How to disable users to edit their emails?
We can enable users to edit their names by changing this line "$Configuration['Garden']['Profile']['EditUsernames'] = TRUE;" in config-default.php and configuration.php, but how can i disable users to change their email? When a user's account was stolen by a hacker, and he changed the user's email, how can the user find the password by calling the vanilla sending a email?
0
Best Answer
-
Todd
Vanilla Staff
There are lots of ways you can do this. Two off the top of my head.
- Find the appropriate UserModel event before a user is saved and unset the 'Email' field.
- Copy the
/applications/dashboard/views/profile/edit.phpfile to your theme and remove the Email field from the view.
I'd do a
Gdn::Session()->CheckPermission('Garden.Users.Edit')around whatever you do to allow user admins to still edit email addresses.0
Answers
Maybe i can change this in the edit method in profile controller in dashboard by applying a new rule or by checking the email address is equal to the email post back by the user.Any one help? Thanks a lot.
There are lots of ways you can do this. Two off the top of my head.
/applications/dashboard/views/profile/edit.phpfile to your theme and remove the Email field from the view.I'd do a
Gdn::Session()->CheckPermission('Garden.Users.Edit')around whatever you do to allow user admins to still edit email addresses.Thanks for @Todd 's help.
I added
$this->CanEditUserEmail = $Session->CheckPermission('Garder.Users.Edit');in class.profilecontroller.php after
$this->CanEditUsername = $this->CanEditUsername | $Session->CheckPermission('Garden.Users.Edit');and in
/applications/dashboard/views/profile/edit.phpfile ,i changedecho $this->Form->Label('Email', 'Email'); echo $this->Form->TextBox('Email', $Attributes2);to
` $Attributes2 = array();
if(!$this->CanEditUserEmail) { $Attributes2['disabled'] = 'disabled'; } echo $this->Form->Label('Email', 'Email'); echo $this->Form->TextBox('Email', $Attributes2);`This problem is solved as expected.