[RFC] profile_update hook

Request hook events and what data needs to be sent for the new hook system.
Jhong
Registered User
Posts: 50
Joined: Tue Dec 26, 2006 3:28 pm

[RFC] profile_update hook

Post by Jhong » Mon Aug 23, 2010 9:58 am

Name: hook_profile_update
Rationale: Third-party components can be notified whenever the user updates their profile, or an admin updates a user's profile, and take actions accordingly.
Placement: Currently, this needs to occur in several places:

For updating after a profile change:
In ucp_profile.php, after:

Code: Select all

// Update Custom Fields
For updating after an avatar change:
In ucp_profile.php, after:

Code: Select all

			if (isset($sql_ary['user_avatar']))
			{
				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;

For updating after an admin changes are user's profile:

In includes/acp/acp_users.php, after:

Code: Select all

						add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);	
And also in includes/acp/acp_users.php, after:

Code: Select all

						// Update Custom Fields

However, I have to do it this way right now in order to intercept the appropriate profile information. Ideally you could simplify the attach point.

Input arguments:

string $update_type: whether this is an avatar update, a profile update, etc.
integer $user_id: the user ID
array $before_update: an array of all profile fields before update
array $after_update: an array of all profile fields after update

Output arguments: void.

Related: If the mod wants to modify the profile fields, there should be an additional hook, hook_pre_pfofile_update, that would inject data and return the $after_update array.

gn#36
Registered User
Posts: 8
Joined: Mon Aug 30, 2010 9:09 pm

Re: [RFC] profile_update hook

Post by gn#36 » Fri Sep 24, 2010 6:58 am

I'll post the same thing here: It would also be nice if the "before" hook were able to deny changes alltogether (or reject parts of the changes). A GEO Mod might check the entered location for example, or one might wish to restrict the Homepages to some special domains.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] profile_update hook

Post by EXreaction » Fri Aug 24, 2012 1:57 am

This would be nice for anti-spam modifications if it could reject changes to the profile if certain requirements are not met (like it fails an anti-spam content validation check)

Danielx64
Registered User
Posts: 304
Joined: Mon Feb 08, 2010 3:42 am

Re: [RFC] profile_update hook

Post by Danielx64 » Tue Mar 12, 2013 11:56 pm

There any update on this?

User avatar
rxu
Registered User
Posts: 124
Joined: Tue Apr 04, 2006 4:28 pm
Contact:

Re: [RFC] profile_update hook

Post by rxu » Sun Sep 14, 2014 3:48 am

The problem implementing this request is that ucp_profile.php doesn't hold 'before_update' data but just 'after_update' which users table is updated with.
Actually, 'before_update' data can be obtained within the listener if we place an event before the 'UPDATE' sql query execution.
Image

roelandaernoudts
Registered User
Posts: 7
Joined: Sun Feb 09, 2014 6:25 pm

Re: [RFC] profile_update hook

Post by roelandaernoudts » Sat Oct 04, 2014 11:44 am

Brilliant, exactly what I was looking for :)

Tomba
Registered User
Posts: 13
Joined: Sat Apr 12, 2003 1:59 pm

Re: [RFC] profile_update hook

Post by Tomba » Wed Nov 12, 2014 9:30 pm

Adding my vote on this one.
I have a simple plugin where I check for spamwords in signatures and profile fields when a user tries to update his profile. Changes are allowed, but when spam is detected, my plugin deactivates the account.
I think this event would cover that nicely!

Note that I also activate my code in ucp_activate on line 108, which equals activation of a user (but this may be better as a separate event > viewtopic.php?f=111&t=44941&p=258873#p258873 ).

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] profile_update hook

Post by Pony99CA » Thu Nov 13, 2014 3:43 am

Deactivating an account due to a "spam" word seems a bit harsh. Why not just block the update?

For example, depending on how aggressive your checks are, if you block "Cialis" and I say that I'm an "IT specialist" (emphasis added), you'd deactivate my account.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Tomba
Registered User
Posts: 13
Joined: Sat Apr 12, 2003 1:59 pm

Re: [RFC] profile_update hook

Post by Tomba » Thu Nov 13, 2014 8:13 am

While the reasons for my spamfilter are off-topic here, it's tried and tested.
Blocking the update is totally pointless, as spammers often just paste decent text to post while all spam information is in their signatures.
We've got numerous of these occurrences, sometimes the post is just a half copy of another post by a valid user.
Words have been carefully selected and tested, including detection for cyrillic chars and things like that.

In any case, I'd really like to see this event being added!

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] profile_update hook

Post by Pony99CA » Sat Nov 15, 2014 1:58 am

Tomba wrote:While the reasons for my spamfilter are off-topic here, it's tried and tested.
It's not off-topic if you're justifying the event creation by what I think is a poor use. ;)
Tomba wrote:Blocking the update is totally pointless, as spammers often just paste decent text to post while all spam information is in their signatures.
I'm not talking about just blocking updates to posts; I'm talking about blocking updates to signatures (or any other profile field), too. Instead of deactivating the user, just prevent the profile update from being made. If this event can help block spammy profile updates, I'm all for it.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Post Reply