userid change in the url after completing registration
By vivalditec on Friday, 24 January 2014
Posted in Technical Issues
Replies 6
Likes 0
Views 728
Votes 0
/community/registration/completed/1?userid=1000 change the userid to 1200 or what ever and you will see that user e-mail address , is this going to be fixed , have it hashed or encrypted at least so it can't be looked up that easy. or simply tell me where I can change it so it just says "activation code has been sent to your e-mail address" instead showing the actual e-mail
Hi,

Sorry for that.

Currently you go to the file /components/com_easysocial/themes/wireframe/registration/default.complete.verify.php and modify line 27 to move the user's email address.
Jason Rey
·
Saturday, 25 January 2014 12:29
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello,

Hm, I am sorry but I don't quite get you here. Can you please elaborate more on your issues please?
Mark
·
Friday, 24 January 2014 22:50
·
0 Likes
·
0 Votes
·
0 Comments
·
once you have registered , you get this url up in step 3 https://vivaldi.net/community/registration/completed/1?userid=190 , here you can change the userid to anything and you will get the e-mail address of that user which he used to register on the site. Easy for spammers to get all the e-mail of everyone that has ever registered to the site.

my point is this should be hidden and not exposed to everyone that thinks of changing the userid in that url.
vivalditec
·
Friday, 24 January 2014 23:51
·
0 Likes
·
0 Votes
·
0 Comments
·
I'm sure the StackIdeas team can provide us with a quick fix.

Perhaps let us know which file to edit so that the email is not revealed until a better solution is put in place.
Peter
·
Saturday, 25 January 2014 03:53
·
0 Likes
·
0 Votes
·
0 Comments
·
thank you , this works for us
vivalditec
·
Monday, 27 January 2014 17:14
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome
Mark
·
Monday, 27 January 2014 18:35
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post