fadeOut();
});//Make the windows close when the gray cover is clicked:
$(‘.ajax-grey-wrapper’).click(function() {
$(‘.instant-ajax’).fadeOut();
$(‘.ajax-grey-wrapper’).fadeOut();
});—
Here is the CSS:
PHP1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556div.register-loading {display: none;color: #fff;position: relative;left: 40%;top: 0;}div.instant-ajax {position: fixed;top: 20%;left: 40%;width: 320px;background-color: #524f4f;z-index: 1200;display: none;}div.ajax-grey-wrapper {background-color:#524f4f;display: none;position: fixed;top: 0;left: 0;width: 100%;height: 100%;z-index: 1100;}div.instant-ajax div.userpro {margin-bottom: 0;}div.instant-ajax div.userpro-body {padding-bottom: 0 !important;}div.exit-wrapper i.fa-times-circle {right: 0;color: #fff;cursor: pointer;position: absolute;top: 0;}div.exit-wrapper i.fa-times-circle:hover {color: #e86a0a;}div.instant-ajax div.userpro-submit input[type=submit].userpro-button{background-color: #e86a0a !important;}div.instant-ajax div.userpro-submit input[type=submit].userpro-button:hover {background-color: #d76c1b !important;}—
Here is a photo of the result:
in reply to: Delay when launching modal windowNo problem, I’ll shoot through a copy of the email shortly once I clean up the code and do some security fixes. I’ve just noticed that there seems to be no validation of the data sent back via Facebook, which means it can be hijacked via Javascript and have stuff inserted into the user data which shouldn’t be inserted.
I will also do a pastebin link so that everyone else can read a copy of the changes without having to ask for an email.
—
For the developer, the issue here relates to the extract() function you have used on line 764 of ajax.php (userpro/functions/ajax.php).
As the documentation for this function explicitly states, this should NOT BE USED ON NON-TRUSTED INFORMATION (anything that is NOT generated server-side):
http://php.net/manual/en/function.extract.php
Because AJAX calls are inherently unsafe, you should NOT be using extract on a POST. This is because the javascript that you have sends this data: data: “action=userpro_fbconnect&id=”+response.id” etc.
You haven’t encoded it with a secret key or anything to check the data and the only checks that you’ve done regarding validity are: if (isset($id) && $id != ” && $id != ‘undefined’).
That is, if the id is set, it is not null and it is not undefined, then use it in the rest of the function.
All I need to do now is to send some fake data to the ajax url (which is posted in the source code of every page) and I can automatically create fake user accounts until the cows come home. The only thing stopping me here is that you’ve included the fact that each account needs to be verified by the admin.
I will have a look into the proper validations that need to be done and then post them here later, but this is something that I recommend you get on and fix ASAP.
in reply to: Facebook login issue using email as usernameSo I just found this topic via Google. A little let down to see that it never got properly answered.
If you ask me, this is not only a huge security flaw (spam, list stealing etc) it’s also absolutely horrible user experience.
Of course the entire fault lies with the plugin, and it is easily fixed by looking at the “userpro_fbconnect” function of ajax.php (userpro/functions/ajax.php) around about line 763 where you see it says the if the username has not been provided, then the username is equal to the email address.
This is a strange way to do it, because it seems to pull up SOME sort of name, as my test profile had a name attached to it.
I would suggest adding an “if” statement here to see if the call includes a username, and if not, auto-generate a name using the first-half of the email address (minus the @whatever.com) or by taking the name and appending a random number at the end of it.
Some test code would look like (by the way, you have dark text on bright blue buttons in your forum.. I love your work but usability is obviously not your strong suit):
PHP1234extract($_POST);if (!isset($username) || $username == '' || $username == 'undefined') {$username = $email;}Becomes:
PHP123456extract($_POST);if (!isset($username) || $username == '' || $username == 'undefined') {$generatedUsername = explode("@", $email);$username = $generatedUsername[0];}This will turn an email like “[email protected]” into the username “johnny.jefferson”.
You may want to add some sort of random number at the end of it so that you avoid duplicates, although I’m not sure if this is gonna be good or not.
—
The other alternative is to do what the author should’ve done from the beginning and set the username based on the facebook UID, which is a unique identifier perfect for this type of situation. In this case, you would change several more parts of the code, first deleting the earlier lines of 761 where the username is defaulted to the email, then adding this change to the line starting within the loop of the “check if facebook uid exists”:
PHP12if (isset($id) && $id != '' && $id != 'undefined'){$username = $id;Save the file, copy it and over-write it and you’re done.
Best case, of course, would be if you could replace the original files in a child plugin or whatever so that next updates don’t break the change.
—
BTW it looks like this forums is practically broken; the code fragments won’t paste without converting to unicode. Good luck with that; you’ll need to try and find the parts of the code that I’ve pasted or work from the line numbers. I hope this gets fixed soon. But again, typical of the type of stuff in the plugin; powerful customization but lacks the most basic stuff.
in reply to: Facebook login issue using email as username