diff --git a/trunk/chargify.php b/trunk/chargify.php
index 349b45e..79c2d4f 100644
--- a/trunk/chargify.php
+++ b/trunk/chargify.php
@@ -1,11 +1,13 @@
 <?php
 /*
-Plugin Name: Chargify Wordpress Plugin
-Plugin URI: http://9seeds.com/plugins
+Plugin Name: Chargify Modified
+Plugin URI: http://github.com/chadsterBAM/chargify
 Description: Manage subscriptions to WordPress using the Chargify API
-Author: Subscription Tools - Programming by 9seeds
-Version: 2.0
+Author: Subscription Tools - Programming by 9seeds - Updates by Chris and Chad
+Version: 1.1
 Author URI: http://9seeds.com/plugins
+GitHub Plugin URI: https://github.com/chadsterBAM/chargify
+GitHub Branch:     master
 */
 
 $base = dirname(__FILE__);
@@ -20,22 +22,64 @@
 add_shortcode('chargify-protected', array('chargify','partialprotect'));
 add_action('admin_menu',array('chargify','control'));
 add_filter('the_posts',array('chargify','checkAccess'));
-add_action('admin_menu', array('chargify','createMetaAccessBox'));  
-add_action('save_post', array('chargify','metaAccessBoxSave'));  
-add_filter('init', array('chargify','subscriptionRedirect'));  
-add_filter('the_content', array('chargify','subscriptionDisplayError'),15); 
-add_filter('the_content', array('chargify','displayForm'));  
-add_filter('wp_loaded', array('chargify','subscriptionPost'));  
-add_filter('wp_loaded', array('chargify','subscriptionCreate'));  
+add_action('admin_menu', array('chargify','createMetaAccessBox'));
+add_action('save_post', array('chargify','metaAccessBoxSave'));
+add_filter('init', array('chargify','subscriptionRedirect'));
+add_filter('the_content', array('chargify','subscriptionDisplayError'),15);
+add_filter('the_content', array('chargify','displayForm'));
+add_filter('wp_loaded', array('chargify','subscriptionPost'));
+add_filter('wp_loaded', array('chargify','subscriptionCreate'));
 add_action('show_user_profile', array('chargify','userActions'));
 add_action('edit_user_profile', array('chargify','userActions'));
 add_action('profile_update', array('chargify','userActionsUpdate'));
 add_action('admin_print_scripts-toplevel_page_chargify-admin-settings',array('chargify','adminScripts'));
+add_action('wp_login',array('chargify','checkSubStatus'),10,2);
 register_activation_hook(__FILE__,array("chargify","activate"));
 register_deactivation_hook(__FILE__,array("chargify","deactivate"));
 
-class chargify
-{
+class chargify {
+	function checkSubStatus($login,$user)
+	{
+		$user_id = $user->ID;
+		if(empty($user->chargify_custid))
+			return;
+
+		$d = get_option('chargify');
+		$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));
+		$connector = new ChargifyConnector($opt);
+
+		$sub = $connector->getSubscriptionsByCustomerID($user->chargify_custid);
+		if(is_array($sub))
+		{
+			//get user subscriptions
+			$usub = get_usermeta($user_id,'chargify_level',true);
+			foreach($sub as $s)
+			{
+				switch($s->getState())
+				{
+					case 'canceled':
+					case 'expired':
+					case 'trial_ended':
+						if(isset($usub[$s->getProduct()->getHandle()]))
+						{
+							unset($usub[$s->getProduct()->getHandle()]);
+							update_usermeta($user_id,'chargify_level',$usub);
+						}
+						break;
+
+					case 'paused':
+					case 'trialing':
+					case 'active':
+						if(!isset($usub[$s->getProduct()->getHandle()]))
+						{
+							$usub[$s->getProduct()->getHandle()] = time();
+							update_usermeta($user_id,'chargify_level',$usub);
+						}
+						break;
+				}
+			}
+		}
+	}
 	function adminScripts()
 	{
         $pluginurl = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
@@ -61,12 +105,12 @@ function manualTrim($text)
 	function checkAccess($posts)
 	{
 		$chargify = get_option('chargify');
-		
+
 		$u = wp_get_current_user();
 		if($u->roles[0] == 'administrator')
 		{
 			return $posts;
-		}		
+		}
 
 		if($u->ID && get_user_meta($u->ID,'chargify_access_check',true) < time())
 		{
@@ -75,7 +119,7 @@ function checkAccess($posts)
 
 		foreach($posts as $k => $post)
 		{
-			$d = get_post_meta($post->ID, 'chargify_access', true); 
+			$d = get_post_meta($post->ID, 'chargify_access', true);
 			if(isset($d['levels']) && is_array($d["levels"]) && !empty($d['levels']))
 			{
 				if(!$u->ID ||(is_array($d["levels"]) && !array_intersect_key($u->chargify_level,$d["levels"])))
@@ -86,7 +130,7 @@ function checkAccess($posts)
 							$post->post_content = strlen(trim($post->post_excerpt)) ? $post->post_excerpt : self::manualTrim($post->post_content);
 							break;
 						default:
-						$post->post_content = self::partialcontent($post->post_content); 
+						$post->post_content = self::partialcontent($post->post_content);
 					}
 				}
 				else
@@ -106,13 +150,13 @@ function checkAccess($posts)
 									$post->post_content = strlen(trim($post->post_excerpt)) ? $post->post_excerpt : self::manualTrim($post->post_content);
 									break;
 								default:
-								$post->post_content = self::partialcontent($post->post_content); 
+								$post->post_content = self::partialcontent($post->post_content);
 							}
 						}
 					}
 				}
 			}
-			 
+
 			$posts[$k] = $post;
 		}
 		return $posts;
@@ -135,7 +179,7 @@ function products($fresh = false)
 		$d = get_option('chargify');
 		$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));
 		if($fresh)
-		{			
+		{
 			$connector = new ChargifyConnector($opt);
 			$products = $connector->getAllProducts();
 		}
@@ -169,7 +213,7 @@ function partialprotect($atts,$content = null)
 		global $post;
 		$chargify = get_option("chargify");
 
