How to disable modifying Email in auth.profile()

[Lio]

Hello guys,

In my app I use email as login user name, but I found in app/default/user/profile the email can be modified. This seems to be a risk either the user may lose his account by accidentally change email or hacked by others in some way. The solution I can think of is customize the profile page and hide email field. Is there better practice which show the email but forbid modifying it like the id field of most tables.

regards,

Lio

[Marin Pranjić]

With this line you will disable edit of email field:
db.auth_user.email.writable = False

Email will still be printed in form but read only.

You can remove it completely from form by adding:

db.auth_user.email.readable = False

You should put this lines conditionally, for example in default.py user function:

if request.args(0) == 'profile':

... <lines here>

Else you'll end up disabling email field even in registration page.

Marin

--
 
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[冷春辉]

Thanks Martin, it's a easy solution.

You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/r_2nobzCGyc/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.

[Anthony]

Hmm, I don't think I've seen a site that doesn't let you modify your email address. What if the user makes an error when registering or subsequently changes their email address -- they then have to abandon their account and sign up for a new one?

[冷春辉]

For the first issue of inputting wrong email, this can be solved by email verification. 

For the second concern I agree if the user's email become invalid they will not be able to receive message to this address but they still have his account with the site. Since email will be used as the only identification here, I'm not very confident after changing it couple of times the user won't mess up his memory on the latest email for login.. Anyway, it's still a good point to give some consideration to. Thank you Anthony.

--

[Rob_McC]

Lio:

Not sure if this would be helpful, it was for my app. It seems to work so far.

This allows users to login with

- email
OR
- username

I have a message reminding them they can login with either.

I don't allow changing username, but allow changing email.

I also will remove the Forgot your username, cause they can login with email.

Good luck
R
File:
controllers/default.py


Reference:
 http://www.web2pyslices.com/slice/show/1642/login-with-username-and-email

def user():
 
    if 'login' in request.args:
        db.auth_user.username.label = T("Username or Email")
        auth.settings.login_userfield = 'username'
        if request.vars.username and not IS_EMAIL()(request.vars.username)[1]:
            auth.settings.login_userfield = 'email'
            request.vars.email = request.vars.username
            request.post_vars.email = request.vars.email
            request.vars.username = None
            request.post_vars.username = None
 
        return dict(form=auth())
 
    return dict(form=auth())  

[Anthony]

Since email will be used as the only identification here, I'm not very confident after changing it couple of times the user won't mess up his memory on the latest email for login..

I think you might run into the opposite problem. If someone signs up with myn...@domain1.com but later changes their email address to myn...@domain2.com, once they have no longer been using the @domain1.com address for a while, they might forget that they used it to sign up at your site and get frustrated when they can't log in with their current email address. It's generally easier to remember your current email address than one you used to use at some point in the past.

Anthony

[冷春辉]

Thanks for sharing!

Lio