[d7] User Auth.log Module

Assigning to my self for latter

Hi Kirschbaum,

I have taken the liberty of reviewing your code. For starters, great module. I only have one small recommendation, which is:

line 23 user_authlog.module:
require_once ( dirname(__FILE__) . '/user_authlog_email.inc');

require_once is a statement, rather than a function, and so parentheses aren't required.

Other than that, the module works great. Nice work.

Cheers,
Adam

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxKirschbaum2170431git

I'm a robot and this is an automated message from Project Applications Scraper.

Hi Kirschbaum,

I have been reviewing and testing your module and it works great! It can be very usefull in many contexts. Nice work!

In the future it will be nice to have more data saved in the log table. For example I tried to uninstall a system module and the log don't save witch one. It will be nice to have full data and availability of make queries using filters.

Cheers,
Tomas

@Kirschbaum

I have been testing your module and found 2 warnings.

Sorry I uploaded a wrong file.

Review of the 7.x-1.x branch:

• Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
  

  
  FILE: /home/klausi/pareview_temp/user_authlog_email.inc
  --------------------------------------------------------------------------------
  FOUND 0 ERROR(S) AND 2 WARNING(S) AFFECTING 2 LINE(S)
  --------------------------------------------------------------------------------
   55 | WARNING | Only string literals should be passed to t() where possible
   60 | WARNING | Only string literals should be passed to t() where possible
  --------------------------------------------------------------------------------
  

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

manual review:

1. The 2 automated warnings above are right: you should run the contents of $subject and $body through t() when you assigning the variables, otherwise the strings cannot be found by translation extraction tools.
2. user_authlog_entry_insert(): "When handling data, the golden rule is to store exactly what the user typed. When a user edits a post they created earlier, the form should contain the same things as it did when they first submitted it. This means that conversions are performed when content is output, not when saved to the database." from https://drupal.org/node/28984 , so the check_plain() is wrong here and you will also not need user_authlog_clean_array().
3. user_authlog_page_alter(): you are not actually altering the page, so it looks like you want hook_page_build() instead?
4. user_authlog_user_login(): the check_plain() on the description is useless here, since it does not contain user provided text? Please don't fix issue from automated tools blindly, there might be false positives. Also make sure to read handle text in a secure fashion again: https://drupal.org/node/28984
5. user_authlog_mail_alter(): why are that headers necessary? Please add a comment.
6. user_authlog_form(): the user query will not scale on larger sites with thousands of users. It will also kill your browser performance when you get such a large selectbox. Use a user name autocomplete field instead, like the node edit form for authors for example or something similar.
7. "'#title' => 'Track by role',": all user facing text must run through t() for translation, please check all your strings (all #title for example).

Although you should definitely fix those issues they are not critical application blockers, so I guess this is RTBC. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

Assigning to patrickd as he might have time to take a final look at this.

sorry for the delay

1. The .gitignore file contents don't make much sense in the module folder, what use does it have in your repository?
2. Your installation message tells the user that he has to configure the module first; why does the message not link to the configuration page?

That's nothing critical though..

Thanks for your contribution!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

whoops, sorry! now you got it