-		$d = get_post_meta($post->ID, 'chargify_access', true); 
+		$d = get_post_meta($post->ID, 'chargify_access', true);
 		$u = wp_get_current_user();
 		if(current_user_can( 'manage_options' ))
 			return $content;
@@ -212,6 +256,7 @@ function subscriptionListShortCode($atts)
 		}
 		$d = get_option("chargify");
 		$return_url = $_GET['return_url'];
+		$plan = $_GET['plan'];
 
 		if($_POST['chargifySignupFirst'])
 			$first = $_POST['chargifySignupFirst'];
@@ -235,7 +280,7 @@ function subscriptionListShortCode($atts)
 
 
 		if($d["chargifySignupType"] == 'api')
-		{	
+		{
 			$monthDrop = '<select style="" name="chargifySignupExpMo"><option value="">mm</option>';
 			for($i=1; $i<13; $i++)
 			{
@@ -249,7 +294,7 @@ function subscriptionListShortCode($atts)
 				$yearDrop .= '<option value="'.$i.'" '.($_POST["chargifySignupExpYr"] == $i ? "selected" : "").'>'.$i.'</option>';
 			}
 			$yearDrop .= '</select>';
-			
+
 			$products = self::products();
 			$form ='<form name="chargifySignupForm" method="post" action="">
 			<input type="hidden" name="chargify_signupcc_noncename" id="chargify_signupcc_noncename" value="'.wp_create_nonce( plugin_basename(__FILE__) ).'" />
@@ -271,8 +316,11 @@ function subscriptionListShortCode($atts)
 				<tr>
 					<td>Email</td>
 					<td><input type="text" name="chargifySignupEmail" value="'.$email.'"></td>
-				</tr>
-				<tr>
+				</tr>';
+
+				$form = apply_filters('chargify_signup_form_extra',$form,$d,$_REQUEST);
+
+				$form .= '<tr>
 					<th colspan="2">Payment Info</th>
 				</tr>
 				<tr>
@@ -310,7 +358,7 @@ function subscriptionListShortCode($atts)
 				<tr>
 					<td>Credit Card Expiration</td>
 					<td>'.$monthDrop.'/'.$yearDrop.'</td>
-				</tr>	
+				</tr>
 				';
 			$productdisplayed = 0;
 			foreach($products as $p)
@@ -337,7 +385,7 @@ function subscriptionListShortCode($atts)
 			$form ='<form name="chargifySignupForm" method="post" action="">
 			<input type="hidden" name="chargify_signup_noncename" id="chargify_signupcc_noncename" value="'.wp_create_nonce( plugin_basename(__FILE__) ).'" />
 			<input type="hidden" name="return_url" value="'.$_GET['return_url'].'">
-			<input type="hidden" name="submit" value="">	
+			<input type="hidden" name="submit" value="">
 			<table>
 				<tr>
 					<th colspan="2"><p><strong>Subscriber Information</strong></p></th>
@@ -353,50 +401,87 @@ function subscriptionListShortCode($atts)
 				<tr>
 					<td>Email</td>
 					<td><input type="text" name="chargifySignupEmail" value="'.$email.'"></td>
-				</tr>
-				<tr>
-					<th colspan="2"><p><strong>Subscription Level</strong></p></th>
-				</tr>
-				';
-			
+				</tr>';
+
+			$form = apply_filters('chargify_signup_form_extra',$form,$d,$_REQUEST);
+
 			$products = self::products();
 			$productdisplayed = 0;
 			if(is_array($products))
 			foreach($products as $p)
 			{
-				if ((isset($filteraccountingcodes[$p->getAccountCode()]) && $filteraccountingcodes[$p->getAccountCode()]) || count($filteraccountingcodes) == 0) {
-					$form .= '<tr>';
-					$form .= '<td><div align="center"><strong><p>'.$p->getName().'</strong><br>$'.$p->getPriceInDollars().' '.($p->getInterval() == 1 ? 'each '.$p->getIntervalUnit() : 'every '.$p->getInterval().' '.$p->getIntervalUnit().'s').'<br>'.$p->getDescription().'</p></div></td>';
-					if(isset($current_user->chargify_level[$p->getHandle()]))
-					{	
-						$form .= '<td>';
-						$form .= 'You already have access to this level</td>';
+				$pNameAdjusted = sanitize_title_with_dashes($p->getName());
+				/*
+				$planNameAdjusted = str_replace('-', ' ', $plan);
+				$pName = strtolower($planName);
+				$pNameAdjusted = strtolower($planNameAdjusted);
+				*/
+				if ((isset($filteraccountingcodes[$p->getAccountCode()]) && $filteraccountingcodes[$p->getAccountCode()]) || count($filteraccountingcodes) == 0) 
+				{
+					if(!isset($plan))
+					{
+						$form .= '<tr>';
+						$form .= '<td><div align="center"><strong><p>'.$p->getName().'</strong><br>$'.$p->getPriceInDollars().' '.($p->getInterval() == 1 ? 'each '.$p->getIntervalUnit() : 'every '.$p->getInterval().' '.$p->getIntervalUnit().'s').'<br>'.$p->getDescription().'</p></div></td>';
+						if(isset($current_user->chargify_level[$p->getHandle()]))
+						{
+							$form .= '<td>You already have access to this level</td>';
+						}
+						else
+						{
+							$form .= '<td><p><input onclick="javascript:document.chargifySignupForm.submit.value=\''.$p->id.'\';" name="submit'.$p->getHandle().'" type="submit" value="'.$p->getName().'"></p></td>';
+
+							$form .= '</tr>';
+							$productdisplayed = 1;
+						}
 					}
 					else
-						$form .= '<td><p><input onclick="javascript:document.chargifySignupForm.submit.value=\''.$p->id.'\';" name="submit'.$p->getHandle().'" type="submit" value="'.$p->getName().'"></p></td>';
-					$form .= '</tr>';
-					$productdisplayed = 1;
+					{
+						if($plan == $pNameAdjusted)
+						{
+							if(isset($current_user->chargify_level[$p->getHandle()]))
+							{
+								$form .= '<td colspan="2">You already have access to this level</td>';
+							}
+							else
+							{
+								$form .= '<td colspan="2"><p><input onclick="javascript:document.chargifySignupForm.submit.value=\''.$p->id.'\';" name="submit'.$p->getHandle().'" type="submit" value="Continue to Checkout"></p></td>';
+							}
+						}
+						else
+							$form .= '';
+
+						$form .= '</tr>';
+						$productdisplayed = 1;
+					}
 				}
 			}
+
 			if(!$productdisplayed)
 			{
 				$form = '<form name="chargifySignupForm" method="post" action=""><table><tr><td colspan="2">No products found</td></tr>';
 			}
 			$form .= '</table>';
 			$form .= '</form>';
-
-
 		}
-		return $form;
+		return apply_filters('chargify_signup_form',$form,$d,$_REQUEST,$products);
 	}
+
 	function userActionsUpdate($user_id)
 	{
-		if($_POST["chargifyCancelSubscription"])
+		global $current_user;
+
+		if(isset($_POST["chargifyCancelSubscription"]) && is_numeric($_POST['chargifyCancelSubscription']) && ($user_id == $current_user->ID || current_user_can('activate_plugins')))
 		{
 			$d = get_option('chargify');
 			$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));	
 			$connector = new ChargifyConnector($opt);
 			$connector->cancelSubscription($_POST["chargifyCancelSubscription"]);
+
+			//get rid of it on our side
+			$sub = $connector->getSubscriptionsBySubscriptionID($_POST['chargifyCancelSubscription']);
+			$usub = get_usermeta($user_id,'chargify_level',true);
+			unset($usub[$sub->getProduct()->getHandle()]);
+			update_usermeta($user_id,'chargify_level',$usub);
 		}
 	}
 	function userActions($u)
@@ -413,20 +498,22 @@ function userActions($u)
 		{
 			foreach($sub as $s)
 			{
-				echo '<strong>'.$s->getProduct()->getName().'</strong><br>$'.$s->getProduct()->getPriceInDollars().' '.($s->getProduct()->getInterval() == 1 ? 'each '.$s->getProduct()->getIntervalUnit() : 'every '.$s->getProduct()->getInterval().' '.$s->getProduct()->getIntervalUnit().'s').'<br>'.$s->getProduct()->getDescription() . '<br>Subscription Status:<strong>'.$s->getState().'</strong><br><input type="checkbox" name="chargifyCancelSubscription" value="'.$s->id.'"><strong>Check this box to cancel this subscription</strong>';
+				echo '<strong>'.$s->getProduct()->getName().'</strong><br>$'.$s->getProduct()->getPriceInDollars().' '.($s->getProduct()->getInterval() == 1 ? 'each '.$s->getProduct()->getIntervalUnit() : 'every '.$s->getProduct()->getInterval().' '.$s->getProduct()->getIntervalUnit().'s').'<br>'.$s->getProduct()->getDescription() . '<br>Subscription Status:<strong>'.$s->getState().'</strong>';
+				//echo '<input type="checkbox" name="chargifyCancelSubscription" value="'.$s->id.'"><strong>Check this box to cancel this subscription</strong>';
 			}
 		}
 	}
 	function metaAccessBox()
 	{
 		global $post;
-		$d = get_post_meta($post->ID, 'chargify_access', true); 
+		$d = get_post_meta($post->ID, 'chargify_access', true);
 		if(isset($d["levels"]))
 			$levels = $d["levels"];
-		
+
 		$products = self::products();
 		$form = '<strong>User levels that can access this content</strong> Note: If you don\'t choose any levels below this will be a <strong>public<strong> post<br>';
 		$form .= '<input type="hidden" name="access_noncename" id="access_noncename" value="'.wp_create_nonce( plugin_basename(__FILE__) ).'" />';
+		if(is_array($products))
 		foreach($products as $p)
 		{
 			$form .= '<input type="checkbox" name="chargifyAccess['.$p->getHandle().'][enable]" value="'.$p->getHandle().'" '.(isset($levels[$p->getHandle()]) && isset($levels[$p->getHandle()]) ? "checked" : "").'> '.$p->getName();
@@ -438,7 +525,7 @@ function metaAccessBox()
 			$form .= '</select><br>';
 		}
 		echo $form;
-	}	
+	}
 	function subscriptionCreate()
 	{
 		global $current_user;
@@ -447,17 +534,26 @@ function subscriptionCreate()
 			$d = get_option('chargify');
 			$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));	
 			$connector = new ChargifyConnector($opt);
-			$sub = $connector->getSubscriptionsBySubscriptionId($_GET["subscription_id"]);
+			$sub = $connector->getSubscriptionsBySubscriptionId(htmlspecialchars($_GET["subscription_id"]));
+			$subid = (htmlspecialchars($_GET["subscription_id"]));
 			if($sub->getState() == 'active' || $sub->getState() == 'trialing')
 			{
-				$trans = get_transient('chargify-'.$_GET['customer_reference']);
+				$customer = $connector->getCustomerByReference(htmlspecialchars($_GET['customer_reference']));
+				$customer_email = $customer->getEmail();
+				$trans = get_transient('chargify-'.md5($customer_email));
+
 				if(is_array($trans) && isset($trans['user_email']))
 				{
 					$email = $trans['user_email'];
 					$user_pass = $trans['user_pass'];
+					if (isset($trans['user_login'])) {
+						$user_login = $trans['user_login'];
+					} else {
+						$user_login = $trans['user_email'];
+					}
 
 					$args = array(
-						'user_login' => $email,
+						'user_login' => $user_login,
 						'user_pass' => $user_pass,
 						'user_email' => $email,
 					);
@@ -477,12 +573,17 @@ function subscriptionCreate()
 						//this ensures that it won't do all this work twice
 						//it's a filthy hack but it works for now
 						$_REQUEST["chargify.subscriptionPost"] = $user_id;
-						delete_transient('chargify-'.$_GET['customer_reference']);
 
-						
-						update_usermeta( $user_id, 'chargify_level', array($sub->getProduct()->getHandle()=>time())); 
+						$customer = $connector->getCustomerByReference($_GET['customer_reference']);
+                                		$customer_email = $customer->getEmail();
+						delete_transient('chargify-'.md5($customer_email));
+
+						update_usermeta( $user_id, 'chargify_level', array($sub->getProduct()->getHandle()=>time()));
 						update_usermeta( $user_id, 'chargify_custid', $sub->getCustomer()->getId());
-						
+
+						update_usermeta( $user_id, 'first_name', $sub->getCustomer()->getFirstName());
+						update_usermeta( $user_id, 'last_name', $sub->getCustomer()->getLastName());
+
 						if(isset($trans['existing_user']) && $trans['existing_user'] == true)
 						{
 							if($trans['return_url'])
@@ -496,10 +597,15 @@ function subscriptionCreate()
 						else
 						{
 							wp_new_user_notification($user_id, $user_pass);
-							self::login( $user_id, $email,$trans['return_url']);
+							self::login( $user_id, $email,$trans['return_url']."?customer_id=".$sub->getCustomer()->getId()."&customer_reference=".$sub->getCustomer()->getReference()."&subscription_id=".$subid);
 						}
 					}
 				}
+				else
+				{
+					//echo '<script>console.log("Unknown customer ref");</script>';
+				}
+
 			}
 		}
 	}
@@ -507,25 +613,41 @@ function subscriptionRedirect()
 	{
 		global $current_user;
 		if ( wp_verify_nonce( $_POST['chargify_signup_noncename'], plugin_basename(__FILE__) ) && is_numeric($_POST["submit"]))
-		{	
-			
+		{
+
 			if(!is_email($_POST["chargifySignupEmail"]) || !strlen($_POST["chargifySignupFirst"]) || !strlen($_POST["chargifySignupLast"]))
 			{
-				$_POST["chargify_signup_error"] = array('ERROR'=>"All fields are required. Please enter a name and valid email address");
+				$_POST["chargify_signup_error"] = array('ERROR'=>"<span class=\"chargify-error\">All fields are required. Please enter a name and valid email address.</span>");
 				return 0;
 			}
-			
+
 			$d = get_option("chargify");
-			$user_login = sanitize_user( $_POST["chargifySignupEmail"] );
+			$user_login = sanitize_user( apply_filters('chargify_signup_username',$_POST["chargifySignupEmail"]) );
 			$user_email = apply_filters( 'user_registration_email', $_POST["chargifySignupEmail"] );
-			if((username_exists($user_login) || email_exists($user_email)) && !$current_user->ID)
+			
+			if (strpos($user_login, '@') || strpos($user_login, '_')) {
+				$_POST["chargify_signup_error"] = array('ERROR'=>"<span class=\"chargify-error\">You cannot have an @ symbol or an underscore in your username.</span>");
+				return 0;
+			}
+
+			if(email_exists($user_email) && !$current_user->ID)
 			{
-				$_POST["chargify_signup_error"] = array('ERROR'=>"That email address is already in use, please choose another.");
+				$_POST["chargify_signup_error"] = array('ERROR'=>"<span class=\"chargify-error\">That email address is already in use, please choose another.</span>");
+				return 0;
+			}
+			elseif(username_exists($user_login) && !$current_user->ID)
+			{
+				$_POST["chargify_signup_error"] = array('ERROR'=>"<span class=\"chargify-error\">That user name is already in use, please choose another.</span>");
 				return 0;
 			}
 			else
 			{
-				$user_pass = wp_generate_password();
+				$user_pass = apply_filters('chargify_signup_pass',wp_generate_password());
+
+				if(!$user_pass) {
+					$_POST["chargify_signup_error"] = array('ERROR'=>"<span class=\"chargify-error\">Password mismatch, please try again.</span>");
+					return 0;
+				}
 				$return_url = $_REQUEST['return_url'];
 				$trans = array();
 				$trans["user_login"] = $user_login;
@@ -537,17 +659,17 @@ function subscriptionRedirect()
 				if($current_user->ID)
 					$trans['existing_user'] = true;
 
-				set_transient("chargify-".md5($user_email.$_POST['submit']),$trans);
+				set_transient("chargify-".md5($user_email),$trans);
 
 				$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));	
 				$connector = new ChargifyConnector($opt);
 				$product = $connector->getProductByID($_POST['submit']);
-				
+
 				$pubpage = array_shift($product->public_signup_pages);
 				if(is_array($pubpage))
 				{
-					$uri = '?first_name='.urlencode($_POST["chargifySignupFirst"]).'&last_name='.urlencode($_POST["chargifySignupLast"]).'&email='.urlencode($_POST["chargifySignupEmail"]).'&reference='.urlencode(md5($user_email.$_POST['submit']));
-					
+					$uri = '?first_name='.urlencode($_POST["chargifySignupFirst"]).'&last_name='.urlencode($_POST["chargifySignupLast"]).'&email='.urlencode($_POST["chargifySignupEmail"]).'&reference='.urlencode(md5($user_email.$_POST['submit'].time()));
+
 					header("Location: ".$pubpage['url'].$uri);
 					exit;
 
@@ -570,7 +692,7 @@ function subscriptionRedirect()
 		{
 			global $wpdb;
 			$sub_ids = json_decode(file_get_contents('php://input'));
-			
+
 			if($sub_ids !== NULL && is_array($sub_ids))
 			{
 				$d = get_option('chargify');
@@ -584,9 +706,9 @@ function subscriptionRedirect()
 						$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE meta_key = 'chargify_custid' AND meta_value = %s", $sub->getCustomer()->getId() ) );
 						if ( $cur && $cur->user_id )
 						{
-							delete_usermeta( $cur->user_id, 'chargify_level'); 
+							delete_usermeta( $cur->user_id, 'chargify_level');
 						}
-					}			
+					}
 				}
 			}
 		}
@@ -595,13 +717,14 @@ function updateSubscription()
 	{
 		$d = get_option('chargify');
 		$u = wp_get_current_user();
-		
+
 		if(!is_array($u->chargify_level))
 			update_user_meta($u->ID,'chargify_level',array($u->chargify_level=>strtotime($u->user_registered)));
-		
+
 		$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));	
 		$connector = new ChargifyConnector($opt);
 		$subs = $connector->getSubscriptionsByCustomerID($u->chargify_custid);
+		if(is_array($subs))
 		foreach($subs as $sub)
 		{
 			if($sub->getState() == 'canceled')
@@ -640,7 +763,7 @@ function displayForm($content)
 				$content = do_shortcode('[chargify]').$content;
 		}
 
-		return $content;	
+		return $content;
 	}
 	function subscriptionPost($content)
 	{
@@ -648,7 +771,7 @@ function subscriptionPost($content)
 
 		//Process full CC single form
 		if ( wp_verify_nonce( $_POST['chargify_signupcc_noncename'], plugin_basename(__FILE__) ))
-		{  
+		{
 			$d = get_option('chargify');
 			$opt = array("api_key" => $d["chargifyApiKey"],"test_api_key" => $d["chargifyTestApiKey"],"domain" => $d["chargifyDomain"],"test_domain" => $d["chargifyTestDomain"],"test_mode"=>($d["chargifyMode"] == 'test'? TRUE : FALSE));	
 			$connector = new ChargifyConnector($opt);
@@ -673,12 +796,12 @@ function subscriptionPost($content)
 				<expiration_year>'.$_POST["chargifySignupExpYr"].'</expiration_year>
 				</credit_card_attributes>
 			</subscription>';
-			
+
 			$user_login = sanitize_user( $_POST["chargifySignupEmail"] );
 			$user_email = apply_filters( 'user_registration_email', $_POST["chargifySignupEmail"] );
 			if(username_exists($user_login) || email_exists($user_email))
 			{
-				$_POST["chargify_signup_error"]['ERROR'] = 'That email address is already in use, please choose another';
+				$_POST["chargify_signup_error"]['ERROR'] = '<span class=\"chargify-error\">That email address is already in use, please choose another.</span>';
 				return 0;
 			}
 			else
@@ -686,7 +809,7 @@ function subscriptionPost($content)
 				$res = $connector->createCustomerAndSubscription($xml);
 				if(strlen($res->error))
 				{
-					$_POST["chargify_signup_error"]['ERROR'] = '<strong>'.$res->error.'</strong>'; 
+					$_POST["chargify_signup_error"]['ERROR'] = '<strong>'.$res->error.'</strong>';
 					return 0;
 				}
 				else
@@ -699,32 +822,32 @@ function subscriptionPost($content)
 					);
 					$user_id = wp_insert_user($args);
 					wp_new_user_notification($user_id, $user_pass);
-					update_usermeta( $user_id, 'chargify_level', array($res->getProduct()->getHandle() => 1)); 
-					update_usermeta( $user_id, 'chargify_custid', $res->getCustomer()->getId()); 
+					update_usermeta( $user_id, 'chargify_level', array($res->getProduct()->getHandle() => 1));
+					update_usermeta( $user_id, 'chargify_custid', $res->getCustomer()->getId());
 					$_POST["chargify_signup_error"]['ERROR'] = '<strong>'.$d['chargifyThankYou'].'</strong>';
 
 					if(!$_POST['return_url'])
 						$_POST['return_url'] = site_url();
 
-					self::login( $user_id, $user_email,$_POST['return_url']); 
+					self::login( $user_id, $user_email,$_POST['return_url']);
 				}
-			}	
+			}
 		}
 	}
 	function metaAccessBoxSave($post_id)
 	{
 		if ( !wp_verify_nonce( $_POST['access_noncename'], plugin_basename(__FILE__) ))
-		{  
-			return $post_id;  
+		{
+			return $post_id;
 		}
-		if ( 'page' == $_POST['post_type'] ) 
+		if ( 'page' == $_POST['post_type'] )
 		{
 			if ( !current_user_can( 'edit_page', $post_id ))
 			{
 				return $post_id;
 			}
-		} 
-		else 
+		}
+		else
 		{
 			if ( !current_user_can( 'edit_post', $post_id ))
 			{
@@ -739,11 +862,9 @@ function metaAccessBoxSave($post_id)
 					$levels[$handle] = $access['drip'];
 
 		$data["levels"] = $levels;
-		
+
 		update_post_meta($post_id, 'chargify_access', $data);
 	}
-	
-		
 
 	function activate()
 	{
@@ -758,7 +879,7 @@ function activate()
 			'chargifyDefaultNoAccess'=>'You are not allowed to see this post. Please upgrade your account to see this content',
 			'chargifySignupLink'=>''
 		);
-		
+
 		if(!get_option("chargify"))
         {
             add_option("chargify",$data);
@@ -798,13 +919,13 @@ function controlForm()
 			$d["chargifyTestDomain"] = $_REQUEST["chargifyTestDomain"];
 			$d["chargifyMode"] = $_REQUEST["chargifyMode"];
 			$d["chargifyNoAccessAction"] = $_REQUEST["chargifyNoAccessAction"];
-			$d["chargifyDefaultNoAccess"] = $_REQUEST["chargifyDefaultNoAccess"];
+			$d["chargifyDefaultNoAccess"] = stripslashes($_REQUEST["chargifyDefaultNoAccess"]);
 			//$d["chargifyThankYou"] = $_REQUEST["chargifyThankYou"];
 			$d["chargifySignupLink"] = $signupurl;
 			$d["chargifySignupType"] = $_REQUEST["chargifySignupType"];
 			$d["chargifyOrderFormPos"] = $_REQUEST["chargifyOrderFormPos"];
 
-			$prods = stripslashes_deep($_REQUEST['chargifyproduct']); 
+			$prods = stripslashes_deep($_REQUEST['chargifyproduct']);
 			//foreach($prods as $k=>$v)
 			//	$prods[$k]['raw'] = $v['raw'];
 
