Init User Engine – Gamified, Fast, Frontend-First

Init User Engine is a lightweight, no-bloat user system for modern WordPress sites. It's designed for maximum frontend flexibility and gamified user engagement. All dynamic interfaces are rendered via JavaScript with real-time REST API interaction. No jQuery. Minimal settings. Smart by default. What you get:

• Display user avatar and dashboard via shortcode
• Show level, EXP, coin/cash, and full user wallet
• Let users check-in daily and receive timed rewards
• Auto-track referral registrations with reward system
• Allow users to buy VIP status using in-site currency
• Built-in inbox for notifications (uses custom DB table)
• Custom avatar support with upload & preview modal
• Send custom notifications to selected users or all members from wp-admin

This plugin is the core user system behind the Init Plugin Suite – optimized for frontend-first interaction, extensibility, and real-time gamification. GitHub repository: https://github.com/brokensmile2103/init-user-engine

1.2.7 – October 8, 2025

• Added Inbox Cleanup Tool directly in the Inbox Statistics admin page:
• Introduced new “Cleanup Inbox by Type” block under the Refresh Data section.
• Allows administrators to permanently delete all inbox messages of a selected type.
• Automatically lists all existing message types for quick selection.
• Includes nonce verification, capability checks, and confirmation prompt for safety.
• Displays success or error notice with deleted message count after operation.
• Enhanced date range filter security:
• Added nonce field and verification for the “Date Range” dropdown form.
• Removed WPCS NonceVerification.Recommended warnings on GET processing.
• Improved overall PHPCS compliance for the statistics module:
• Explicitly documented safe cases for display-only notices.
• Limited PHPCS ignores to justified database queries only.
• Fully backward compatible with existing inbox data and analytics logic.
• No database schema changes or new dependencies introduced.

1.2.6 – October 5, 2025

• Enhanced Admin User Metabox for better visibility of user activity and communication:
• Added Recent Transactions section under VIP Details showing up to 100 latest Coin/Cash logs with type, amount, source, and timestamp
• Added Recent Inbox section under Inbox (User) listing up to 100 latest messages with type, status, title, and time
• Both sections feature compact scrollable layouts with limited height for clean, admin-friendly viewing
• Fully backward compatible:
• No database or meta structure changes
• Automatically uses existing transaction and inbox data
• Lightweight rendering ensures stable performance even with large user histories

1.2.5 – October 4, 2025

• Refined dashboard menu CSS for better scalability with multiple grouped items:
• Added .multi-menu style to support grouped links (e.g., Sticker Store, Frame Store, Effects)
• Adjusted padding, spacing, and hover states to keep grouped items compact but consistent with main menu
• Improved dark mode support for multi-menu background/hover states
• Optimized avatar frame overlay CSS:
• Prevented hover scaling on frame elements while keeping core avatar hover intact
• Ensured frame overlay maintains alignment across various container contexts
• Minor visual polish:
• Standardized border-radius and spacing for consistency across badges, dots, and menu links
• Unified hover background opacity values in both light and dark modes

1.2.4 – October 4, 2025

• Added full integration with Cloudflare Turnstile for spam-proof registration:
• Admin settings now support entering Turnstile Site Key and Secret Key
• If both keys are set, registration form automatically shows Turnstile widget instead of legacy math captcha
• Fallback to legacy captcha only when Turnstile keys are missing
• If CAPTCHA is disabled entirely, registration form shows no challenge at all
• Updated registration endpoint (/register) to:
• Verify Turnstile tokens server-side with Cloudflare API
• Gracefully fallback to math captcha validation if Turnstile is not configured
• Return structured WP_Error codes: turnstile_required, turnstile_invalid, captcha_wrong, etc.
• Retain honeypot detection and IP-based rate limiting (max 5 attempts/hour)
• Enhanced guest.js:
• Unified client-side flow for both Turnstile and legacy captcha
• Implemented late initialization (Turnstile widget loads only when Register tab is shown) to reduce page weight
• Reset Turnstile widget after each failed or successful attempt to avoid stale tokens
• Clear, translated error messages for Turnstile failures (expired, timeout, missing token, etc.)
• Security hardened:
• Prevented bypass when captcha/Turnstile token missing
• Verified tokens are one-time-use per attempt
• Ensured consistent block on invalid, expired, or reused tokens

1.2.3 – October 3, 2025

• Refactored all EXP + Coin award logic to use unified, extensible filters:
• init_plugin_suite_user_engine_publish_post_rewards
• init_plugin_suite_user_engine_user_register_rewards
• init_plugin_suite_user_engine_update_profile_rewards
• init_plugin_suite_user_engine_daily_login_rewards
• init_plugin_suite_user_engine_woo_order_rewards
• Each filter now returns both exp and coin values in a single array for easier customization
• Preserved default reward amounts (e.g. 20 EXP + 5 Coin for publish, 50 EXP + 20 Coin for register, etc.)
• Added support for WooCommerce dynamic rewards calculation based on order total, with filter override
• Ensured backward compatibility with existing init_plugin_suite_user_engine_add_exp and init_plugin_suite_user_engine_add_coin actions
• Updated inbox notification content strings to use filtered values dynamically
• All new filters fully localized and translation-ready with proper translators: comments
• Synced Daily Tasks REST API with plugin settings:
• checkin_coin setting now drives "Check in today" reward
• online_coin setting now drives "Stay active today" reward
• Prevented hardcoded reward mismatch between API output and actual check-in/claim logic

1.2.2 – October 3, 2025

• Added new Comment Reward options in plugin settings:
• EXP per comment (default 10)
• Coin per comment (default 2)
• Daily comment cap (default 0 = unlimited, reset anchored to daily check-in)
• Implemented counter reset tied to iue_checkin_last meta to ensure daily limits reset only after user check-in
• Prevented reward farming by enforcing strict per-day cap logic
• Localized all new strings with msgid/msgstr entries for full translation support
• Preserved backward compatibility with existing EXP and Coin award actions

1.2.1 – September 28, 2025

• Refactored avatar override to hook into pre_get_avatar_data with very high priority, ensuring IUE avatar takes precedence over third-party filters such as Nextend Social Login
• Retained lightweight get_avatar_url shim for backward compatibility with direct URL calls
• Added safe fallbacks: defer to WordPress/Nextend when no IUE avatar is present; if Gravatar is disabled, serve bundled SVG as default
• Improved cache behavior so avatar changes propagate more consistently with CDN/page cache purges
• Fixed WPCS issues in admin_post_iue_remove_vip:
• Properly unslashed and sanitized all $_GET inputs before verification
• Strengthened nonce handling with a dedicated notice nonce for admin notices
• Escaped all dynamic output at the point of rendering to resolve OutputNotEscaped errors
• Sanitized query arguments on redirects; left targeted PHPCS ignores only for raw SQL queries with clear justification
• No breaking changes: all actions, filters, and helper functions remain unchanged for seamless drop-in update

1.2.0 – September 28, 2025

• Added ability to revoke VIP membership directly from the Admin User Metabox
• Implemented automatic inbox notification to inform users when their VIP status is removed
• Ensured safe validation to guarantee VIP is removed from the correct user only
• Added new option in plugin settings to completely disable CAPTCHA on registration
• Updated registration form JS to auto-detect and skip CAPTCHA field when disabled
• Enhanced REST API /register to conditionally bypass CAPTCHA validation based on settings
• Expanded CAPTCHA trivia pool with fresh, unambiguous fact-based questions (e.g., sides of a square, letters in the English alphabet, spider legs, etc.)
• Fully localized all new CAPTCHA questions with ready-made msgid/msgstr entries
• Improved validation and UI consistency by showing clearer error messages and reset flow
• Ensured no debatable or ambiguous questions remain in the trivia pool for maximum reliability

1.1.9 – September 17, 2025

• Added extensible filter to inject custom KPIs after Cash in the Admin User metabox
• Introduced helper function to normalize extra KPI items and ensure safe output
• Provided theme example to display "Power Stone" metric with i18n and WPCS compliance

1.1.8 – September 17, 2025

• Added admin user metabox on profile/edit screens showing wallet, EXP, VIP, and inbox statistics
• Displayed Coin, Cash, Level, and EXP progress with dynamic progress bar
• Integrated VIP information including total purchases, expiry date, lifetime detection, and coin spent
• Implemented inbox quick stats with total, unread, last 7 days, and last message timestamp
• Linked inbox statistics directly to full analytics page for quick navigation
• Included helper functions with safe fallbacks for coin, cash, VIP, and inbox stats to ensure robustness
• Fixed missing version parameter in wp_register_style() to comply with WordPress coding standards
• Enhanced inline admin CSS with proper versioning using INIT_PLUGIN_SUITE_IUE_VERSION

