[development] Disabling E-mail field in User Account > Edit
Larry Garfield
larry at garfieldtech.com
Sun Dec 11 21:14:48 UTC 2005
On Sun, December 11, 2005 2:27 pm, Keve said:
> Nedjo Rogers wrote:
>
>>> I'm trying to disable the e-mail and user_name filed in the User
>>> Account Edit page.
>>
>> It's a 'disabled' attribute you want to set,
>> http://www.w3.org/TR/REC-html40/interact/forms.html#adef-disabled
>>
>> Perhaps:
>>
>> $html_params = array("disabled" => "TRUE");
>>
> I tried w/:
> $html_params = array("disabled" => "");
>
> BUT if it is disabled, at submitting, validation fails. (Missing value)
I had to do this recently for another client. What I ended up with was
editing the edit form for users to show the normal textfield input if the
user had admin users permission, and to print the value as text along with
a hidden field that contains the same information. That way it still got
passed back to the form handler, but it was still not user editable
through normal means.
Of course, while quick and easy it was also a security hole (save HTML,
edit the hidden input field, resubmit), but it was an internal app so that
was less of a concern. :-) I would recommend also putting the same
if(user_access()) call in the form processing function. The total number
of changes should be under 10 lines, once you find the right spots in the
code.
The 4.7 way does sound considerably cleaner. :-)
--Larry Garfield
More information about the development
mailing list