Support

  1. PhoenixUK
  2. Support
  3. Friday, August 19 2016, 04:18 PM
Hi There,

I have an 'Account Security' group with some security question fields that end users answer when registering their account with my site.

However, once they're registered and they go in to their profile - these answers are fully open to see. Ordinarily this may not seem much of an issue but it can be for sure.

I am wondering if there's any known way that can work with EasyProfile to have these specific fields retain the answers given by the end users for super admins to see but in the end users profiles, these specific fields are replaced with ******* asterisk characters to further aid security of such critical account security question answers?

I look forward to hearing from you.
PhoenixUK Accepted Answer
Pro
Content Protected
  1. more than a month ago
  2. Support
  3. # 1
admin Accepted Answer
Admin
Hi,
However, once they're registered and they go in to their profile - these answers are fully open to see. Ordinarily this may not seem much of an issue but it can be for sure.

you can simply not show these fields in profile page. Admins can continue to see these from Backend.

I am wondering if there's any known way that can work with EasyProfile to have these specific fields retain the answers given by the end users for super admins to see but in the end users profiles, these specific fields are replaced with ******* asterisk characters to further aid security of such critical account security question answers?

There are many ways to do this, and all complex.
for example, instead show fields directly you can use delimiter field type with some Content Plugin like Sourcerer (https://www.regularlabs.com/extensions/sourcerer).
You can put in delimiter some code like this:

{source}
<?php
$owner_id=JFactory::getApplication()->input->get('id',JFactory::getUser()->id); // ID of owner of profile page
$owner=JsnHelper::getUser($owner_id);

$visitor_id=JFactory::getUser()->id;
$visitor=JsnHelper::getUser($visitor_id);

/* CODE TO CHECK IF VISITOR IS ADMIN */

if($is_admin){
echo $owner->getField('field_alias_of_security_question');
}
else{
echo '*****';
}
?>
{/source}


Docs about our User Object at http://docs.easy-profile.com/index.php/article/jsnuser-object

NOTE: this code is not tested and not supported, this is only for example purpose, you need to have PHP and Joomla devs knowledges.
  1. more than a month ago
  2. Support
  3. # 2
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.

Request Support

Support is currently Offline

Support Availability

Working days: Monday to Friday. The support staff is not available on weekends; in the most of cases tickets will not be answered during that time.

Reply time: Depending on the complexity of your support issue it's usually between a few minutes and 24 hours for paid members and about one week for free members. When we expect longer delays we will notify you.

Guidelines

Before you post: read the documentation and search the forums for an answer to your question.

When you post: include Site Details if you request a support (you can use the form below the reply in Site Details tab).

Auto Solved Question: If after a week the author of the post does not reply to a request by moderator, the question will be marked as resolved.

Language: only English

Search Users

Easy Profile® is not affiliated with or endorsed by Open Source Matters or the Joomla Project. Joomla is Free Software released under the GNU/GPL License.