Feature request: Allow admins to customize or hide contact email on login page

[archvalmiki]

Problem

Following up on the concerns raised in #63 (which was closed without resolution) - the current design exposes the admin's login email on the public login page. This creates two security concerns:

1. Credential enumeration - Attackers now know a valid login email
2. Email exposure - Admin's email is leaked to anyone who visits the URL

The default setup script configures Campfire on a public domain with automatic SSL, encouraging public-facing deployments. Yet the login page immediately exposes admin credentials to the world.

Current workarounds are inadequate

As noted in #63, the suggested workarounds have significant drawbacks:

• Edit template in container - Gets overwritten on updates, requires Docker expertise
• CSS hiding - Security through obscurity, doesn't actually protect the data
• Email alias - Requires external email infrastructure setup

None of these are accessible to non-technical users doing the simple one-line install that Campfire promotes.

Proposed solutions (any of these would help)

1. Separate "contact email" field - Let admins specify a display email different from their login
2. Toggle to hide - Simple on/off in admin settings
3. Generic message - Replace email with "Contact your administrator" (no email shown)
4. Opt-in display - Don't show by default, let admins choose to display it

Use cases affected

• Small teams - Admin doesn't want personal email public
• Security-conscious orgs - Can't deploy if it leaks valid credentials
• Privacy-focused users - GDPR and privacy considerations

The "forgot password? contact admin" UX goal can be achieved without exposing the actual login credential. A simple settings toggle would solve this while preserving the helpful intent.

This is the only barrier preventing me from recommending Campfire to others.