SMF Development > Applied or Declined Requests

Permission to disable seeing any email addresses

(1/3) > >>

Please add a permission to disable the ability to see any member's email address since by default, the hide_email field in smf_members is set to 0 instead of 1 when a user creates a new account. Or allow us to set the default to "opt in" instead of "opt out" on the membership screen (for having their email visible) using the admin panel.

This is a major security issue for us.

Currently, I have to run a cron job that continually executes "UPDATE smf_members SET hide_email = 1" in order to protect our users.

How do you know that your members didnt allow others to see their mail?

It is hidden by default unless the user ticks it on registration to show email. It only shows all emails to admin regardless of it allowed or not.  Even if you change them the user can still change it back to visible if they wish.

Heres the associated code from the register template:

--- Code: ---/ By default assume email is hidden, only show it if we tell it to.
    $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
--- End code ---

They either skip right over it or don't completely understand the ramifications of that check box. You know how users can be.

I really wish for no one to be able to see anyone's email address at all (except for administrators) since our site deals with extremely sensitive political and controversial topics where privacy is of the up-most importance to protect them.

This is the reason I felt a permission to view any email address would be a very important addition.

You could remove the block of code from the register.template located in themes/default  thus removing the option for the user but still allowing the register.php in sources to still apply the unshown action for this. The user would have to then set it via profile to show email unless you opt to remove the option there also.

For the time being, I have changed the wording in the main language file from:

$txt['allow_user_email'] = 'Allow users to email me';


$txt['allow_user_email'] = 'Show my email address on the forum (not recommended)';

If I change the template, when there are updates then my changes are lost.

Please consider changing that verbiage as it's very unclear. Most of our members thought it meant allow them to receive emails from other members via an interface, not expose their email publicly in the forum.


[0] Message Index

[#] Next page

Go to full version