Edit own profile set to no.

[upnorth]

Was forwarded here from the vB.com site See thread here
When the "Edit own profile" is set to no in the user group settings and a user that is in this group wants to reset their password they are not able to because the Edit own profile is set to no. Is there any way to change this as I can't allow my users to make changes to there profiles since its in an intranet environment but must allow them to be able to change there passwords.

Anyone know of an easy way to keep the profiles locked down but still allow the user to change/manage their own password?

[Colin F]

Quote:

Originally Posted by upnorth

Was forwarded here from the vB.com site See thread here
When the "Edit own profile" is set to no in the user group settings and a user that is in this group wants to reset their password they are not able to because the Edit own profile is set to no. Is there any way to change this as I can't allow my users to make changes to there profiles since its in an intranet environment but must allow them to be able to change there passwords.

Anyone know of an easy way to keep the profiles locked down but still allow the user to change/manage their own password?

I don't really have time to check this out, but it might have something to do with this:

Code:

if (!($permissions['forumpermissions'] & CANVIEW))
{
	print_no_permission();
}

try changing that to:

Code:

if ($_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword')
{
if (!($permissions['forumpermissions'] & CANVIEW))
{
	print_no_permission();
}
}

Then give them a direct link to profile.php?$session[sessionurl]do=editpassword

Be aware that they might also be able to change there email from that form...

[upnorth]

Thanks Colin. Can you tell me what template this change needs to be on?

[Colin F]

oh of course, sorry

It's a file change, you'll have to open your profile.php in your favourite php/code editor and do what I said above.

[upnorth]

Do you think it would be just as easy to go through the templates and remove the sections that I don't want the user to be able to change and leave the rest?

If I remove the parts I don't want the users to change from the templates will this break the form...ie when the user hits the submit buttom are portions of the code I want to remove needed to fullfill the submit? hope that makes sense.

example would be for the change password /email page has a section to change the password and a section to change the email address. I don't want to allow them to change there address as its a non-standard format that needs to be kept so that it works on our intranet. If I just remove this section from the template do you think the rest will work?

[Colin F]

I assume you could just remove the email part. That would leave it as if it were empty, which works.

[upnorth]

great. I'll give it a try and see if it works.

[upnorth]

Tried the following in the "modifypassword" template:

Code:

<script type="text/javascript" src="clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5)
{
	md5hash(currentpassword, currentpassword_md5);
	// do various checks
	if (newpassword.value != '')
	{
		md5hash(newpassword, newpassword_md5);
	}
	if (newpasswordconfirm.value != '')
	{
		md5hash(newpasswordconfirm, newpasswordconfirm_md5);
	}
}
</script>

<form action="profile.php" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
	<td class="tcat">$vbphrase[edit_email_and_password]</td>
</tr>

<tr>
	<td class="panelsurround" align="center">
	<div class="panel">
		<div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]">
		
		<if condition="$show['passwordexpired']">
			<div class="smallfont">
				<strong>$vbphrase[current_password_expired]</strong>
			</div>
		</if>
		
		<div class="fieldset">
			<div>$vbphrase[enter_password_to_continue]:</div>
			<div><input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" /></div>
		</div>
		
		<fieldset class="fieldset">
			<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
			<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
			<tr>
				<td>
					<div>$vbphrase[new_password]:</div>
					<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
				</td>
			</tr>
			<tr>
				<td>
					<div>$vbphrase[confirm_new_password]:</div>
					<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
				</td>
			</tr>
			</table>
		</fieldset>
<!-- Fred Removed -->
<!--		
		<fieldset class="fieldset">
			<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
			<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
			<tr>
				<td>
					<div>$vbphrase[new_email_address]:</div>
					<div><input type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
				</td>
			</tr>
			<tr>
				<td>
					<div>$vbphrase[confirm_new_email_address]:</div>
					<div><input type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
				</td>
			</tr>
			</table>
		</fieldset>
-->
<!-- / Fred Removed -->
		</div>
	</div>
	
	<div style="margin-top:$stylevar[cellpadding]px">
		<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
		<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
	</div>
	</td>
</tr>
</table>

</form>

But when a user goes to change there password, once they hit the submit button they get the following window pop up saying
"You have not completed all of the required fields: username, password, and email address."

Any ideas how to fix this? Instead of removing this portion of code is there anyway to make the email text boxs etc disabled so that the user see them but can't change the contents inside of them?

I guess if I could find out where this page is being validated I could remove the email part but not sure where this would be done?

[upnorth]

Found a solution to this. Add readonly to the input box's keeps the user from changing the default info in the box and you won't get any errors when the page is submitted.

Code:

<!-- Fred Removed -->
	
		<fieldset class="fieldset">
			<legend>$vbphrase[edit_email_address] ($vbphrase[optional])</legend>
			<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
			<tr>
				<td>
					<div>$vbphrase[new_email_address]:</div>
					<div><input readonly type="text" class="bginput" name="email" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
				</td>
			</tr>
			<tr>
				<td>
					<div>$vbphrase[confirm_new_email_address]:</div>
					<div><input readonly  type="text" class="bginput" name="emailconfirm" value="$bbuserinfo[email]" size="50" maxlength="50" /></div>
				</td>
			</tr>
			</table>
		</fieldset>

<!-- / Fred Removed -->