@@ -819,7 +940,7 @@ function controlForm()
 				{
 					if($v['enable'] == 'on')
 					{
-						$product = $connector->updateProduct($k, array('return_url'=>$signupurl,'accounting_code'=>$v['acctcode'],'description'=>$v['description'],'name'=>$v['name']));
+						$product = $connector->updateProduct($k, array('return_url'=>$signupurl,'accounting_code'=>$v['acctcode'],'description'=>stripslashes($v['description']),'name'=>$v['name']));
 						$d['chargifyProducts'][$k]['raw'] = base64_encode(serialize($product));
 					}
 				}
@@ -842,48 +963,53 @@ function controlForm()
 				echo '<a href="#" class="nav-tab" id="messages">Messages and Pages</a>';
 				echo '<a href="#" class="nav-tab" id="help">Help</a>';
 			echo '</h2>';
-				
+
 			echo '<div id="account" class="chargify-options-hidden-pane">';
             echo '<h3>Account Settings</h3>';
             echo '<p><em>Get this information from your Chargify account. Unless you have multiple accounts, the test values for the API Key and Test Domain are likely the same as their non-test counterparts.</em></p>
-            <table class="form-table"> 
-                <tr valign="top"> 
+            <table class="form-table">
+                <tr valign="top">
                     <th scope="row"><label>API Key:</label></th>
                     <td><input type="text" size="40" name="chargifyApiKey" value="'.$d['chargifyApiKey'].'"></td>
                 </tr>
-                <tr valign="top"> 
+                <tr valign="top">
                     <th scope="row"><label>Test API Key:</label></th>
                     <td><input type="text" size="40" name="chargifyTestApiKey" value="'.$d['chargifyTestApiKey'].'"></td>
                 </tr>
-                <tr valign="top"> 
+                <tr valign="top">
                     <th scope="row"><label>Domain:</label></th>
                     <td><input type="text" size="40" name="chargifyDomain" value="'.$d['chargifyDomain'].'">.chargify.com</td>
                 </tr>
-                <tr valign="top"> 
+                <tr valign="top">
                     <th scope="row"><label>Test Domain:</label></th>
                     <td><input type="text" size="40" name="chargifyTestDomain" value="'.$d['chargifyTestDomain'].'">.chargify.com</td>
                 </tr>
-                <tr valign="top"> 
+                <tr valign="top">
                     <th scope="row"><label>Mode:</label></th>
                     <td><input type="radio" name="chargifyMode" value="test" '.($d['chargifyMode'] == 'test' ? 'checked' : '').'>Test <input type="radio" name="chargifyMode" value="live" '.($d['chargifyMode'] == 'live' ? 'checked' : '').'>Live</td>
-                </tr>   
+                </tr>
             </table>';
 			echo '</div>';
 			echo '<div id="products" class="chargify-options-hidden-pane">';
 			echo '<h3>Chargify Product Settings</h3>';
 			echo '<style>.chargify-product{margin-bottom:25px;border:1px solid #dfdfdf;max-width:700px;padding:10px;background:white}.disabled{background:#333}.enabled{background:green}.chargify-product-title{color:white;margin-left:-10px;margin-right:-10px;margin-top:-10px;font-size:18pt;padding:10px;margin-bottom:10px;overflow:hidden}.chargify-product textarea{width:100%;height:6em}.chargify-product input[type="text"]{width:50%}.enablebox{float:right;}.sync{display:none}.outofsync{margin-right:25px;color:#c00}</style>';
 			$products = self::products(true);
+			if(is_array($products))
 			foreach($products as $p)
 			{
 				$sync = 'sync';
 				if($d['chargifyProducts'][$p->id]['raw'] != base64_encode(serialize($p)) && $d['chargifyProducts'][$p->id]['enable'] == 'on')
-					$sync = 'outofsync';	
+					$sync = 'outofsync';
+				$url = $d['chargifySignupLink'].'?plan='.strtolower(sanitize_title_with_dashes($p->getName()));
+
 				echo '<input type="hidden" name="chargifyproduct['.$p->id.'][raw]" value="'.base64_encode(serialize($p)).'">';
 				echo '<div class="chargify-product">';
 				echo '<div class="chargify-product-title'.($d['chargifyProducts'][$p->id]['enable']?' enabled':' disabled').'">'.$p->getName().'<span class="enablebox"><span class="'.$sync.'">Out of Sync</span><input type="checkbox" name="chargifyproduct['.$p->id.'][enable]"'.($d['chargifyProducts'][$p->id]['enable']?' CHECKED':'').'>Enable</span></div>';
 				echo '<div>Name<br><input type="text" name="chargifyproduct['.$p->id.'][name]" value="'.$p->getName().'"></div>';
-				echo '<div>Description<br><textarea name="chargifyproduct['.$p->id.'][description]">'.$p->getDescription().'</textarea></div>';
+				echo '<div>Description<br><textarea name="chargifyproduct['.$p->id.'][description]">'.str_replace('\\','',$p->getDescription()).'</textarea></div>';
 				echo '<div>Accounting Code<br><input type="text" name="chargifyproduct['.$p->id.'][acctcode]" value="'.$p->getAccountCode().'"></div>';
+				echo '<div>Direct Link<br>'.$url.'</div>';
+
 				//echo '<div>Return Parameters<br><input type="text" name="chargifyproduct['.$p->id.'][return_params]" value="'.(strlen($p->getReturnParams())?$p->getReturnParams():'subscription_id={subscription_id}&customer_reference={customer_reference}').'"></div>';
 				//echo '<div><strong>Return URL: </strong>'.$p->getReturnUrl().'</div>';
 				echo '</div>';
@@ -892,16 +1018,16 @@ function controlForm()
 			echo '<div id="signup" class="chargify-options-hidden-pane">';
             echo '<h3>Signup Type</h3>';
             echo '<p><em>How will your site process signups. <strong>NOTE: Most users should leave this set to default</strong>.</em></p>
-            <table class="form-table"> 
-                <tr valign="top"> 
+            <table class="form-table">
+                <tr valign="top">
                     <th scope="row"><input type="radio" name="chargifySignupType" value="default" '.($d['chargifySignupType'] == 'default' || $d['chargifySignupType'] != 'api' ? 'checked' : '').'>Default</th>
                     <td>When a user creates a subscription they will go to Chargify to enter their payment information and be redirected back to this site to see the thank you page</td>
                 </tr>
-                <tr valign="top"> 
+                <tr valign="top">
                     <th scope="row"><input type="radio" name="chargifySignupType" value="api" '.($d['chargifySignupType'] == 'api' ? 'checked' : '').'>API Style</th>
                     <td><strong>Advanced Option: </strong>When a user creates a subscription they will enter their payment information on this site and the account will be created without the user ever leaving the site.<strong><br />IMPORTANT: Since you will be collecting credit card information in this mode you shouldn\'t activate this without having an SSL certificate on your site!</stron></td>
 				</tr>
-<tr valign="top"> 
+<tr valign="top">
             </table>';
 			echo '<h3>Order Page</h3>';
 			echo '<p><em>Choose the page that will display the Chargify subscription order form</em></p>';
@@ -917,14 +1043,14 @@ function controlForm()
 						echo '<strong>Currently: </strong>'.get_the_title(url_to_postid( $d['chargifySignupLink'] )).'&nbsp;<a href="'.get_edit_post_link(url_to_postid( $d['chargifySignupLink'] )).'">Edit Order Page</a>';
 					else
 						echo '<strong>Order Page Not Set</strong>';
-			echo '</td>  
+			echo '</td>
 			</tr>
 			<th scope="row">Order Form Position</th>
 			<td><select name="chargifyOrderFormPos"><option value="top"'.($d["chargifyOrderFormPos"] == "top" ? " SELECTED" : "").'>Top</option><option value="bottom"'.($d["chargifyOrderFormPos"] == "bottom" ? " SELECTED" : "").'>Bottom</option></select>';
 			echo '<span class="description">If there isn\'t a [chargify] shortcode does the orderform get placed on top or bottom of content</span>';
 			echo '</td>
 			</tr>
-            </table>';            
+            </table>';
 			echo '</div>';
 			echo '<div id="messages" class="chargify-options-hidden-pane">';
 			echo '<h3>No Access Message</h3>
@@ -935,11 +1061,11 @@ function controlForm()
 					echo '<td><select name="chargifyNoAccessAction" onChange="jQuery(\'#chargifyNoAccessEditor\').toggle()"><option value="default"'.($d["chargifyNoAccessAction"] == "default" ? " SELECTED" : "").'>Show custom message</option><option value="exerpt"'.($d["chargifyNoAccessAction"] == "excerpt" ? " SELECTED" : "").'>Show post excerpt</option></td>';
 
