I need help with a code for locking editing an input of type text in the profile page of Wordpress.
I added the following code:
(function(){
$("#email").attr("readonly","readonly");
});
But while the page is loading, the field appears unlocked, and if the user press 'Esc', the page loading is stopped and he can edit the field.
Is there any way to avoid this?
Setting an input to "read only" by whatever means, Javascript or PHP generated or hard-coded markup, has zero security value. It is trivial to remove that "lock" with FireBug or the Web Developer extension, and I am sure others as well. What you are doing is cosmetic at best.
If you want to prevent the user's email address from being changed you will have to catch the form submission with (probably the personal_options_update and/or edit_user_profile_update hooks and force the email to remain the same as whatever is already in the database. Something like this:
function lock_user_email_wpse_100146($userid) {
$user = get_userdata($userid);
if (isset($_POST['email'])) {
$_POST['email'] = $user->user_email;
}
}
add_action('personal_options_update','lock_user_email_wpse_100146');
I caution you against doing that, as it prevents users from changing their email addresses, and people do change email addresses. If you do this and someone changes address that person is no longer able to reset their password. It is a very unfriendly thing to meddle with.
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.