I had searched the support forums high and low for some fix that would block anonymous users (possible spam crawlers) from reading e-mail addresses in the user information section. Even with the no anonymous access to the Members module, they were still able to see the e-mail addresses of those who had checked to share their e-mail. What I wanted was for those members to be able to share their e-mail addresses with other members, not with anonymous browsers. To fix this I went in to the code of userinfo.php. A rough edit can be made so that only members can view e-mail addresses. Admins/Webmasters of course can still see everyone's email address.

The changes start on line 131 and are in red.

if (is_object($xoopsUser)){
if ($thisUser->getVar('user_viewemail') == 1) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
if (is_object($xoopsUser)) {
// All admins will be allowed to see emails, even those that are not allowed to edit users (I think it's ok like this)
if ($xoopsUserIsAdmin || ($xoopsUser->getVar("uid") == $thisUser->getVar("uid"))) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
$xoopsTpl->assign('user_email', ' ');
}
}
}
} else {
$xoopsTpl->assign('user_email', ' ');
}

This of course will only hide e-mails on the users info page. If anyone has put their e-mail address in a forum/news post, it will still be visible to crawlers. In order to avoid this, javascript must be used to create encoded mailto: links.

This requires that the person not use the email button in the submit form and that the e-mail address not be included in the description of the link. This site provides an excellent way to create these encrypted links:
http://w2.syronex.com/jmr/safemailto/

html also as to be enabled for posts.

I would eventually like to see system-wide email encoding in place where XOOPS uses the javascript encoding by default. Also it would be nice if there was an option in the administration menu to turn off the viewing of e-mail adddresses by anonymous users instead of the the current hack.

If anyone knows of a better way to go about doing this, please share, this is just the quickest and most effective way I have found so far.

Thanks for sharing. I think I will use it as well on my site, because I would hate to see users will get more spammail after registering on my site while having the the 'visible to others' box checked.

Martijn

:) thanks for sharring

and

$xoopsTpl->assign('lang_icq', _US_ICQ);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_icq', $thisUser->getVar('user_icq'));
} else {
$xoopsTpl->assign('user_icq', ' ?');
}
$xoopsTpl->assign('lang_aim', _US_AIM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_aim', $thisUser->getVar('user_aim'));
} else {
$xoopsTpl->assign('user_aim', ' ?');
}
$xoopsTpl->assign('lang_yim', _US_YIM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_yim', $thisUser->getVar('user_yim'));
} else {
$xoopsTpl->assign('user_yim', ' ?');
}
$xoopsTpl->assign('lang_msnm', _US_MSNM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_msnm', $thisUser->getVar('user_msnm'));
} else {
$xoopsTpl->assign('user_msnm', ' ?');
}

and pm

(_SENDPMTO,$thisUser->getVar('uname'))."\" />");
} else {
$xoopsTpl->assign('user_pmlink',' ?');

The ability of anonymous users to see registered user info, not just e-mail addresses, is why I removed the "top Posters", "new users" "recent forum posts" and all blocks like that from my main page for anonymous users. I would love it if XOOPS could display usernames without them being hotlinked to the profile for such cases.

With all the spam we get nowadays, this is crucial. Thanks for the workaround, but XOOPS needs a fix.

Mac T

A similar code modification can be made to modules/news/article.php to remove the link to the posters profile. You could remove the link all together, or like the code I will show below, make it so that only users can see the link, anonymous viewers will see just the name.

on line 214 change it to look like this:


Now in testing this I noticed that it only worked when viewing the article itself, so on the main news page where it lists several articles, this doesn't work.

the news_item.html template uses the variable lang_postedby to grab the link to the profile.

Index.php under the news module contains a line that passes the posters profile link to the template,

$xoopsTpl->assign('lang_postedby', _POSTEDBY);

but I can't find where lang_postedby gets assigned. If someone knows, please share. Can just make a change so that it doesn't contain the link portion.

I think a simpler solution is to restrict viewing of user profiles to logged-in users:

https://xoops.org/modules/smartfaq/faq.php?faqid=282

Thanks.. this was very helpfull.

I think it is a bit odd that it isn't possible to hide the email-field for anonymous users, the same way as the rest of the fields... i.e.: via the profile admin options...

Regards,
Knoedel

I found this odd too. Finally, I was forced to hack the one of the files in the profile module to only show emails if the person viewing was an admin, otherwise, the email does not show. I have also checked no to "allow others to see my email" as the module's default and hidden that field from view in the member's profile. This is with XOOPS 2.2.4. Oh the things one can do with 2.2.4!

Currently, the profiles are viewable to the public and public can contact the member via another hack that will send an email out from the system - never exposing the member's email. Works great. Everybody except the email harvesting bots are happy. I wouldn't begin to know how to hack 2.0.16 though. But I've learned that just about anything is possible with XOOPS.


Quote: