With this line you will disable edit of email field: db.auth_user.email.writable = False
Email will still be printed in form but read only. You can remove it completely from form by adding: db.auth_user.email.readable = False You should put this lines conditionally, for example in default.py user function: if request.args(0) == 'profile': ... <lines here> Else you'll end up disabling email field even in registration page. Marin On Thu, Jun 6, 2013 at 9:24 AM, Lio <coldspring830...@gmail.com> wrote: > Hello guys, > > In my app I use email as login user name, but I found in > app/default/user/profile the email can be modified. This seems to be a risk > either the user may lose his account by accidentally change email or hacked > by others in some way. The solution I can think of is customize the profile > page and hide email field. Is there better practice which show the email > but forbid modifying it like the id field of most tables. > > regards, > Lio > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
