thanks. iionly. using it for another one of my projects

Hi iionly,

I think that we have now an mutual understanding, thats great. I wait and see what will come out of this. I myself am a very beginning Elgg programmer. Im now working on a sort of HTML5 App read more in my blog (in Dutch i am affraid).

Something horrible happened. I haven't touched my site in a while and then I noticed a huge amount of spam. The problem is that I can't delete blogs, users or user points. When ever I try I get a complaint: "Fatal error: Unsupported operand types in /home/www/???/elgg/mod/elggx_userpoints/start.php on line 338"

Strange that that the spam bots have gained the same badges many times - even on different days (multiple same river:award:user:default -awards for the same user). Five bots have bombed hundreds of spam blogs, could that mix everything up?

I'm starting to think this isn't compatible with ELGG 1.8.9

I can't even reset the userpoints or even browse them after the first page. Admin - utilities - elggx_userpoints works but elggx_userpoints?=5 does not.

The user points for admin (me) says ARRAY

Everything worked great last year!!

I don't think there are any compatibility issues with Elgg 1.8.9 or newer. Elggx Userpoints works fine for me even on 1.8.12 (not yet installed Elgg 1.8.13).

As you mentioned problems with getting the users deleted (timeouts), the ARRAY issue could be caused by some faulty / incomplete entries from these users currently remaining in your database (though I'm not sure right now why the ARRAY should show up for the admin user). The fatal error reported to occur in line 338 of start.php of the userpoint plugin might also be a side-effect of the user deletion in connection with the timeouts. Also the problem with resetting the userpoints and the "elggx_userpoints?=5" page not showing up could be caused by faulty database entries.

I would suggest getting the spam accounts deleted first to find out if any problems with the userpoints plugin remain afterwards. Then it might also be easier to find out what exactly might be wrong if anything at all.

The timeout issues might have resulted in a database table defect. I would suggest to take a look on your database for example with phpmyadmin. If there are any errors in a database table reported let phpmyadmin repair them.

If possible increase max_execution_time and max_input_time variables in php.ini for the delete process. This will give the server a bit more time before the timeout happens, i.e. more work getting done in one go.

You might also want to temporarily disable the options "Allow points to be deleted" on the Userpoints plugin settings tab and "Delete points if the content they were awarded for is deleted" on the Points settings tab while deleting the spam accounts. It might decrease the time for user deletion at least a tiny bit (and when deleting the user the whole userpoints connected to the account get deleted anyway). The userpoints deletion is also what triggers the fatal error on line 338 of userpoints start.php. Why the fatal error occurs is something I can't tell you right now. I might happen only because something is not right with the user accounts involved.

You might also want to try out the database validator plugin: http://community.elgg.org/plugins/438616/1.3.1/database-validator. Use version 1.4 for Elgg 1.8. You can make at least a verify run now (and surely after finishing deleting the users). If necessary you might also want to make a repair run. But this might also result in a timeout if the execution time for scripts is set too low. Therefore, only run repair if there are any errors reported with verify and make a database backup before doing the repair.

Hi I like this plugin after just coming across it.  I just wanted to suggest a possible idea although I doubt it is very feasible due to the way plugins and elgg work at present.

It would be great if there were a way to also make it so that certain actions will automatically take away points.  For instance posting a link in a profile or in a comment. The idea has many uses but one possibly interesting use might be to use it as a sort of anti-spam feature.  Users would optionally only be able to do things such as post links to external sites and bookmarks after contributing to the site in other ways first and their ability to do these activities would constantly be kept in check by the amount they are contributing. 

now that's interesting;
the typical 'member' that posts (~lots of0 links (anywhere) are *spammerz !
soo... the more -ve points they collect -->
the higher likelihood they're spammers..
could be *a way to auto-detect spammers peeps!

@Dhrup, you going to make extension for this plugin? The majority of people who come to a site dont start dropping links left and right unless they are a spammer...so if they gather points for that quickly and you can enforce a auto-ban somehow and remove the account from the db automatically, I could see it being useful otherwise your memberlist is going to grow full of spammers, you would be inviting them in basically...

@DhrupDeScoop, That's the idea.  Instead of the points just being something cute, make it a sort of virtual currency where positive actions earn you points and doing certain things (particularly posting links anywhere but make this configurable for flexibility) cost points.  You could give each new user who verifies 5 points initially.  Blog posts without links cost say 1 point (but ideally all point values would be fully configurable) but also after X days/hours of the blog post staying up and not being deleted (to give you time to catch any initial spam so you don't end up awarding points to spammers immediately) they automatically earn the user 5 points.  For each link within a blog post it costs a user 10 points.  If an admin deletes a blog post it costs the user any point value initially awarded plus -100 points.  Once the user hits negative points they won't be able to do things such as post links, make comments, make blog posts etc. assuming you have those activities set up to cost points (it would be up to the admin what they want) so a spammer is stopped dead in their tracks.  It's like beign broke and having no money.  You can't do anything. :)  Since you can also do things with elgguserpoints such as award points for logging in having negative points wouldn't necessarily be permanent if a legit user accidentally got caught.  Over time by logging in they could eventually have positive points again. ---- There are lots of ways to do something like this and many possibilities for sure.