 				echo '</tr>';
-				
+
                 echo '<tr valign="top" id="chargifyNoAccessEditor" style="'.($d['chargifyNoAccessAction']=='excerpt'?'display:none':'').'">';
-					echo '<td colspan="2">'; 
-						wp_editor($d['chargifyDefaultNoAccess'],'chargifyDefaultNoAccess'); 
-					echo '</td>'; 
+					echo '<td colspan="2">';
+						wp_editor($d['chargifyDefaultNoAccess'],'chargifyDefaultNoAccess');
+					echo '</td>';
                 echo '</tr>';
                 echo '</table>';
 			echo '<hr />';
@@ -947,9 +1073,9 @@ function controlForm()
             echo '<h3>Thank You Message</h3>';
             echo '<table class="form-table">';
 			echo '<tr valign="top">';
-				echo '<td colspan="2">'; 
-					wp_editor($d['chargifyThankYou'],'chargifyThankYou'); 
-				echo '</td>'; 
+				echo '<td colspan="2">';
+					wp_editor($d['chargifyThankYou'],'chargifyThankYou');
+				echo '</td>';
 			echo '</tr>';
 			echo '</table>';
 			 */
@@ -958,6 +1084,9 @@ function controlForm()
 			echo '<h1>Chargify Plugin Configuration Instructions</h1>';
 			echo '<div style="width:50%;display:inline-block">';
 ?>
+			<div class="even"><h1>Documentation: <a href="http://chargifywp.com/documentation" target="_blank">View the documentation</a></h1>
+				Please use the documentation link for the most up to date and step by step instructions on how to put everything together. For your convenience, we have version 1.0 instructions below in case you find them helpful.
+			</div>
 			<div class="even"><h2>1. <a id="click-1" class="click-help" href="<?php echo admin_url('admin.php?page=chargify-admin-settings#chargify-signup'); ?>" onClick="javascript:jQuery('#signup').click();">Choose or have the plugin create</a> the order page</h2></div>
 			<div class="odd"><h2>2. Enter your <a id="click-2" class="click-help" href="https://app.chargify.com/login.html" target="_blank">Chargify API keys</a> into the <a id="click-3" class="click-help" href="<?php echo admin_url('admin.php?page=chargify-admin-settings#chargify-account'); ?>" onClick="javascript:jQuery('#account').click();">Chargify Account tab</a></h2></div>
 			<div class="even"><h2>3. Setup the <a id="click-4" class="click-help" href="https://app.chargify.com/login.html" target="_blank">Return URL and Return Parameters</a> for each product's public signup page</h2>
@@ -974,7 +1103,7 @@ function controlForm()
 			<div class="even"><h2>5. Protect some <a id="click-6" class="click-help" href="<?php echo admin_url(''); ?>">pages or posts</a></h2></div>
 			<div class="odd"><h2>6. Test some transactions with CC number of 1, CVV of 123 and any Expiration in the future make sure the subscription_id and customer_reference are passed back as well as <a id="click-7" class="click-help" href="#">making sure we automatically log in</a></h2></div>
 			<div class="even"><h2>7. After testing the process set your account from test to live in both the <a id="click-8" class="click-help" href="<?php echo admin_url('admin.php?page=chargify-admin-settings#chargify-account'); ?>" onClick="javascript:jQuery('#account').click();">Chargify Account tab</a> as well as the <a id="click-9" class="click-help" href="https://app.chargify.com/login.html" target="_blank">Chargify Dashboard</a></h2></div>
-<?php 
+<?php
 			echo '</div>';
 			echo '<div id="chargify-help-box" style="width:45%;display:inline-block;position:absolute;">';
 			echo '</div>';
@@ -982,7 +1111,7 @@ function controlForm()
          echo '<p class="submit"><input class="button-primary" type="submit" name="Submit" value="Update Options" /></p>';
          echo '</form>';
 		 echo '</div>';
-		
+
 		 $pluginurl = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
 ?>
 <script type="text/javascript">
@@ -990,12 +1119,12 @@ function controlForm()
 		jQuery('.click-help').mouseover(function(){
 			var thing = this.id;
 			thing = thing.replace('click-','');
-			var h = Math.floor(window.innerWidth/2);     
-			var v = Math.floor(window.innerHeight/2);    
-			hh = jQuery(document).scrollTop();     
-			jQuery('#chargify-help-box').css('right','10px');     
-			//jQuery('#chargify-help-box').css('top',v+hh-250+'px');     
-			jQuery('#chargify-help-box').css('top',hh+100+'px');     
+			var h = Math.floor(window.innerWidth/2);
+			var v = Math.floor(window.innerHeight/2);
+			hh = jQuery(document).scrollTop();
+			jQuery('#chargify-help-box').css('right','10px');
+			//jQuery('#chargify-help-box').css('top',v+hh-250+'px');
+			jQuery('#chargify-help-box').css('top',hh+100+'px');
 			jQuery('#chargify-help-box').html('<img style="max-width:100%;height:auto" src="<?php echo $pluginurl; ?>/images/'+ thing + '.jpg" />');
 		});
 		jQuery('.click-help').mouseout(function(){
@@ -1005,13 +1134,13 @@ function controlForm()
 </script>
 <?php
 	}
-	function createMetaAccessBox() 
+	function createMetaAccessBox()
 	{
 		add_meta_box( 'new-meta-boxes', 'Chargify Access Settings', array('chargify','metaAccessBox'), 'page', 'normal', 'high' );
 		add_meta_box( 'new-meta-boxes', 'Chargify Access Settings', array('chargify','metaAccessBox'), 'post', 'normal', 'high' );
 	}
 
-	function login( $user_id, $user_login, $return_url ) 
+	function login( $user_id, $user_login, $return_url )
 	{
 		if(!strlen($return_url))
 			$return_url = site_url();