I am submitting a patch to roledelay so that the admin can choose whether the time should start upon registration or when logintoboggan validates. This latter option is necessary when logintoboggan logins after registration with a non-authenticated role -- otherwise spambots could get in simply by waiting after registration and never validating. Adding a simple module_invoke_all is all roledelay needs from logintoboggan.

CommentFileSizeAuthor
#11 logintoboggan.hook_.patch1.24 KBmfb
#10 logintoboggan.module_17.patch680 bytesmcarbone
#3 logintoboggan.module_16.patch579 bytesmcarbone
logintoboggan.module_15.patch581 bytesmcarbone

Comments

Gary Feldman’s picture

Gary Feldman commented

Notwithstanding the function being called logintoboggan_validate_email, it feels like the operation here should be called update, and not validate. That would seem more consistent with the operator usage for hook_user.

This also feels very specific. Isn't the hole closed if you disallow immediate login?

mcarbone’s picture

mcarbone commented

That would close the hole, but then it wouldn't allow immediate log in, which is a popular option, I think. Should I resubmit with your suggested change in terminology?

mcarbone’s picture

mcarbone commented
StatusFileSize
new logintoboggan.module_16.patch579 bytes

Patch modified to use 'update' as the hook op rather than 'validate.'

hunmonk’s picture

hunmonk commented

are we sure we want to use a structure similar to hook_user? i'm wondering if a specific hook name w/o the $op arg would be better in this case or not. thoughts?

Gary Feldman’s picture

Gary Feldman commented

For that matter, would it work to just invoke the existing hook_user mechanism with the 'update' $op? At an abstract level, it makes sense to say that hook_user('update',.. should be called any time a user account is changed, and this is certain such a case.

hunmonk’s picture

hunmonk commented

+1. i like that approach much better. user module is a required core module, so invoking a user module hook in LT should always work.

p_palmer’s picture

p_palmer commented

do you have a patch for comment #5 or #6 ?

mcarbone’s picture

mcarbone commented

I'd be happy to implement the change as recommended in #5, but then I need a bit of advice: where would be the proper place to store the information that the update is LT-related specifically? For the purpose I described above (roledelay being alerted when verification is done), I would need to know that information above and beyond the fact that the user has been updated.

hunmonk’s picture

hunmonk commented

can't you add something to the $user object before you invoke the hook?

$user->logintoboggan_email_validated = TRUE;

something like that, maybe?

there might be a better way to do it. just thinking out loud...

mcarbone’s picture

mcarbone commented
StatusFileSize
new logintoboggan.module_17.patch680 bytes

OK, implemented the change suggested in comment #5 with hunmonk's suggestion.

mfb’s picture

mfb
they or he
commented
Version: 4.7.x-1.0 » 5.x-1.x-dev
StatusFileSize
new logintoboggan.hook_.patch1.24 KB

Here's the same patch for drupal 5 branch.

dgtlmoon’s picture

dgtlmoon commented
Status: Needs review » Reviewed & tested by the community

I tested patch from #10 and it worked fine on latest 4.7.

im guessing $account->logintoboggan_email_validated only is set when they validate as this is not placed as a saved user variable


function um_helper_user($op, &$edit, &$account, $category = NULL) {
  switch($op) {
    case 'update':
      // implements http://drupal.org/node/110026
      if ( $account->logintoboggan_email_validated ) {
        // do something
      }
    break;
  }
}
hunmonk’s picture

hunmonk commented
Status: Reviewed & tested by the community » Needs review

im guessing $account->logintoboggan_email_validated only is set when they validate as this is not placed as a saved user variable

correct. we're not even putting that variable into the global user object, so it's only really available to modules making use of the 'update' op of hook_user. i like it being this insulated.

i do have a few minor concerns about the current patch:

  • the only other contrib module that invokes this update hook is invite module, and it's handled like this:
    // Notify other modules of changed user
$edit = array('roles' => $targets);
user_module_invoke('update', $edit, $invitee);

    perhaps we should also put logintoboggan_email_validated into the $edit array as opposed to the user object?? not sure about that, just speculating...

  • the main use of the hook_user() 'update' op is for saving the user editing form at user/x/edit. it's possible that some modules responding to this hook will have problems with an empty $edit array. it would ultimately be a problem for the other modules to work out, since they wouldn't be using strict enough code for their 'update' op, but expect possible breakage in other modules if we make this change.

thoughts on these?

mcarbone’s picture

mcarbone commented

1) It works either way, and either way, the module taking advantage of the extra data will have to inspect the code to know what to look for.

2) The only alternative I can think of is to fill the $edit variable, which is sort of ridiculous. Or we go back to something like the original patch, with logintoboggan making its own hook -- then we don't have to worry about adding a new interpretation of what a hook_user 'update' means.

hunmonk’s picture

hunmonk commented
Status: Needs review » Fixed

committed to drupal 5 and HEAD. i won't add this to 4.7, as it's a feature and not a bugfix.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)