PP 5.62: users are able to cheat with identical email address
PP 5.62, stand alone version
i just found out, that users are able to cheat with identical email addresses.
I have in my ACP the option:
"Require unique email addresses for user registration?"
I set this to Yes. But the users are still able to change their mail address afterwards to an email, which exists already in the database.
The user can register normallly, after that he goes into his profile and changes his mail address to another one. With this, he can have unlimited usernames all with the same email address. I tested this with 3 different accounts.
This should not be possible, if I set the ACP option to unique email addresses.
How can I fix this?
That option is only for the registration process so it is doing what it was designed to do.
There is no check after a user is registered and verified user that prevents him from changing his email
Is there any easy way with a code modification to avoid this obvious misuse?
Well no support for this and I will not discuss this further in this thread is what this means but you can try adding this code in member.php
|All times are GMT -5. The time now is 08:25 PM.|
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0