Init User Engine – Gamified, Fast, Frontend-First

Changelog

1.4.0 – November 4, 2025

• Improved Admin User Overview security model
  • Any user can view their own overview (Coin, Cash, Level, VIP info, Inbox)
  • Action buttons (Remove VIP / Toggle Avatar Upload Ban / Inbox Statistics) are now restricted to administrators only
  • UI gracefully disables restricted actions for non-admin users instead of hiding them
• Added server-side permission guards for sensitive actions
  • iue_remove_vip and iue_toggle_avatar_ban now require manage_options
  • Requests are validated using capability check + nonce verification
  • Prevents URL/REST crafting or manual calls to admin-post endpoints
• Improved admin notices behavior
  • Success/error messages only appear for administrators
  • Notices limited to profile.php and user-edit.php screens
• Minor code cleanup and consistency improvements to maintainable structure

1.3.9 – November 3, 2025

• Added Password Visibility Toggle (Show/Hide Password) for Login & Register forms
  • Works regardless of password value (UX-friendly)
  • Uses built-in eye/eye-off SVG icons (no external assets)
  • Prevents modal from closing when clicking the eye icon
  • Zero markup changes — JavaScript enhancement only
• Improved modal behavior: eliminated early-return issue preventing scripts from running on pages without avatar/modal
• Internal code cleanup to ensure password toggle attaches even with lazy-loaded register form

1.3.8 – October 30, 2025

• Added option for VIPs to keep the original GIF avatar (no cropping)
• Non-GIF formats still follow standard cropping and resizing (50px / 80px)
• Added max upload size setting (avatar_max_upload_mb)
• Added admin warning: large GIFs may impact performance
• REST API now returns url_orig, url_80, and url_50
• Frontend now prioritizes avatar display: original → 80px → 50px
• Added filter init_plugin_suite_user_engine_should_keep_original to override logic

1.3.7 – October 29, 2025

• Added Redeem Code Module (Gift Code / Voucher System):
  • Admin can create redeem codes with 3 usage modes: single use (auto-disabled after first redemption), multi-use with configurable limit, and user-locked mode
  • Supports auto-generation of random codes when left blank
  • Added optional validity window (Valid from → Valid to) for time-limited campaigns
  • Displays usage count as used/max_uses and status badge (Active/Disabled)
• Added Automatic Reward Distribution:
  • Adds Coin/Cash to user balance with full transaction logging via init_plugin_suite_user_engine_log_transaction()
  • Sends inbox notification to redeemer confirming awarded rewards
  • Integrated with existing balance and transaction systems
• Enhanced Redemption Security:
  • Enforced one-time redemption per user even for multi-use codes
  • Uses metadata on code record to store user_id, username, display name, and redemption timestamp
  • Added database-level concurrency safety using START TRANSACTION and SELECT ... FOR UPDATE to prevent race conditions
  • Users attempting to redeem same code twice receive “You have already used this code” error
• Added REST Endpoint:
  • POST /redeem-code for logged-in users
  • Returns structured response: { success, message, coin, cash }
  • Automatically disables code when usage limit reached
• Improved Admin UI:
  • Integrated with existing user search UI (same as Inbox Tool & Top-Up Tool)
  • Supports selecting specific user for locked-code mode through live search
  • Maintains consistent layout and interaction patterns
• Database and Compatibility:
  • Metadata now stores redeemed users (JSON format)
  • ACID-protected redemption operations (atomic + thread-safe)
  • Fully backward compatible with existing Coin/Cash/VIP/Inbox systems
  • No breaking changes to existing APIs

1.3.6 – October 27, 2025

• Fixed Critical Display Name Sanitization Bug:
  • Resolved issue where update_profile endpoint removed all whitespace from display names (e.g., “Nguyễn Văn A” → “NguyễnVănA”)
  • Adjusted sanitization to preserve natural spacing while preventing XSS and invalid characters
• Improved Display Name Fallback Logic:
  • Enhanced empty-name handling to ensure proper fallback to nickname or username
  • Uses stricter validation for better reliability across multilingual inputs
• No database or schema changes. Backward compatible and safe for immediate deployment. Affected endpoint: init_plugin_suite_user_engine_api_update_profile()

1.3.5 – October 27, 2025

• Refined Submit Button UI (Login + Register):
  • Modern, minimal interaction with no glow or shadows
  • Subtle hover/active feedback using transform and filter (crisp, non-flashy)
  • Preserves theme colors: var(--iue-theme-color) → var(--iue-theme-active-color) gradient
  • Improved :focus-visible outline for accessibility with zero layout shift
  • Affected selectors: .iue-login-form input[type="submit"], .iue-login-form .login-submit input[type="submit"], .iue-register-form button.iue-submit
• No markup changes required. CSS-only update and backward compatible

1.3.4 – October 23, 2025

• Enhanced Captcha Security System:
  • Expanded captcha question bank with 40+ new math and logic-based variations
  • Introduced 4 smart captcha modes: symbolic math (+, −, ×), text-based math (e.g., “What is 5 plus 3?”), general knowledge numerics (e.g., “How many days in a week?”), and contextual variants (e.g., “Double 4 is?”, “Give the next even number after 7”)
  • Added internal hook init_user_engine_captcha_bank to allow external extensions to register new captcha questions
  • Localized all captcha questions and added full translator context for % placeholders
  • Ensured all captcha answers are numeric-only for maximum bot resistance
• Added Disable Captcha setting:
  • Allows disabling all captcha validations (including Turnstile) for testing environments
  • Includes strong “DANGER” warning and contextual description to prevent misuse
  • Automatically bypasses both frontend and backend captcha logic when enabled
• Added Disable New Registrations feature:
  • Completely blocks new user registrations across both REST API and WordPress forms
  • Integrates with registration endpoint for immediate early return
  • Prevents rendering of registration form on login/register templates when active
  • Designed for maintenance or private-access environments
• Improved Multi-Layer Bot Protection with combined honeypot, custom captcha, and Cloudflare Turnstile verification. Added global registration lockout switch and enhanced IP-based rate limiting

1.3.3 – October 23, 2025

• Enhanced Admin Notification Tool:
  • Fully synchronized recipient selection UI and backend logic with the Top-up Tool
  • Added unified recipient options: selected users (manual input with live search), active VIPs (fetched via init_plugin_suite_user_engine_get_active_vip_users( 'ids' )), and all members (retrieved using get_users( [ 'fields' => 'ID' ] ))
  • Replaced old “Send to all” checkbox with radio-based recipient selection for consistency
  • Integrated automatic user resolution for VIP group using same helper function as Top-up
  • Added bulk message delivery with chunked sending through init_user_engine_inbox_bulk_chunk_size filter (default: 500)
  • Retains full compatibility with existing inbox delivery logic, meta, and hooks
• Improved Admin UI Consistency:
  • Recipient selection block now mirrors the Top-up Tool layout and markup
  • “Select Users” interface unified for both tools (search, display, hidden ID handling)
  • Maintains identical sanitization, nonce verification, and capability checks
• No functional or database schema changes. Fully backward compatible with all prior notification and VIP systems

1.3.2 – October 18, 2025

• Added Avatar Upload Permission System:
  • Introduced new helper function init_plugin_suite_user_engine_can_upload_avatar( $user_id ) for unified permission checking
  • Supports multi-layer policy: global disable (disable_all), VIP-only mode (vip_only) using init_plugin_suite_user_engine_is_vip(), and per-user ban via iue_avatar_ban user meta
  • Fully integrated into REST endpoints upload_avatar and remove_avatar for backend-level enforcement
  • Automatically blocks upload and deletion attempts from banned or non-VIP users according to policy
• Enhanced Admin User Metabox:
  • Added “Ban Avatar Upload” / “Unban Avatar Upload” button next to “Remove VIP”
  • Toggles the iue_avatar_ban meta instantly via secure admin-post action
  • Includes full nonce verification, capability checks, redirect notices, and audit hook init_plugin_suite_user_engine_avatar_ban_toggled
  • Displays current avatar permission state (“Allowed” / “BANNED”) beside the button
• Improved Security and Consistency:
  • Backend guards prevent unauthorized file handling even if frontend modified
  • Added HTTP 403 and 423 codes for forbidden or locked states to ensure clear API responses
  • Unified wp_die() and WP_Error patterns across user-related endpoints

1.3.1 – October 17, 2025

• Enhanced Admin Top-up Tool:
  • Replaced old checkboxes with radio buttons for selecting recipients (Selected users / Active VIPs / All members)
  • Added automatic log display under the form showing up to 100 recent top-up entries
  • Logs include amount, type, recipient info (linked to user profile when applicable), and timestamp
  • Improved layout spacing and usability for cleaner admin experience
• Added Persistent Top-up Log System:
  • Introduced helper functions init_plugin_suite_user_engine_add_topup_log() and init_plugin_suite_user_engine_get_topup_logs()
  • Standardized log entry format: quantity|type(coin|cash)|target(VIP|ALL|uid:{id}|user:{count})|time
  • Automatically trims to the latest 100 entries
  • Stored via update_option() with autoload disabled
• Improved User Display in Logs:
  • User targets now show as clickable links to admin profile pages
  • Fallback added for deleted or invalid users
  • VIP, ALL, and multi-user targets show readable labels
• Backward Compatibility:
  • Compatible with legacy iue_send_all and iue_send_vip fields
  • No database or API changes
  • Existing balance, inbox, and transaction logic remain unchanged

1.3.0 – October 12, 2025

• Added Coin Exchange system:
  • Users can now convert Cash → Coin with a configurable rate
  • Added real-time conversion preview, validation, and rate display
  • Includes optional min/max limits via filters for full customization
  • Fully integrated with transaction log and dark mode UI
• Improved profile update reliability:
  • Added smart fallback for empty or invalid display names → automatically uses nickname or username
  • Prevented saving blank or whitespace-only display names after sanitization
  • Ensured consistent and safe user display names across all update scenarios
• No database or API changes. Fully backward compatible

1.2.9 – October 10, 2025

• Upgraded multi-user inbox sender to use bulk insert for massive scalability
  • Converts thousands of single inserts into optimized batched queries
  • Handles large user arrays efficiently with automatic chunking for stability
• Simplified inbox table creation for new installations (no index changes applied)
• Significantly improved performance when sending inbox messages to large user bases (e.g., 10,000+ users)
• Refactored Admin Tools:
  • Notification Tool now uses the new bulk inbox sender for instant multi-user delivery
  • Top-up Tool updated to integrate with the new inbox system while keeping balance and log logic fully intact
• Fully backward compatible, no database schema or API changes

1.2.8 – October 10, 2025

• Added autocomplete="off" to all password fields in the settings page to prevent browsers from auto-saving or suggesting stored passwords
• Minor UI consistency adjustments in settings forms
• No functional or database changes

1.2.7 – October 8, 2025

• Added Inbox Cleanup Tool directly in the Inbox Statistics admin page:
  • Introduced new “Cleanup Inbox by Type” block under the Refresh Data section
  • Allows administrators to permanently delete all inbox messages of a selected type
  • Automatically lists all existing message types for quick selection
  • Includes nonce verification, capability checks, and confirmation prompt for safety
  • Displays success or error notice with deleted message count after operation
• Enhanced date range filter security:
  • Added nonce field and verification for the “Date Range” dropdown form
  • Removed WPCS NonceVerification.Recommended warnings on GET processing
• Improved overall PHPCS compliance for the statistics module:
  • Explicitly documented safe cases for display-only notices
  • Limited PHPCS ignores to justified database queries only
• Fully backward compatible with existing inbox data and analytics logic
• No database schema changes or new dependencies introduced

