Oftentimes people use MRBS with an LDAP directory and the users have identifiers that don’t fit their real names. MRBS uses these identifiers publicly to show who reserved a room.
I see 2 problems here: if the MRBS website is public, attackers get valid usernames(although this is more obscuring than actually making it more secure), and in case users want to discuss the usage of meeting rooms, they don’t know who to talk to. In my opinion, the email address would be much more helpful.
So I had a look at the sourcecode(v. 1.8.4) and edited the following lines:
line: 149 ..
// This was the original code // $tbody .= create_details_row(get_vocab("createdby"), $data['create_by'], $as_html, $class); // This is what I made out of it $mail = authLdapGetEmail($data['create_by']); $tbody .= create_details_row(get_vocab("createdby"), $mail, $as_html, $class);