Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

How to disable users to edit their emails?

edited December 2011 in Vanilla 2.0 - 2.8

We can enable users to edit their names by changing this line "$Configuration['Garden']['Profile']['EditUsernames'] = TRUE;" in config-default.php and configuration.php, but how can i disable users to change their email? When a user's account was stolen by a hacker, and he changed the user's email, how can the user find the password by calling the vanilla sending a email?

Best Answer

  • Options
    ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    There are lots of ways you can do this. Two off the top of my head.

    1. Find the appropriate UserModel event before a user is saved and unset the 'Email' field.
    2. Copy the /applications/dashboard/views/profile/edit.php file to your theme and remove the Email field from the view.

    I'd do a Gdn::Session()->CheckPermission('Garden.Users.Edit') around whatever you do to allow user admins to still edit email addresses.

Answers

  • Options

    Maybe i can change this in the edit method in profile controller in dashboard by applying a new rule or by checking the email address is equal to the email post back by the user.Any one help? Thanks a lot.

  • Options
    ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    There are lots of ways you can do this. Two off the top of my head.

    1. Find the appropriate UserModel event before a user is saved and unset the 'Email' field.
    2. Copy the /applications/dashboard/views/profile/edit.php file to your theme and remove the Email field from the view.

    I'd do a Gdn::Session()->CheckPermission('Garden.Users.Edit') around whatever you do to allow user admins to still edit email addresses.

  • Options
    edited December 2011

    Thanks for @Todd 's help.
    I added $this->CanEditUserEmail = $Session->CheckPermission('Garder.Users.Edit');
    in class.profilecontroller.php after $this->CanEditUsername = $this->CanEditUsername | $Session->CheckPermission('Garden.Users.Edit');
    and in /applications/dashboard/views/profile/edit.php file ,i changed echo $this->Form->Label('Email', 'Email'); echo $this->Form->TextBox('Email', $Attributes2);
    to
    ` $Attributes2 = array();

         if(!$this->CanEditUserEmail) {
            $Attributes2['disabled'] = 'disabled';
         }
         echo $this->Form->Label('Email', 'Email');
         echo $this->Form->TextBox('Email', $Attributes2);`  
    

    This problem is solved as expected.

Sign In or Register to comment.