1.2.6 – October 5, 2025

• Enhanced Admin User Metabox for better visibility of user activity and communication:
  • Added Recent Transactions section under VIP Details showing up to 100 latest Coin/Cash logs with type, amount, source, and timestamp
  • Added Recent Inbox section under Inbox (User) listing up to 100 latest messages with type, status, title, and time
  • Both sections feature compact scrollable layouts with limited height for clean, admin-friendly viewing
• Fully backward compatible:
  • No database or meta structure changes
  • Automatically uses existing transaction and inbox data
  • Lightweight rendering ensures stable performance even with large user histories

1.2.5 – October 4, 2025

• Refined dashboard menu CSS for better scalability with multiple grouped items:
  • Added .multi-menu style to support grouped links (e.g., Sticker Store, Frame Store, Effects)
  • Adjusted padding, spacing, and hover states to keep grouped items compact but consistent with main menu
  • Improved dark mode support for multi-menu background/hover states
• Optimized avatar frame overlay CSS:
  • Prevented hover scaling on frame elements while keeping core avatar hover intact
  • Ensured frame overlay maintains alignment across various container contexts
• Minor visual polish:
  • Standardized border-radius and spacing for consistency across badges, dots, and menu links
  • Unified hover background opacity values in both light and dark modes

1.2.4 – October 4, 2025

• Added full integration with Cloudflare Turnstile for spam-proof registration:
  • Admin settings now support entering Turnstile Site Key and Secret Key
  • If both keys are set, registration form automatically shows Turnstile widget instead of legacy math captcha
  • Fallback to legacy captcha only when Turnstile keys are missing
  • If CAPTCHA is disabled entirely, registration form shows no challenge at all
• Updated registration endpoint (/register) to:
  • Verify Turnstile tokens server-side with Cloudflare API
  • Gracefully fallback to math captcha validation if Turnstile is not configured
  • Return structured WP_Error codes: turnstile_required, turnstile_invalid, captcha_wrong, etc.
  • Retain honeypot detection and IP-based rate limiting (max 5 attempts/hour)
• Enhanced guest.js:
  • Unified client-side flow for both Turnstile and legacy captcha
  • Implemented late initialization (Turnstile widget loads only when Register tab is shown) to reduce page weight
  • Reset Turnstile widget after each failed or successful attempt to avoid stale tokens
  • Clear, translated error messages for Turnstile failures (expired, timeout, missing token, etc.)
• Security hardened:
  • Prevented bypass when captcha/Turnstile token missing
  • Verified tokens are one-time-use per attempt
  • Ensured consistent block on invalid, expired, or reused tokens

1.2.3 – October 3, 2025

• Refactored all EXP + Coin award logic to use unified, extensible filters:
  • init_plugin_suite_user_engine_publish_post_rewards
  • init_plugin_suite_user_engine_user_register_rewards
  • init_plugin_suite_user_engine_update_profile_rewards
  • init_plugin_suite_user_engine_daily_login_rewards
  • init_plugin_suite_user_engine_woo_order_rewards
• Each filter now returns both exp and coin values in a single array for easier customization
• Preserved default reward amounts (e.g. 20 EXP + 5 Coin for publish, 50 EXP + 20 Coin for register, etc.)
• Added support for WooCommerce dynamic rewards calculation based on order total, with filter override
• Ensured backward compatibility with existing init_plugin_suite_user_engine_add_exp and init_plugin_suite_user_engine_add_coin actions
• Updated inbox notification content strings to use filtered values dynamically
• All new filters fully localized and translation-ready with proper translators: comments
• Synced Daily Tasks REST API with plugin settings:
  • checkin_coin setting now drives “Check in today” reward
  • online_coin setting now drives “Stay active today” reward
  • Prevented hardcoded reward mismatch between API output and actual check-in/claim logic

