Some bug reports, comments, feedback to the developer

First, this plugin has massive potential, so don’t take any of this post as a personal criticism in any way. There are several plugins offering similar functionality, each with their own issues, and I would really like to see this one become the universal choice. I also believe the HybridAuth project is great.

At the moment, I think the plugin developer could be underestimating the value of offering a rock-solid, well-written plugin that does what it says on the tin with a minimum of fuss. I appreciate that adding new features is more fun than fixing bugs, but then if you don’t offer timely fixes, users will look elsewhere. So to this effect, I have written the following suggestions which include several bug reports and the odd fix. If the code was a bit cleaner to start with, I would be much more inclined to trace down the causes of more bugs.

(1) Fix functionality: Icon set selection

Changing the icon set for the widget does absolutely nothing. Looking into the code it was obvious why. In the function wsl_render_login_form you need to insert:

$social_icon_set = get_option( 'wsl_settings_social_icon_set' );

somewhere before:

if( empty( $social_icon_set ) ){
	$social_icon_set = "wpzoom/";
}
else{
	$social_icon_set .= "/";
}

Otherwise $social_icon_set is always empty and the option has no effect. It looks like a similar problem will occur in wsl_render_login_form_admin_head_user_profile_generate_html. I don’t think such an obvious bug should ever have made it into a release, and to make that worse, it was reported by a user for the previous release here. The developer response to that was not exactly encouraging. With this working, it would become much more useful if you could add your own icon sets, as well as selecting from the two provided.

(2) Fix functionality: Disabled component handling

If the optional components are disabled, it would be much better not to include non-funcional links to “WSL user profile | WSL user contact” in the comments list (e.g. wp-admin/edit-comments.php). This is especially bad for editors who don’t have permission to view these pages in any case, but are still shown the links. Similarly, in the users list (e.g. wp-admin/users.php), it would be better not to include the column ‘WP Social Login’ with non-functional links to “Profile | Contacts”

(3) Fix functionality: Widget for comments

WSL hooks into ‘comment_form_top’ to render its widget if it is enabled for comments. However, as far as I can see it makes much more sense to hook into ‘comment_form_must_log_in_after’ and that is what I have done in my theme as a workaround.

For the default Twenty Twelve theme and any others I have tried, ‘comment_form_top’ only gets called if the full comment form is being rendered, whereas the social widget is only rendered if the user is not logged in. So the widget will only appear for comments in the scenario you are least likely to want it – i.e. you have enabled anonymous comments.

(4) Clean up the code: Use WP options mechanism as specified by plugin guidelines

Each setting for this plugin is stored as a single entry in the wp_options table. There are about 130 such entries for this plugin in my table. The codex recommends using as few entries as possible (see https://codex.wordpress.org/Writing_a_Plugin#WordPress_Options_Mechanism). A lot of plugins use just one because WordPress takes care of serialisation, so there is no extra effort involved in storing them all together. I appreciate that the complexity of WSL may warrant more than a single option group, but the current approach is sloppy and made worse by the following point.

(5) Clean up the code: Add uninstall function

The absence of an uninstall hook means the plugin leaves behind a mess if removed.

(6) Clean up the code: Fix PHP warnings

A well written plugin should not emit multiple PHP warnings if they have been enabled (i.e. on a development server). The plugin developer should use these warnings to find and fix potential problems. Here are a few I frequently see with this plugin:

Notice: Undefined offset: 0 in wp-content/plugins/wordpress-social-login/includes/services/wsl.user.data.php on line 218
Notice: Trying to get property of non-object in wp-content/plugins/wordpress-social-login/includes/services/wsl.user.data.php on line 218
NOTICE: wp-content/plugins/wordpress-social-login/includes/settings/wsl.initialization.php:191 – Undefined index: require_client_id

(7) Clean up the code: Error messages

I think anyone who has browsed through the code of this plugin would be very reluctant to recommend using it on a production site. If anything goes wrong, users of your site might be greeted with an error messages like: “Error: Another plugin seems to be using HybridAuth Library and made WordPress Social Login unusable. We recommand to find this plugin and to kill it with fire!”. This is hardly professional. Regarding that particular message: it would actually be great to be share HybridAuth among plugins. Developers might then specify a different login scope for WSL to apply so that another plugin could then do things like post to a users social network.

Thanks for reading,
Matt

http://wordpress.org/extend/plugins/wordpress-social-login/