Issue #659 has been reported by Stephan Hughson.
----------------------------------------
Feature #659: Partially hide mobile phone number, to prevent username to phone
number lookups (privacy)
http://tools.lsc-project.org/issues/659
Author: Stephan Hughson
Status: New
Priority: Normal
Assigned to:
Category: Self Service Password
Target version:
Thanks for the self service password reset tool, first of all. It's very useful.
There was a slight privacy issue for our users, as you can look up a user's
mobile number just by knowing the username. In some companies that's ok but not
all.
I have adjusted the code slightly in my installation but I think it may be a
useful feature for everyone.
Please excuse my poor coding...
In config.inc.php , I added a variable:
## SMS
# Use sms
$use_sms = true;
# GSM number attribute
$sms_attribute = "mobile";
# Partially hide number
$sms_partially_hide_number = true;
Then in sendsms.php , on line 234:
<td><?php if ($sms_partially_hide_number) echo (substr_replace($sms,
'****', 4 , 4)); else echo $sms;?></td></tr>
so the phone number is displayed for the user to confirm, but not all of it.
Thanks for your help.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://tools.lsc-project.org/my/account
_______________________________________________
ltb-dev mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-dev
