Working with other plugins – The right way to customize

Check out the finished plugin for this tut. It’s very common for developers to customize and extend existing plugins to fit their own needs, which is one of the great advantages of using open-source software. They often do it by making their changes directly to the plugin, though, which creates a security vulnerability and becomes a maintenance hassle.

If you hack a plugin to make your changes, then you create a situation where, in order to upgrade, you have to go through an annoying process of manually diff’ing your version against the canonical one and then syncing them up in both directions. You could make it a little easier by using version control to create a patch against the canonical source, and then refresh it every time an update is released, but it’s still a pain, and developers rarely go to the trouble of doing that, so they miss out on security patches and new features.

Collaborate With the Developer

Before you try anything else, the first thing to do is to send a message to the developer of the plugin and let them know what kinds of changes you need, and offer to work with them to build them into the core plugin. If they’re open to it, then you can send them a patch with your changes. The great thing about this method is that everyone who uses the plugin will benefit from your work, and you will have contributed something back to the developer whose work you’ve already benefited from. Plus it’s great for your resume’!

The developer may not like the idea, though, or it may not line up with their vision for the plugin, so that won’t always work. But, there are still plenty of options, though.

Extend Without Modifying

The easiest situation is when you just want to add some new functionality to their plugin, but you don’t need to remove or modify anything that the plugin does. In this case, you can simply write a separate plugin that runs alongside the plugin you’re customizing. Thats what we are going to do.

For the purposes of the tutorial, we are going to alter (clean) some variables that will be used later by another plugin Theme My Login. I put together a plugin to work alongside Theme My Login that would allow users to login using email address as their login name. Some of my users have email addresses that contain an apostrophe (connan.o’brian@wpsnipp.it). This is where I was experiencing issues. The login process works flawlessly while the lost password link throws an error no matter which email address was inputted. I figured out that the username box on the login page was adding a forward slash character directly before the apostrophe then sending it off to Theme My Login.

When a user tries to access any page inside the WordPress admin, or clicks on a Log in link, he/she is sent to wp-login.php. If you look at the code inside wp-login.php, you will notice that right before the actual login functionality begins, two actions are fired: login_init and login_form_{action} where {action} is the name of an action being executed (for example login, postpass, or logout).

The lost password issue can be handled by hooking into the login_init action, parsing the $_POST  variable for the appropriate values, and taking over the handling of login form inputs where required. Just by hooking our action to login_init, we can target $_POST precisely to the moment a user clicks the submit button. When Theme My Login gets the $_POST variable, its clean and ready to be used.

/**
 * First hook into login_init with a priority of 1
 * this ensures our function runs first.
 */
 add_action( 'login_init', 'wpsnippit_clean_user_input', 1);
 
/**
 * Sanitize email input on login page.
 *
 * @since 1.0
 */
function wpsnippit_clean_user_input() {
	if(isset($_POST['user_login'])) {
		//clean inputted email and reset $_POST to new value
		$_POST['user_login'] = sanitize_email($_POST['user_login']);
	}
}

Download your copy of the login with email plugin.

«