Jump to content

User Profile Validation!

carlmaundu

By carlmaundu
in Using WHMCS

 Share

Recommended Posts

carlmaundu Junior Member

carlmaundu

Posted
Posted

I want to validate the user profile input <firstname & lastname> so that I can sanitize what the user saves as their firstname and lastname in their profiles to avoid saving them with phishing links, and then use WHMCS to spam user invite emails. 

I have tried to use the ClientDetailsValidation  hook but it is triggered when the client details are updated in the Client Area or Admin Area. The changes in the profile details are not validated using this hook. 

This is the sample code for ClientDetailsValidation.  

<?php

add_hook('ClientDetailsValidation', 1, function($vars) {
    $input = $vars['firstname'] . ' ' . $vars['lastname'] . ' ' . $vars['companyname'];

    // pattern of phishing links or any other malicious content
    $pattern = '/(http|https):\/\/[^\s]*/i';

    if (preg_match($pattern, $input)) {
        // If the input contains a URL, return an error message
        return array('The first name, last name, and company name cannot contain URLs.');
    }
});


The other closest available option, is to use UserEdit  hook,  but it triggers after the user details have been edited, which might be too late for preventing harmful data from being saved.

This is the sample code for UserEdit hook. 
  

<?php

add_hook('UserEdit', 1, function($vars) {
    $input = $vars['firstname'] . ' ' . $vars['lastname'] . ' ' . $vars['email'];

    $pattern = '/(http|https):\/\/[^\s]*/i';

    if (preg_match($pattern, $input)) {
        logActivity('The first name, last name, and email cannot contain URLs.', $vars['user_id']);
    }
});

 

The logActivity function can be used to log the error in activity log, which can be viewed in the Admin Area. However,  it won't prevent the changes from being saved or notify the user of the error.

I am reaching out to this community in the hope that someone might have encountered a similar challenge or have insights into how I can validate user profile details  before they are saved. Any suggestions, advice, or shared experiences would be greatly appreciated.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept