Dear All,

how can i disable all the vCard..????????????
i don't want it to be seen in the user profile ....

Edit the memberinfo template. ;)

thank u very muchhhhhhhhhhhhhhhhhh Boofo

Edit the memberinfo template. ;)

Exactly what lines from memberinfo should be removed in order to take out the vCard option?

Thanks in advance for your help.

Remove this:

<if condition="$userinfo['showvcard']">
<td class="vbmenu_control"><a href="member.php?$session[sessionurl]do=vcard&amp;u=$userinfo[userid]" rel="nofollow">$vbphrase[download_vcard]</a></td>
</if>

This just came up in my forum. My question is how can we disable it from being seen in the member profile 'Contact Info' tab? And how to reset everyones to NO in the database.

For new registrations - vboptions > user reg options > default options > Allow vCard Download - don't put a checkmark next to it.

Change everyone's options in Executre SQL Query > select the dropdown for changing the vCard option. (You may have to add your userid into the config.php file to allow you to perform queries.)

Thanks for the reply. I know this is an old thread. I had a 'breach' early this morning where someone used a vCard to get someone's email address and connect the person to their employer. I readily admit I had never used a vCard, and had absolutely no idea that it carried the email address a person registered with. I've been using vBulletin since 2001, so call me really, really stupid. As I sit here I can't believe I didn't know what was in a vCard after all these years.

I did what you recommended about 4.30 this morning to close the hole. I also edited the text in the registration and options to boldly tell people if they do turn it on their email address will be available to the public.

sorry for the bump but this issue is still unresolved to this day, even in vb4

that whole vcard feature is extremely .... broken, to say the least

there's no warning addressed to users that their email might be publicly visible
crawling bots can harvest the emails and spam
and most of the time, admins don't even know about this feature

should be globally disabled by default and the option to enable it globally should warn the admin about the security risk

You can set that up in AdminCP > Settings > Options > User Registration Options > Default Registration Options

You can set that up in AdminCP > Settings > Options > User Registration Options > Default Registration Options

I think you missed my point, users still have the choice to enable it, without knowing spam will follow.

I was talking about a way to disable it globally as in users not being able to enable it at all.