Dear Sir,
When a registration form is created with setting such as only logged in users and registrant must have account options enabled In this scenario why email address, first name and last name which prefilled values are editable.
Is it possible to make this editable field disable to user to edit.
Please request to suggest some solution
No, there is no setting for it.
In code can we change to non editable ,
if yes which file to edit.
This is not a trivial change. You cannot do that from a plugin. If you just made the field readonly it would not enforce on the server side that there’s really no different value for it.
Please guide me which file to do please
Sir please help
@ThiefMaster I think I’ve stumbled to similar problem that registration form leaks indico user accounts.
Just by trying out different emails it will tell if indico account exists with that email.
And reading from your answer there is no mechanism to disable this feature from the customization or plugins.
To avoid legal problems I think I need to see what files need to be overridden in the core to disable this feature.
You may want to set ALLOW_PUBLIC_USER_SEARCH = False in your indico.conf file:
Ah, missed that as it’s newer than my initial dev env.
But it still leaks info that the account exists or is associated with indico:
”Please log in using your Indico account to use this email address.”
”The registration will not be associated with any Indico account.”
It’s better than nothing and not exposing the users name anymore.
I have to see if that is enough protection for the legal.
You can and should certainly document in your privacy notice (if you are in a jurisdiction where you need to have one) that the existence of accounts by email is visible. FWIW this is also the case for other places such as “forgot password” or even signup, where Indico discloses whether an account exists.