1.2.2 – October 3, 2025

• Added new Comment Reward options in plugin settings:
  • EXP per comment (default 10)
  • Coin per comment (default 2)
  • Daily comment cap (default 0 = unlimited, reset anchored to daily check-in)
• Implemented counter reset tied to iue_checkin_last meta to ensure daily limits reset only after user check-in
• Prevented reward farming by enforcing strict per-day cap logic
• Localized all new strings with msgid/msgstr entries for full translation support
• Preserved backward compatibility with existing EXP and Coin award actions

1.2.1 – September 28, 2025

• Refactored avatar override to hook into pre_get_avatar_data with very high priority, ensuring IUE avatar takes precedence over third-party filters such as Nextend Social Login
• Retained lightweight get_avatar_url shim for backward compatibility with direct URL calls
• Added safe fallbacks: defer to WordPress/Nextend when no IUE avatar is present; if Gravatar is disabled, serve bundled SVG as default
• Improved cache behavior so avatar changes propagate more consistently with CDN/page cache purges
• Fixed WPCS issues in admin_post_iue_remove_vip:
  • Properly unslashed and sanitized all $_GET inputs before verification
  • Strengthened nonce handling with a dedicated notice nonce for admin notices
  • Escaped all dynamic output at the point of rendering to resolve OutputNotEscaped errors
  • Sanitized query arguments on redirects; left targeted PHPCS ignores only for raw SQL queries with clear justification
• No breaking changes: all actions, filters, and helper functions remain unchanged for seamless drop-in update

1.2.0 – September 28, 2025

• Added ability to revoke VIP membership directly from the Admin User Metabox
• Implemented automatic inbox notification to inform users when their VIP status is removed
• Ensured safe validation to guarantee VIP is removed from the correct user only
• Added new option in plugin settings to completely disable CAPTCHA on registration
• Updated registration form JS to auto-detect and skip CAPTCHA field when disabled
• Enhanced REST API /register to conditionally bypass CAPTCHA validation based on settings
• Expanded CAPTCHA trivia pool with fresh, unambiguous fact-based questions (e.g., sides of a square, letters in the English alphabet, spider legs, etc.)
• Fully localized all new CAPTCHA questions with ready-made msgid/msgstr entries
• Improved validation and UI consistency by showing clearer error messages and reset flow
• Ensured no debatable or ambiguous questions remain in the trivia pool for maximum reliability

1.1.9 – September 17, 2025

• Added extensible filter to inject custom KPIs after Cash in the Admin User metabox
• Introduced helper function to normalize extra KPI items and ensure safe output
• Provided theme example to display “Power Stone” metric with i18n and WPCS compliance

1.1.8 – September 17, 2025

• Added admin user metabox on profile/edit screens showing wallet, EXP, VIP, and inbox statistics
• Displayed Coin, Cash, Level, and EXP progress with dynamic progress bar
• Integrated VIP information including total purchases, expiry date, lifetime detection, and Coin spent
• Implemented inbox quick stats with total, unread, last 7 days, and last message timestamp
• Linked inbox statistics directly to full analytics page for quick navigation
• Included helper functions with safe fallbacks for Coin, Cash, VIP, and inbox stats to ensure robustness
• Fixed missing version parameter in wp_register_style() to comply with WordPress coding standards
• Enhanced inline admin CSS with proper versioning using INIT_PLUGIN_SUITE_IUE_VERSION

1.1.7 – August 30, 2025

• Refactored Admin Top-up tool to support both addition (positive) and deduction (negative) amounts
• Bypassed VIP/bonus multipliers during manual top-ups to ensure exact applied value
• Implemented raw balance adjustments with automatic clamping to prevent negative wallet values
• Updated inbox notifications to reflect both top-up and deduction actions consistently
• Enhanced transaction logging with accurate applied amounts and proper change type (add/deduct)
• Added translators: comments for all sprintf() translation strings in Top-up tool to meet WPCS i18n standards
• Improved admin UI with description note: positive values add funds, negative values deduct funds

