It's not possile to use the standard list of the users when you have a site with many users

Provide an automatic mail for user who don't have change their passwords since xx days

Having the possibility to add or remove some optionnal fields via a module

replace with a picture management for pro usage

a switch to use this field or not

a switch to use this field or not

a switch to use this field or not

a switch to use this field or not

a list of department for business use

a switch to use this field or not

a switch to use this field or not

Preferences admin define.

I'd like to request a mod to stop guests from viewing registered user

profiles please.

At present, most XOOPS sites have the 'webmaster/admin' as user #1 , and

any guest can do this:

http://example.com/userinfo.php?uid=1

and get the username, thereby making it easier to hack into an admin

account. Also, if the users email address is to be displayed, then any

guest can also view that.

Of course, even if the 'webmaster/admin' is not user #1, guests can still

find it, by displaying a number of user id's. All up, not good for website

security.

The mod only needs one line added, the file is /userinfo.php

AFTER this line ....

include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

ADD the following line ........

$xoopsUser or redirect_header('index.php', 3, _NOPERM);

Administrators need to be able to permanently de-activate accounts that

can't be re-activated with the original activation key. Likely this could

be done using the level field.

On the login page (user.php), users need an option to re-send their

activation key for those accounts not yet activated.

Administrators needs to be able to access/review/modify accounts that

aren't yet activated without activating them. With the recent account

spamming, our sites like to review new accounts without using the database

and without activating them (because then the comment spam begins).

Finally, I think that we need two administrative notices for new accounts.

The first would be when the account registration occurs. The second would

be when the account is activated and use can occur. And notices for each

could be deactivated as desires (although not recommended). Currently, the

only way to deactivate is to make a dummy group with no-one in it and

choose that group.

make an option for user either to show his/her status or not

WARNING : It's a very heavy function for the server (Hervé)