WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Prevent User from changing email address (6 posts)

  1. Vince2006
    Member
    Posted 6 years ago #

    I've Googled this and can't seem to find an answer. Does anyone know if there is a way to modify the admin area so that a user cannot modify the email address in his or her profile?

    I have a client that assigns addresses to different help desk employees but if an emaployee is fired, the owner / admin doesn't want the ex-employee to be able to retrieve an updated password.

    I have tried to set the email field to disabled but then when you save the updated profile, WP prompts you for an email address even though there is already one on the field.

    I know I can also disable the retrieve password fieled as well but I'd prefer to just disable the ability for a user to change his / her email address in that field.

    I assume perhaps there is a hack similar to the code used to disallow a user to change his / her password but I can't find a solution anywhere to prevent the user from modifying his / her email address.

    Thanks,

    Vince

  2. progresst
    Member
    Posted 6 years ago #

    Hi,

    I was able to do this by opening up the wp-admin/profile.php and on line 79 change the email input box to disabled.

    Before:
    <input type="text" name="email" id="email" value="<?php echo $profileuser->user_email ?>" />

    After:
    <input disabled type="text" name="email" id="email" value="<?php echo $profileuser->user_email ?>" />

    This will essentially "grey" out the box so that they can see it but cannot change it.

    Hope this helps.

  3. Vince2006
    Member
    Posted 6 years ago #

    Progresst, thanks for your reply but when I modified the code as you proposed, and then tried to save the profile info by clicking 'Update Profile' I get an error from WordPress stating,

    "ERROR please type in an email address"

    I then figured out another way to accomplish what I needed.

    Look for:

    <input type="text" name="email" value="<?php echo $profileuser->user_email ?>" /></label>

    and change "text" to "hidden" as in:

    <input type="hidden" name="email" value="<?php echo $profileuser->user_email ?>" /></label>

    and to further customize it, I removed the line above it that says:

    <label><?php _e('E-mail: (required)') ?>

    so that no reference to email appears in the profile.

    Obviously this is not something everyone will want to do but my client handles all of the authors email address info from admin using user-edit.php so that authors that are no longer employed by the company can modify their email addresses or retireve login passwords by use of the retrieve lost password feature.

  4. Aaron Harun
    Member
    Posted 6 years ago #

    As a warning, it is easy enough to use a DOM editor (eg firebug in firefox) to re-enable the input and change the email address.

  5. Vince2006
    Member
    Posted 6 years ago #

    Aaron, Do you know if there is a way to prevent that from occuring?

  6. Aaron Harun
    Member
    Posted 6 years ago #

    This isn't a clean fix, and I would suggest trying to find a better way but off the top of my head I don't know of a better way.

    open: /wp-admin/includes/user.php
    Find: `if ( isset( $_POST['email'] ))
    $user->user_email = wp_specialchars( trim( $_POST['email'] ));`
    Replace With:

    if ( isset( $_POST['email'] ) && $user_id != $current_user->id){
    	$user->user_email = wp_specialchars( trim( $_POST['email'] ));
    }else{
    	$user->user_email = $userdata->user_email
    }

    Basically, if any user tries to edit themselves it won't let them. This includes the administrator, so you might want to use the following. (Change '1' to the Administrator's id.)

    if ( isset( $_POST['email'] ) && ($user_id != $current_user->id || $current_user->id == 1)){

Topic Closed

This topic has been closed to new replies.

About this Topic