Permission to disable seeing any email addresses

Started by Forumtastic, March 07, 2012, 01:23:15 PM

Previous topic - Next topic

Forumtastic

Please add a permission to disable the ability to see any member's email address since by default, the hide_email field in smf_members is set to 0 instead of 1 when a user creates a new account. Or allow us to set the default to "opt in" instead of "opt out" on the membership screen (for having their email visible) using the admin panel.

This is a major security issue for us.

Currently, I have to run a cron job that continually executes "UPDATE smf_members SET hide_email = 1" in order to protect our users.

Night09

How do you know that your members didnt allow others to see their mail?

It is hidden by default unless the user ticks it on registration to show email. It only shows all emails to admin regardless of it allowed or not.  Even if you change them the user can still change it back to visible if they wish.


Heres the associated code from the register template:
/ By default assume email is hidden, only show it if we tell it to.
    $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;

Forumtastic

They either skip right over it or don't completely understand the ramifications of that check box. You know how users can be.

I really wish for no one to be able to see anyone's email address at all (except for administrators) since our site deals with extremely sensitive political and controversial topics where privacy is of the up-most importance to protect them.

This is the reason I felt a permission to view any email address would be a very important addition.

Night09

You could remove the block of code from the register.template located in themes/default  thus removing the option for the user but still allowing the register.php in sources to still apply the unshown action for this. The user would have to then set it via profile to show email unless you opt to remove the option there also.

Forumtastic

For the time being, I have changed the wording in the main language file from:

$txt['allow_user_email'] = 'Allow users to email me';

to

$txt['allow_user_email'] = 'Show my email address on the forum (not recommended)';

If I change the template, when there are updates then my changes are lost.

Please consider changing that verbiage as it's very unclear. Most of our members thought it meant allow them to receive emails from other members via an interface, not expose their email publicly in the forum.

Illori

if you are using 2.0 there is a form to email someone and their email address is not visible at all, but to the admin.

Forumtastic

Yes, we do use the news letter feature. It's great except it does take a very, very long time (hours) when you have several thousand members. Sometimes it times out in the middle asking the admin to log in again but I figured out a hack way to get it to continue.

Thank you everyone for you help! I do hope they consider my requests for future versions.

Kindred

no... not the newsletter...  the basic members do not see each others emails...  they get a form which sends the email from the system without showing the email address
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

If I try to send Illori e-mail through SMF, this is what I see.

It shows my own e-mail, but apart from Illori's username - nothing else.
My e-mail address will be revealed to Illori if I send e-mail,
but I will only see Illori's e-mail address if Illori replies directly to me.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

CapadY

Beware,

If somebody decide not to make his email visible, He'll always see his OWN email when he is visiting his OWN profile. Independing if it is vissible to others or not.
Please, don't PM me for support unless invited.
If you don't understand this, you will be blacklisted.

shazoo!

#10
Can't you just change the 0 to a 1 in the database?

Advertisement: