Make 'Contact Us' Name & E-mail fields uneditable for log'd in members

Hello.

For those of you who have public forums with members who may become future-banned members, because they have too much time on their hands, this is one area of the forum's E-mail system they won't be able to play with.

What I mean is, currently, the 'Contact Us' form's member's 'username' and 'E-mail' fields can be overwritten such that the admin can receive E-mail with the incorrect 'reply to' info if someone monkey's with the username and/or put's someone else's E-mail address in the field. This can cause some unknowing person to receive unwanted E-mail from the admin.

This 'playfulness' is expected from random 'guests'. Therefore, in order to restrict this behavior to 'guests' only, here is the code to make these fields 'uneditable' for logged-in members, since their profile values are automatically filled-in by the system. At least, they won't be able to 'play' here...


Locate the 'name' section of code. Modify with this:

PHP Code:

<!-- begin revision -->
<if condition="$show['member']">
                        <input type="text" class="bginput" name="name" value="$name" size="50" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <input type="text" class="bginput" name="name" value="$name" size="50" />
</if>
<!-- end revision --> 


Next, locate the 'email' section of code. Modify with this:

PHP Code:

<!-- begin revision -->
<if condition="$show['member']">
                        <input type="text" class="bginput" name="email" value="$email" size="50" dir="ltr" readonly="readonly" /> &nbsp;(uneditable)
<else />
                        <input type="text" class="bginput" name="email" value="$email" size="50" dir="ltr" />
</if>
<!-- end revision --> 


NOTE: the difference in the 2 '<input...> statements is the 'readonly' attribute and a field message that lets members know those 2 fields are 'uneditable'.


Hope this helps.

EDIT: Make change to 'contactus' template

EDIT (11/15/05): CHANGED from 'readonly' to readonly="readonly" to make compliant although the original version works. The text file download was also updated.

[Oblivion Knight]

Quote:

Originally Posted by timetunnel

The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.

I guess I should have tested it a bit more, huh?

Ok, so another way around it is to mimic the text colour of a disabled field..

HTML Code:

style="color:#7C898A" readonly="readonly"

[Oblivion Knight]

Quote:

Originally Posted by timetunnel

Also, re: item 3, if the fields are 'readonly', how can the input be faked?

I know this is rather old now, but for anyone wondering..

HTML Code:

http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com

Et voila.. Faked input.

[Nathan2006]

Great idea

Thank you

Install

[Doc.Blade]

*Clicks Install* Nice work!

[Tralala]

Quote:

Originally Posted by Oblivion Knight

I know this is rather old now, but for anyone wondering..

HTML Code:

http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.com

Et voila.. Faked input.

So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!

[Oblivion Knight]

Quote:

Originally Posted by Tralala

So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!

Most users wouldn't think to even try and bother faking the input.

Only those that know a little about site scripting may attempt it, but even then, unless they have reason to do so they probably wouldn't bother trying..

[mrkhm]

very simple hack, works in vb 3.6.4 *installed