[JWait]

We are using both, a site that was upgraded from 4.0.x to 4.1.10 and a new site using 4.1.11. No problems with 4.1.11 (but there are some limitations that I will address in a minute), but we did choose not to upgrade the 4.1.10 store to 4.1.11 because of some of the "security improvements" in the process.

Now the limitations. The 4.1.11 version, and the security patches for earlier versions create a scenario where only lowercase letters and numbers 0 through 9 may be used as usernames. This means that a customer can not use their email address, their name (usually capitalized), anything with hypens, dashes, dollar signs, etc, as part of their username. To compound this problem, there is no warning given to the customer other than the "Please make sure you properly filled in all the required fields!" type generic message.

More on this here http://forum.x-cart.com/showthread.php?t=41583

That said, you should probably use 4.1.11 and do the following.
1. Make the modification suggested at http://forum.x-cart.com/showthread.php?t=41583&page=4 ... Post #38.

Make a change in register.php to allow capital letters

Code:

if ((strcmp($uname_tmp, $uname) != 0) || (!preg_match("/^[a-z0-9_-]+$/s", $uname) && $uname != ""))

to

Code:

if ((strcmp($uname_tmp, $uname) != 0) || (!preg_match("/^[a-zA-Z0-9_-]+$/s", $uname) && $uname != ""))

2. Add a notation to skin1/main/register_account.tpl telling the customer to use letters and numbers only (we changed register.php to allow Caps).
In skin1/main/register_account.tpl, find

Code:

<td nowrap="nowrap">
{if $userinfo.login ne "" || ($login eq $userinfo.uname && $login ne '')}
<b>{$userinfo.login|default:$userinfo.uname}</b>
<input type="hidden" name="uname" value="{$userinfo.login|default:$userinfo.uname}" />
{else}
<input type="text" id="uname" name="uname" size="32" maxlength="32" value="{if $userinfo.uname}{$userinfo.uname}{else}{$userinfo.login}{/if}" />
{if ($reg_error ne "" and $userinfo.uname eq "" and $userinfo.login eq "") or $reg_error eq "U"}<font class="Star">&lt;&lt;</font>{/if}
{/if}
</td>

It is after where it says {* NOT anonymous account *}

and change it to

Code:

<td nowrap="nowrap">
{if $userinfo.login ne "" || ($login eq $userinfo.uname && $login ne '')}
<b>{$userinfo.login|default:$userinfo.uname}</b>
<input type="hidden" name="uname" value="{$userinfo.login|default:$userinfo.uname}" />
{else}
<input type="text" id="uname" name="uname" size="32" maxlength="32" value="{if $userinfo.uname}{$userinfo.uname}{else}{$userinfo.login}{/if}" />
{if ($reg_error ne "" and $userinfo.uname eq "" and $userinfo.login eq "") or $reg_error eq "U"}<font class="Star">&lt;&lt;</font>{/if}
{/if}
{$lng.txt_numbers_letters_only}</td>

Added {$lng.txt_numbers_letters_only} before the closing </td>

Then go to admin and in the languages section add the txt_numbers_letters_only variable. We used "(Letters and Numbers only)". This will place this text just to the right of where the customer enters their username when registering, and it seems to work fine.