userprofile url has email address

Hi,

We are running Joomla 3.6.2 and Community builder 2.0.14 and the url for the user's profile are in the format of cb-profile/userprofile/<emailaddressoftheuser>.
What is causing this and how do we turn it off?

thanks
mikie

We use username in the SEF URL. You can't turn it off other than stop setting username to email address.

We have exactly the same problem.

A link to a user's profile (other than the currently logged in user) is always in the format

<domain>/<userprofile menu alias>/<userid>-<username alias> - (where <username> is rendered with '@' and '.' replaced with '-')

So, any link clearly displays the username. If the email address is the user name, the email address is exposed, publicly - even if both the email and username fields are set to forced privacy!!

This is a breach of privacy for our users.

Strangely, I find that the username part is totally redundant:

<domain>/<userprofile menu alias>/<userid> is sufficient to reach the correct profile, so there is absolutely no need to add the username to the URL. The userid is sufficient and unique, of course.

Trying to find a way to remove it is driving me crazy.

Shortly after I wrote my last comment, I managed to trace where this is happening in the router.php.

if ( is_numeric( $user ) ) {
$alias = CBuser::getUserDataInstance( $user )->get( 'alias', null, GetterInterface::STRING );

if ( ! $alias ) {
$alias = CBuser::getUserDataInstance( $user )->get( 'username', null, GetterInterface::STRING );
}

// Ensure the username isn't numeric and that it's alias safe otherwise prefix with user id:
if ( ( ! is_numeric( $alias ) ) && ( $alias == Application::Router()->stringToAlias( $alias ) ) && ( ! in_array( $alias, Application::Router()->getViews() ) ) ) {
$user = $alias;
} else {
$user = $user . '-' . Application::Router()->stringToAlias( $alias );
}
}

The problem is solved by removing the line:

$user = $user . '-' . Application::Router()->stringToAlias( $alias );

However, I am absolutely against hacking 3rd party code, so can you provide a slight change in your router.php, to allow for the username to be removed and only the userid to be exposed, in the URL.

Modify the routing code at your own risk. I don't recommend doing so. Just set the Profile URL field to display on registration and profile edit then make it required. They will now have to specify their own profile alias instead of it using username or email address.

Why did you answer mikies "We use username in the SEF URL. You can't turn it off other than stop setting username to email address. " but answer me "Just set the Profile URL field to display on registration and profile edit then make it required. They will now have to specify their own profile alias instead of it using username or email address. "? The issue is the same.

We do not have a 'Profile URL' field. Should there be one? Do we have to create it? If so, I presume it is of the type 'Web address' but what do we have to do to make it act as the 'Profile URL'? I'm a bit lost, here.