1.1.6 – August 23, 2025

• Enhanced database initialization system with admin_init hook for improved reliability
• Added administrator privilege verification to ensure secure table creation and maintenance
• Implemented comprehensive table existence checking to prevent database inconsistencies
• Improved multisite compatibility with automatic table creation for new blog instances
• Added PHPCS compliance annotations to suppress unnecessary warnings for database operations
• Strengthened plugin activation process with fail-safe table creation mechanisms

1.1.5 – August 22, 2025

• Fixed timezone consistency issues in transient cleanup cron scheduler
• Corrected inbox statistics queries to properly handle WordPress timezone settings
• Enhanced date range filtering accuracy for inbox analytics and daily activity charts
• Improved scheduled cleanup reliability by using WordPress timezone-aware functions
• Fixed statistical calculations that were affected by UTC vs local time discrepancies
• Updated cron frequency from hourly to twice-daily for optimal performance balance

1.1.4 – August 22, 2025

• Optimized captcha loading system with lazy initialization to reduce unnecessary API calls
• Implemented smart captcha management that only loads when users access the registration form
• Fixed memory leaks in JavaScript interval handlers with proper cleanup on modal close
• Enhanced registration flow by preserving captcha on successful submissions instead of unnecessary reloads
• Improved performance by eliminating background captcha generation for inactive registration forms
• Reduced server load and database transient accumulation through intelligent captcha lifecycle management

1.1.3 – August 22, 2025

• Added automated hourly cleanup system for expired transient data
• Implemented scheduled cron job to remove outdated captcha and rate limiting transients
• Enhanced database performance by preventing transient accumulation and orphaned records
• Improved system stability through regular cleanup of temporary data without manual intervention
• Added proper cleanup on plugin deactivation to maintain database integrity
• Optimized memory usage by eliminating stale transient entries that could impact site performance

1.1.2 – August 19, 2025

• Added automated weekly cleanup system for orphaned inbox messages
• Implemented silent background maintenance to remove inbox entries from deleted user accounts
• Enhanced database integrity by automatically clearing orphaned data without logging or notifications
• Improved system performance through regular cleanup of stale inbox records

1.1.1 – August 18, 2025

• Added full Inbox Statistics admin page with detailed analytics and charts
• Implemented date range filter (7d, 30d, 90d, all-time) for customizable reporting
• Built overview grid showing total, unread, daily, and recipient counts
• Introduced advanced breakdowns: message types, priority levels, and engagement analytics
• Added daily activity chart, top recipients leaderboard, and recent activity summary
• Implemented refresh button with last updated timestamp for real-time insights
• Added simplified dashboard widget showing key inbox metrics with quick action links

1.1.0 – August 14, 2025

• Reorganized and consolidated all CSS files into a single minified stylesheet for improved performance
• Combined all JavaScript files into one unified script file to reduce HTTP requests
• Optimized asset loading by eliminating multiple file dependencies
• Improved page load times through streamlined resource management
• Enhanced maintainability with centralized CSS and JS architecture
• Reduced bandwidth usage and improved caching efficiency for better user experience

1.0.9 – August 3, 2025

• Added extensible filter system to init_plugin_suite_user_engine_format_log_message() function
• Introduced init_user_engine_format_log_message filter hook for customizing transaction log messages
• Enhanced log message formatting with access to full entry data, source, type, and amount parameters
• Improved code maintainability by allowing themes and plugins to extend log message display

1.0.8 – July 31, 2025

• Completely rewrote check-in countdown logic to only count when tab is active
• Changed from timestamp-based calculation to real-time remaining seconds storage
• Fixed critical bug where countdown continued running in background when tab was hidden
• Added proper tab visibility detection to pause/resume countdown accurately
• Implemented daily reset mechanism that clears old countdown data on new day
• Fixed auto-reward claiming issue that occurred after long periods of inactivity
• Added proper state persistence when switching tabs or closing browser
• Countdown now properly resumes from exact remaining time when returning to tab
• Improved localStorage management with separate keys for remaining time and date tracking
• Enhanced countdown reliability by saving state on every second tick
• Fixed memory leaks by properly clearing intervals and event listeners

1.0.7 – July 31, 2025

• Refactored daily check-in JavaScript: clearer logic, safer countdown handling, and accurate reward claiming
• Removed redundant localStorage key (REMAINING_KEY), simplified timing logic using only startTime
• Fixed countdown bug when tab visibility changes by pausing updates and preventing memory leaks
• Handled auto-claim reward when returning after countdown has finished
• Prevented duplicate intervals by clearing previous setInterval before starting new one
• Fixed bug where disabled check-in button never re-enabled on error
• Rewrote /daily-tasks REST API to prevent fatal errors caused by invalid log entries
• Replaced unsafe closures in task check callbacks with static callbacks (__return_true)
• Added fallback and error logging in call_user_func for task completion checks
• Filtered and validated log entries before accessing offsets to avoid runtime crashes

1.0.6 – July 28, 2025

• Added Daily Task modal with REST API support
• Built daily tasks for check-in, online activity, and other actions based on real user logs
• Rewards now dynamically reflect actual amount and type (Coin/Cash) from transaction data
• Tasks only appear if completed, ensuring a clean and relevant UI
• Supported extensible task system via init_plugin_suite_user_engine_daily_tasks filter
• Added translators: comments for all sprintf() translation strings in CAPTCHA module
• Minor refinements to i18n strings for better clarity and consistency

1.0.5 – July 23, 2025

• Emergency fix for PHP 7.4 compatibility (replaced match expressions and array unpacking)
• Standardized all translation strings for full i18n compliance

1.0.4 – July 23, 2025

• Upgraded CAPTCHA system with better validation and answer protection
• Introduced three CAPTCHA modes: math symbols, natural language, and mixed trivia
• Added smart attempt tracking with auto-refresh after too many failures
• Improved token generation using user agent, IP, and timestamp for enhanced uniqueness
• Increased CAPTCHA expiration time to 15 minutes
• Fully localized all new CAPTCHA questions and error messages

1.0.3 – July 22, 2025

• Secured the /register endpoint against spam and abuse
• Added custom CAPTCHA system with randomized math questions (e.g. “6 + 3”, “What is 5 times 2?”)
• Implemented honeypot hidden field to block bot-based submissions
• Stored CAPTCHA answer via transient using IP + token with 10-minute expiration
• All CAPTCHA questions are fully translatable using standard i18n functions
• Minor code cleanup and improved form reliability

1.0.2 – July 21, 2025

• Added Edit Profile modal with support for display name, bio, password, social links, website, and gender
• Built REST API endpoints for fetching and updating user profile
• Created Admin Top-up tool for Coin and Cash
• Supports selecting specific users or sending to all members
• Logs transaction and sends inbox notification upon top-up

1.0.1 – July 8, 2025

• Added full registration module for guest users
• Toggle login/register forms with animated UI
• Added password visibility toggle using SVG icons
• Built REST API endpoint /register for user signup
• Implemented client-side validation with i18n support
• Improved i18n messages for all form interactions
• Automatically updates modal header when switching forms

1.0.0 – June 23, 2025

• Initial release
• Shortcode [init_user_engine] for frontend avatar + dashboard
• EXP system with level-up bonus and milestone logic
• Coin & Cash wallet with transaction log
• Daily check-in with online timer reward
• REST API for EXP, Coin, inbox, VIP, referral
• Inbox system with pagination and actions
• VIP purchase system via Coin
• Referral system using cookie-based signup tracking
• Avatar module with upload/remove and REST API support