That should be very easy to do for the email field. We wouldn't do it for the password field, as there's no issue with tampering with that field. Let me look into the change that would be required, and also let me know if you still want this, given the above about changing a user's email later on anyways. Shouldn't be difficult, but may take a day or so to come up with the best solution.If the ability to edit the fields is off, do not use hidden variables to pass them, but store them in the session object so they cannot be tampered-with?
Join our newsletter to get alerts for Joomla releases, tips and tricks and extension updates.