I don't think that an anti-spam solution based on userpoints would make much sense. Why? Because spammers surely don't care about userpoints ("Ohhh! I have minus 154 userpoints so I better stop now") or in case of spambots such a solution would be completely ignored anyway. The spammers / spambots will simply post as much as they want to or are able to do so. If they can no longer use an account they will simply create a fresh account if they are not stopped from doing so. Anti-spam measurements should concentrate on keeping the spammers out in the first place - and there are Elgg plugins for this available!

And what would be the sense in putting the points award on hold (or even substracting userpoints) until an admin has checked it out? If the posting does include indeed a spam link, you would delete the posting anyway. Or you would most likely delete the whole account totally. You can already configure the userpoints plugin for points to get deleted when the corresponding entity is deleted. If you delete the whole account the userpoints of this account are removed also. If you want to make sure (by human moderation) that the userpoints are awarded for something good, then you can set the userpoints to be awarded by moderation only. So, it's not necessary to add any additional complex algorithms of temporarily assigning negative points. Moderation of userpoints simply delays the awarding until approved.

Deciding about "good" or "bad" links is something that seems to me has nothing to do with userpoints neither. If you don't want your users to include links in their postings at all, then filter them out. And the userpoints plugin can surely not decide on its own if a link is good or bad - that's for the admin to decide.

Instead of deciding if a user is a spammer or not based on links included in postings I think it's better to take into account the overall posting habbits of the user. A normal user might post a single bookmark or blog at a time. If this posting contains a link it's quite likely a "good" link. But if someone posts a lot of stuff in a very short time, it's more likely spam. So, what to do in this case? Maybe simply use: http://community.elgg.org/plugins/821368/1.5/spam-throttle-18x.

@iionly Well it's your plugin so it's up to you. :)  But the idea would be that if the user (spammer) starts out at say 5 points and tries to post anything with a link and this costs 10 points then the spammer would never be able to post a link right from the start.  If the spammer "gets smart" and figures out that they need to try to build up points by doing activities which build up points then you would still have the amount of time in the configurable delay to catch them.  If they say make 3 blog posts without links and you catch this and delete those three posts and each occurance deducted 100 points penalty + 2 points which would have been awarded to them for the post (102 points total) then this would put them at -306 points.  If it costs points to do anything like post a comment or make a blog post then this means the spammer can do nothing, for now.  You could also extend this and use Kimberly!'s idea and make it so after -X points (make this configurable) the user is automatically deleted.  If we set the threshold at "-300"  for auto delete then this means the spammer will be auto deleted.

So to recap:

1. The spammer not once was able to post a single link on your site.  Even if they register 500 accounts. (makes it more likely for them to give up).

2. The spammer was limited to only posting a couple blog posts or comments because they only had five points by default and posting that content cost a point or two each (even without links).  Once they got to zero points they could do nothing more in the way of posting content.  At least until they earn more points.

3. Since there is a delay of X days/hours before the spammer was awarded points for those couple blog posts/comments this gave you the admin some time to notice the spam content (still without any links) and remove it.

4. You deleted the spammer's harmless couple pieces of content (with no links) giving them negative points and triggering them to be auto-deleted (and perhaps IP banned and reported to stopforumspam and others by the login-spam-filter plugin?)

At the same time legitimate users won't be affected by this at all as they would have built up ample points to "pay" for any questionable actions such as posting external links.  It's not that I don't want my users to be able to post external links and bookmarks.  I do!  But I only want to allow legitimate users to do that and not spammers, see? :)

I use the spam-login-filter plugin but unfortunately many still get through.  This would help limit the damage they can do (in a more intelligent way than a static throttle plugin which applies to all users, even the known contributors) and perhaps more importantly limit their success removing the incentive to further attempt to spam my site.

The weakpoint is the requirement for an admin to catch it before the user is awarded points for any actions but perhaps later this could be covered by a type of community moderation (digg like system or perhaps WOT) on a busy site where trusted users with a lot of points can flag spam and remove points from spammers thus cutting them off without any admin intervention and removing their ability to spam or maybe even delete their account automatically and IP ban them.

Regarding the spam throttle plugin let us say I have a user who has 100 points from posting 10 good videos on my site (they get 10 points for each video they post let us say).  Let's say this is implemented and I make it cost 10 points per external link posted anywhere on the site.  This means they can only post 10 external links because that's all the points they have.  To post more links they have to build up some points by performing other actions.  It's balanced. :)  If the user had 1,000 points then they would have more leeway and that's good as they should be more trusted..

With a static throttle plugin let's say I limit them to ten posts a day.  Would I still necessarily want them to be able to make 300 posts (10 per day)over the course of a month each with 50 external links and 15,000 new external links?  Most likely not!  Compare to above. :)  Also you are limiting your good users.  Should we really limit someone with 10,000 points and years of contributions to 10 posts a day??

Your userpoints plugin has a lot of potential and many other possible uses where it could be extended.  For instance maybe someone will want to use points to determine who gets access to a certain group so that only good contributors get access to a special area?  There are a ton of possibilities.

@gtsfan - So then a better idea for the extended plugin would be called; 'trust' or something. In order to get trust you have to get positive points. A certain amount of negative points would get you auto-banned & reported for misuse. Trusted members could have email verified/mobile phone somehow or some other form of trust gained for positive points maybe? Those members who have trust have special T icon by their username for trust and are on the safelist.

very nice plugin

hello

I am facing a problem in both approved or moderated in plugin setting tab , I have to apporove points in moderate tab please help

Hello everybody and thank you for this plugin!

However, I have problems with tidypics (integration), no points are awarded... I assume the new release of tidypics no longer supports the "tp_album" event and I have no clue how to fix this. If someone knows and is enough kind to share...

Thank you very much in advance!

Ok... I solved this issue, with a work around, thanks to gitorious.org, but I am sure that what I did defeats the latest tidypics' development coding standard - and this is why I will NOT post it here, to avoid having the developers here throwing stones towards me ;)

However I hope that someone will finally post the "elegant" solution (if someone has the same issue and can't fix it, PM me).

@gtsfan: in case I have some time at some point I might try to implement something according the lines of an "anti-spammer userpoints plugin" - but this will not be part of the Userpoints plugin itself. Also, don't expect this soon as I would rather finish some other projects I've already started first and I don't know if something useful will come out of it anyway. The spam-throttle plugin seems already capable of handling almost exactly the tasks you are looking for anyway. The only exception might be that it doesn't parse the content for links but rather works on the number of postings alone. Still I think this will fully okay to stop most spammers anyway. Additionally, you can also make your good users to trusted users with the spam-throttle plugin. So, they won't be affected by the limits.

@itport: without testing I think the problem with userpoints not getting added for new albums is the fact that there's no longer a "create" event triggered within Tidypics when a new album gets added. I don't know if the same is true for adding images or if this userpoint action might have been independent of a trigger anyway (I would need to check the code of the userpoints plugin to say for sure). There should be two ways to solve this problem: either modifying the userpoints plugin accordingly or adding the trigger again in the Tidypics plugin. May I ask which option you have chosen to get it to work again?

As a sidenote: I've started working on the Tidypics plugin as I don't expect anymore a feature-complete version to be released in the foreseeable future. This does not mean that I will be finished anytime soon either as I can only spare a little time working on Tidypics. Anyway, I will surely make sure that the userpoints will work as intended for the Tidypics plugin again once finished (either implemented within Tidypics or by updating the userpoints plugin if necessary).

@shehbaz: what exactly is your problem? Does the approval of userpoints fails or do you want to get the points to be approved automatically? In case you don't want to moderate the points, then set the "transaction status" setting to "Approved" on the plugin settings tab (and save the settings).

@iionly: Thank you for your promt answer!

[quote]There should be two ways to solve this problem: ... or adding the trigger again in the Tidypics plugin. [/quote]

This is exactly what I did: added it back!

Great to hear you will deal with tidypics as well, I wish you success!

For some odd reason, with this plugin enabled, I get white pages for example, I turned on the 'display of fatal php errors' from the develop/settings in the admin panel, I receive this when I try to comment on a photo:

Fatal error: Unsupported operand types in /home/public_html/mod/elggx_userpoints/start.php on line 338

What does this mean, and is there a way to fix it? Using elgg 1.8.13

@Kimberly: Line 338 in start.php is where the userpoints for an action are added to a user's userpoints balance. Do you see any pattern between the actions (commenting or doing something else which gives you userpoints) and the error turning up? Does the userpoints of the user shows any anomalies, i.e. do you see a userpoints number on the user's profile page that seems okay? Have you defined the number of points to be awarded for these actions that show the error in the userpoints plugin configuration?

Had this working fine for a few weeks, and yes its configured for points on every action. I see no system message coming up anymore saying points were awarded, instead it just goes to a blank screen, have it disabled now, but it still does reward points if you check profiles or go into the settings/logs for the user it shows they were awarded points for actions. One other thing I noticed is that sometimes for profiles, like my own, in the admin panel, it says 'Array' instead of the # of points, have seen that on the actual profile pages also for a few different users.