1.1.7 – August 30, 2025

• Refactored Admin Top-up tool to support both addition (positive) and deduction (negative) amounts
• Bypassed VIP/bonus multipliers during manual top-ups to ensure exact applied value
• Implemented raw balance adjustments with automatic clamping to prevent negative wallet values
• Updated inbox notifications to reflect both top-up and deduction actions consistently
• Enhanced transaction logging with accurate applied amounts and proper change type (add/deduct)
• Added translators: comments for all sprintf() translation strings in Top-up tool to meet WPCS i18n standards
• Improved admin UI with description note: positive values add funds, negative values deduct funds

1.1.6 – August 23, 2025

• Enhanced database initialization system with admin_init hook for improved reliability
• Added administrator privilege verification to ensure secure table creation and maintenance
• Implemented comprehensive table existence checking to prevent database inconsistencies
• Improved multisite compatibility with automatic table creation for new blog instances
• Added PHPCS compliance annotations to suppress unnecessary warnings for database operations
• Strengthened plugin activation process with fail-safe table creation mechanisms

1.1.5 – August 22, 2025

• Fixed timezone consistency issues in transient cleanup cron scheduler
• Corrected inbox statistics queries to properly handle WordPress timezone settings
• Enhanced date range filtering accuracy for inbox analytics and daily activity charts
• Improved scheduled cleanup reliability by using WordPress timezone-aware functions
• Fixed statistical calculations that were affected by UTC vs local time discrepancies
• Updated cron frequency from hourly to twice-daily for optimal performance balance

1.1.4 – August 22, 2025

• Optimized captcha loading system with lazy initialization to reduce unnecessary API calls
• Implemented smart captcha management that only loads when users access the registration form
• Fixed memory leaks in JavaScript interval handlers with proper cleanup on modal close
• Enhanced registration flow by preserving captcha on successful submissions instead of unnecessary reloads
• Improved performance by eliminating background captcha generation for inactive registration forms
• Reduced server load and database transient accumulation through intelligent captcha lifecycle management

1.1.3 – August 22, 2025

• Added automated hourly cleanup system for expired transient data
• Implemented scheduled cron job to remove outdated captcha and rate limiting transients
• Enhanced database performance by preventing transient accumulation and orphaned records
• Improved system stability through regular cleanup of temporary data without manual intervention
• Added proper cleanup on plugin deactivation to maintain database integrity
• Optimized memory usage by eliminating stale transient entries that could impact site performance

1.1.2 – August 19, 2025

• Added automated weekly cleanup system for orphaned inbox messages
• Implemented silent background maintenance to remove inbox entries from deleted user accounts
• Enhanced database integrity by automatically clearing orphaned data without logging or notifications
• Improved system performance through regular cleanup of stale inbox records

1.1.1 – August 18, 2025

• Added full Inbox Statistics admin page with detailed analytics and charts
• Implemented date range filter (7d, 30d, 90d, all-time) for customizable reporting
• Built overview grid showing total, unread, daily, and recipient counts
• Introduced advanced breakdowns: message types, priority levels, and engagement analytics
• Added daily activity chart, top recipients leaderboard, and recent activity summary
• Implemented refresh button with last updated timestamp for real-time insights
• Added simplified dashboard widget showing key inbox metrics with quick action links

1.1.0 – August 14, 2025

• Reorganized and consolidated all CSS files into a single minified stylesheet for improved performance
• Combined all JavaScript files into one unified script file to reduce HTTP requests
• Optimized asset loading by eliminating multiple file dependencies
• Improved page load times through streamlined resource management
• Enhanced maintainability with centralized CSS and JS architecture
• Reduced bandwidth usage and improved caching efficiency for better user experience

1.0.9 – August 3, 2025

• Added extensible filter system to init_plugin_suite_user_engine_format_log_message() function
• Introduced init_user_engine_format_log_message filter hook for customizing transaction log messages
• Enhanced log message formatting with access to full entry data, source, type, and amount parameters
• Improved code maintainability by allowing themes and plugins to extend log message display

1.0.8 – July 31, 2025

• Completely rewrote check-in countdown logic to only count when tab is active
• Changed from timestamp-based calculation to real-time remaining seconds storage
• Fixed critical bug where countdown continued running in background when tab was hidden
• Added proper tab visibility detection to pause/resume countdown accurately
• Implemented daily reset mechanism that clears old countdown data on new day
• Fixed auto-reward claiming issue that occurred after long periods of inactivity
• Added proper state persistence when switching tabs or closing browser
• Countdown now properly resumes from exact remaining time when returning to tab
• Improved localStorage management with separate keys for remaining time and date tracking
• Enhanced countdown reliability by saving state on every second tick
• Fixed memory leaks by properly clearing intervals and event listeners

1.0.7 – July 31, 2025

• Refactored daily check-in JavaScript: clearer logic, safer countdown handling, and accurate reward claiming
• Removed redundant localStorage key (REMAINING_KEY), simplified timing logic using only startTime
• Fixed countdown bug when tab visibility changes by pausing updates and preventing memory leaks
• Handled auto-claim reward when returning after countdown has finished
• Prevented duplicate intervals by clearing previous setInterval before starting new one
• Fixed bug where disabled check-in button never re-enabled on error
• Rewrote /daily-tasks REST API to prevent fatal errors caused by invalid log entries
• Replaced unsafe closures in task check callbacks with static callbacks (__return_true)
• Added fallback and error logging in call_user_func for task completion checks
• Filtered and validated log entries before accessing offsets to avoid runtime crashes

1.0.6 – July 28, 2025

• Added Daily Task modal with REST API support
• Built daily tasks for check-in, online activity, and other actions based on real user logs
• Rewards now dynamically reflect actual amount and type (coin/cash) from transaction data
• Tasks only appear if completed, ensuring a clean and relevant UI
• Supported extensible task system via init_plugin_suite_user_engine_daily_tasks filter
• Added translators: comments for all sprintf() translation strings in CAPTCHA module
• Minor refinements to i18n strings for better clarity and consistency

1.0.5 – July 23, 2025

• Emergency fix for PHP 7.4 compatibility (replaced match expressions and array unpacking)
• Standardized all translation strings for full i18n compliance

1.0.4 – July 23, 2025

• Upgraded CAPTCHA system with better validation and answer protection
• Introduced three CAPTCHA modes: math symbols, natural language, and mixed trivia
• Added smart attempt tracking with auto-refresh after too many failures
• Improved token generation using user agent, IP, and timestamp for enhanced uniqueness
• Increased CAPTCHA expiration time to 15 minutes
• Fully localized all new CAPTCHA questions and error messages

1.0.3 – July 22, 2025

• Secured the /register endpoint against spam and abuse
• Added custom CAPTCHA system with randomized math questions (e.g. "6 + 3", "What is 5 times 2?")
• Implemented honeypot hidden field to block bot-based submissions
• Stored CAPTCHA answer via transient using IP + token with 10-minute expiration
• All CAPTCHA questions are fully translatable using standard i18n functions
• Minor code cleanup and improved form reliability

1.0.2 – July 21, 2025

• Added Edit Profile modal with support for display name, bio, password, social links, website, and gender
• Built REST API endpoints for fetching and updating user profile
• Created Admin Top-up tool for Coins and Cash
• Supports selecting specific users or sending to all members
• Logs transaction and sends inbox notification upon top-up

1.0.1 – July 8, 2025

• Added full registration module for guest users
• Toggle login/register forms with animated UI
• Added password visibility toggle using SVG icons
• Built REST API endpoint /register for user signup
• Implemented client-side validation with i18n support
• Improved i18n messages for all form interactions
• Automatically updates modal header when switching forms

1.0.0 – June 23, 2025

• Initial release
• Shortcode [init_user_engine] for frontend avatar + dashboard
• EXP system with level-up bonus and milestone logic
• Coin & cash wallet with transaction log
• Daily check-in with online timer reward
• REST API for EXP, coin, inbox, VIP, referral
• Inbox system with pagination and actions
• VIP purchase system via coin
• Referral system using cookie-based signup tracking
• Avatar module with upload/remove and REST API support