Issue #659 has been updated by Clément OUDOT. Status changed from Assigned to Closed % Done changed from 0 to 100
Done in r371. Note that the mobile number is still in plain text in an hidden field. ---------------------------------------- Feature #659: Partially hide mobile phone number, to prevent username to phone number lookups (privacy) http://tools.lsc-project.org/issues/659 Author: Stephan Hughson Status: Closed Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-0.9 Thanks for the self service password reset tool, first of all. It's very useful. There was a slight privacy issue for our users, as you can look up a user's mobile number just by knowing the username. In some companies that's ok but not all. I have adjusted the code slightly in my installation but I think it may be a useful feature for everyone. Please excuse my poor coding... In config.inc.php , I added a variable: <pre> ## SMS # Use sms $use_sms = true; # GSM number attribute $sms_attribute = "mobile"; # Partially hide number $sms_partially_hide_number = true; </pre> Then in sendsms.php , on line 234: <pre> <td><?php if ($sms_partially_hide_number) echo (substr_replace($sms, '****', 4 , 4)); else echo $sms;?></td></tr> </pre> so the phone number is displayed for the user to confirm, but not all of it. Thanks for your help. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
