Brass Blogs: Web Design & Development

So, the little tidbit (or intro post – whatever you want to call it) in making Membership sites that I posted a little bit ago was apparently a “tantalizer.” People are wanting to know more… more “meat” I guess you could say. It’s funny, so far, this year “membership” sites, or “restricted access” sites are pretty much all I’ve done this year (and the end of last) so I’m getting more and more into it.

Now, I haven’t used a lot of stuff when it comes to doing the whole registration process – which is a big thing for membership sites of any kind. I know how to create my own forms – and I did, for a loooooong time, because I couldn’t find a form plugin that I liked well enough (because – as always – I was restricted to what the plugin author thought I should have it as, instead of what I wanted). So I can say that you can create a custom registration form script for your WordPress site from scratch. But it’s NOT EASY. In fact, it tends to lean to the “migraine inducing nightmare” end of things. This is why, aside form my own custom code, I’ve switched to Gravity Forms.

Now, please understand, I’m not an affiliate in any way shape or form of the plugin. I just love it. Love to use it, so glad I found it, blah blah blah. I recommend it to everyone. It just makes life so much easier.

The problem with Gravity Forms is, if you want to use the Registration Add-On and/or the PayPal Add-On, you have to buy a developer’s license. And unless you’re a developer, well… that’s a nice chunk of change out of pocket. As a developer, it’s totally worth it. But if you’re interested in getting Gravity Forms for your one membership site (that you plan to handle on your own) it’s probably not an option for you.

Unfortunately, because these are the only two options I’ve used, I can’t really comment on other methods. I know there are plugins out there that will allow you to customize registration, and some that will allow users to register and be created (and wait for manual approval before gaining access), but I have no recommendations or opinions on those. I think it would be unfair of me to even try.

So the sad news is, this tutorial is a bit one-sided, since it’ll focus on the use of Gravity Forms. (I’ve actually rewritten this post 4 times already, because I seriously considered making it one to show you how to do it from scratch, but when I say it’s a headache to do it, I’m not kidding. If there’s enough interest, then I may show how it’s done in the future, but I’ll only do it if people really REALLY want to know.)

The problems.

There are several problems with Membership sites that people have trouble solving. in the registration process alone, there’s quite a few. So I’ll go over them quickly.

1. Creating an actual form that has a ton of info not natively handled by WordPress – how do you take the info from the form and save it to be handled later on?
2. What do you do when you want to have paid membership registrations?
3. If the form handles the info and creates a user, how do you prevent the user from gaining access before they’ve been approved?
4. Even if you can do the above, how do you prevent end users from bypassing your setup (i.e. manually typing in the wp-admin or wp-login URLs in the address bar and just clicking “lost password?” to issue themselves a password.)
5. In relation to the above, how do you “hide” the back-end from non-administrators?

So most of the issues above can be addressed by using Gravity Forms and the User Registration Add-On (and the PayPal Add-On, if you want paid memberships). But as I said before, you can handle the rest of the issues by combining this with the Theme My Login plugin. These are really the only two plugins you need. (Another plugin you might be interested in is User Messages – but I’ll cover that some other time.)

Gravity Forms
Now this is just a simple overview. I got all excited when I discovered exactly how awesome Gravity Forms is when it comes to customization – there’s so much stuff you can do with it. But this is just a quick overview of a Membership Registration process, so I don’t want to get too far off-tangent. I’ll cover the other goodies in another post some other time.

But Gravity Forms is dead-easy – it’s all drag-and-drop. Create your fields, build your form, and save it. Once you’ve saved your registration form, you want to navigate to “Forms > User Registration.” Then you “map” the fields you created in the form to WordPress’ default fields. Any extra fields you have (that WordPress doesn’t have natively) you simply create a custom field for it (give it a good name, with underscores and no spaces) and it’ll save them all as an array in the usermeta table, which you can pull out later with some custom WordPress functions.

You’ll also want to be sure you uncheck “Send Password to User” (in Gravity Forms – but you want your WordPress site settings at “anyone can register”) if you want to have admin approval for each person that registers – that’ll give you the option if setting the registration default to “pending.” This is important, because if you don’t do this, then the end user can bypass user approval by simply clicking “Lost Password?” and it’ll email one to them. Having the new registrant set as “pending” creates the user without giving them a password, and filling in the “Lost Password” field will result in nothing happening until you’ve actually approved the user. When you do that, you simply go to their profile page, change their user level, and supply a password. (With my clients, I simply have them do that, then email the end user that they’ve been approved, and pass them the link to the “Lost Password?” field so they can create a password themselves. I also find it very useful to add the Better WP Security plugin to sites, because this plugin can force the end user to create a strong password, instead of something lame and easy to hack.)

Using Theme My Login
I’ll tell you in another post how to use the registration information once you’ve got it – that dives into some other stuff. Since we’re focusing on the registration process itself, I’ll tell you how to set it up so you don’t get any weird users who have managed to bypass your pretty registration form.

The Theme My Login plugin does a great job of this (doesn’t cover 100% of the issues, but it sure does take care of about 99.9% of them!). When you install and activate the plugin, go to the settings and first, attack the modules. The ones I always use are: Enable Custom Redirection, Enable Security, Enable Themed Profiles, and Enable User Moderation.

The Redirection part is what’s really nice. You can go through each user level, and set what you want to have happen when the end user logs in and logs out. I leave “Administrator” at “default”, which means when they log in, they’re taken directly to the dashboard in the back-end, and when they log out, they’re taken to the “log in” page.

For all other levels, I set them to the same thing for both log in and log out: “referer”. This way, no matter what page they are at when they decide to log in (or log out) the site will return them to that page once they’ve performed the desired action. I had one client that liked the end user to be returned to the home page when they logged out, so that’s an option as well – just put the URL you want them redirected to in the input box (the last choice).

Security doesn’t really have much to do with registration, other than locking someone out when they’ve tried to bully themselves in. If you have Better WP Security installed and activated, you really don’t need this, but the option is nice.

Moderation is just another level of making sure that the end user does NOT get a password (and therefore access) until you, the administrator, has approved the user.

Themed Profiles is nice, as well – because it allows the (approved) end user to go in and edit their profile without ever seeing the back end of WordPress. Since the “member” is usually a subscriber, there’s really no need for them to ever have access to the back-end anyway, so it’s a really nice touch.

This plugin also allows you to edit the template files for it easily: simply find the template file you want to edit, copy it, and save it (with the same name) in your own theme. The plugin will look for the template in your theme first, and revert to the plugin default if one isn’t found – which is very similar to how WordPress theme files work.

I tend to open up the login-form.php, lostpassword-form.php and profile-form.php files and do my magic there. I will change the “Register” link to point to the Gravity Forms registration page I created (so any time anyone clicks “register” it’ll take them to the proper registration form – if you don’t change it here, it’ll take you to the WordPress default registration page, and we don’t want that!)

Theme My Login does a terrific job of redirecting anyone who wants to log in to the proper non-WP back end page, but those little links in the bottom WILL take you to the default WP area unless you change that “register” link to point to your Gravity Forms registration page. But the plugin still will not stop people from manually typing in the address and accessing it. To stop it, all you need to do is add this teensy code snippet to your functions.php file:

1
2
3
4
5
6
7
8
9
10

add_action('init','possibly_redirect');

function possibly_redirect() {
 $thispage = $_SERVER['REQUEST_URI']; 
 $register = site_url('/register');
 if(strpos($thispage, 'action=register') !== FALSE) {
  wp_redirect($register);
  exit();
 }
}

What this does is look for “action=register” in the URL (because you can pretty much take ANY url in the WordPress site, add “action=register” to it, and it’ll take you to the registration page) and if it’s found in the manually-typed URL, it’ll redirect the end user to the page set for $register.

Problem solved.

You’ve now set up your custom registration form, for manual admin approval, and kept the bad guys from getting in when they should not.

Paid Memberships
So the only question left to solve is “what about paid memberships?” The answer is, again, Gravity Forms, using the PayPal Add-On. However, there’s something a little more important than just “how to”… it’s “what’s your process?”

Now, one client I did this for had a process for paid memberships that I didn’t like – but that’s just me. I tend to think about the end user experience a lot. What they did was have the end user fill out a form, and it would redirect them to PayPal, where they would pay for their membership, and then wait to hear if they were approved. I thought that was a weird process – because what if they weren’t? What if the approval was rejected? They’d have to wait for a refund, and then who eats the PayPal fees? It seemed lik a bad idea for the business to eat the fees – they get nothing out of it and are losing money, and it’s not fair for the end user to eat them, because they paid on good faith. (I found out later that if a refund is issued, there are no fees – but I didn’t know that at the time.)

But that was the process that worked for them, and apparently no one but me has complained yet! So definitely think about what your process for paid memberships will be. Do you want the end user to pay upon registration submission? If so, will they be given instant access? or will you want approval first? Will you issue a full refund if you reject them? Or, would you rather review the registration, and then send them an invoice at a later time to have them pay for their approved membership, and have the password stuff sent to them after they’ve paid?

It all makes a difference in how you set up the Add-On (or if you set it up at all! If you choose the last option, you probably don’t need it!)

So hopefully that helped a bit – giving more insight into the whole custom registration process. I’m sure – if you decide not to use Gravity Forms – that there are other registration options out there. Just, like I said, I’ve never used them, so I don’t think it’s fair for me to comment on them. But there’s a few tidbits up there that I think will be useful for any custom registration process.

Soon I’ll be posting some other goodies on the whole “Membership” process and some of the stuff I’ve worked on – and hopefully that will help, too!