Skip to Content Skip to Menu

🕒 Save Time and Effort with CB Editor Assistant: Effortlessly create and refine content in Joomla 3, 4, & 5.
🎁 Limited Offer: Enjoy a 5-day FREE trial and save up to 30% afterward!
Try It!

User profile not private!

  • AlexRag
  • AlexRag
  • OFFLINE
  • Posts: 501
  • Thanks: 33
  • Karma: 6
12 years 1 month ago #215569 by AlexRag
User profile not private! was created by AlexRag
I was advised to use this link for admin to view members profiles in the front end: index.php?option=com_comprofiler&task=userprofile&user=USER_ID

But I just discovered that any member with knowledge of this link can see other members profile information if they if the arbitrarily put in a number in place of USER_ID How can this be? How can i prevent this!

Please Log in or Create an account to join the conversation.

  • AlexRag
  • AlexRag
  • OFFLINE
  • Posts: 501
  • Thanks: 33
  • Karma: 6
12 years 1 month ago #215570 by AlexRag
Replied by AlexRag on topic Re: User profile not private!
Might have found the answer. Please verify if this the only thing I need to do:

Under Configuration/User Profile

Allow Access To: Super Users

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48709
  • Thanks: 8319
  • Karma: 1447
12 years 1 month ago #215620 by krileon
Replied by krileon on topic Re: User profile not private!
What you've configured is for every profile to require Super Users usergroup to access. Meaning Registered users can't even access themselves. What are you trying to do specifically? If you want this private to registered users only then set it to Registered. Other users will always be able to access other users, there's no feature to block users from viewing other users.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • AlexRag
  • AlexRag
  • OFFLINE
  • Posts: 501
  • Thanks: 33
  • Karma: 6
12 years 1 month ago #215625 by AlexRag
Replied by AlexRag on topic Re: User profile not private!
It looks like I can block though. I changed the setting as desribed and as long as I have an Edit or View Profile menu links I can get to my member profile with no issue. The URL is set up with Search Engine Friendly URLs so you can't see the actual long link below.

But when I punch in /index.php?option=com_comprofiler&task=userprofile&user=USER_ID, its true I can't get to my profile nor anyone elses (You are not authorized to view this page!)

Only Super Admin's seem to be able to access with this link.

So, is this normal behavior? Otherwise, I think its a problem if members can see other members confidential info like phone numbers, etc.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48709
  • Thanks: 8319
  • Karma: 1447
12 years 1 month ago #215648 by krileon
Replied by krileon on topic Re: User profile not private!
If you want users to control their privacy then install CB Privacy. If you want certain data private to administrators then move those fields to a tab that's in a not shown on profile position and render them with substitutions in a tab that's accessible to administrators only. Do not set profile access to Super Users and expect it to work properly, because it won't as various API won't be able to access CB if the logged in user is anyone other than Super Users and it's going to cause problems.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • AlexRag
  • AlexRag
  • OFFLINE
  • Posts: 501
  • Thanks: 33
  • Karma: 6
12 years 1 month ago #215654 by AlexRag
Replied by AlexRag on topic Re: User profile not private!

If you want users to control their privacy then install CB Privacy.

I saw that plugin - Is there away to have the privacy setting be on by default? This way the user would have to choose to make the information available.

...render them with substitutions...

Can you elaborate or is the info in the manual?

Do not set profile access to Super Users and expect it to work properly, because it won't as various API won't be able to access CB if the logged in user is anyone other than Super Users and it's going to cause problems.

Since the option is available in the configuration, when would the setting be useful?

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum