Invalid email after registration

Sakis

One way for malicious users to create multiple profiles is as follows. As soon as they register, they remove their email and put a completely invalid email. We have to deal with this somehow and prevent the malicious user from putting an invalid email mail after registration

ibn

Turn on the email filter this will prevent them from changing their email to an invalid email address

Sakis

ibn From the registration onwards, the user can even send a poem to an email. The filter helps before the registration. I am talking about after the registration.An example. After registration I can put this jjjjjjjdddddjjjj@gmail.com

naseemtork

You can solve it by adding a code that allows only the owner to change the email

From file
system/box/edit_profile.php
Search for
<?php if(isMember($data) && isSecure($data)){ ?> <div onclick="getEmail();" class="listing_half_element blisting"> <div class="bcell_mid"><i class="fa fa-envelope proicon"></i><?php echo $lang['edit_email']; ?></div> </div> <div onclick="getPassword();" class="listing_half_element blisting"> <div class="bcell_mid"><i class="fa fa-key proicon"></i><?php echo $lang['change_password']; ?></div> </div> <?php } ?>

Replace it with this :

	<?php if(boomAllow(100)){ ?>
	<div onclick="getEmail();" class="listing_half_element blisting">
		<div class="bcell_mid"><i class="fa fa-envelope proicon"></i><?php echo $lang['edit_email']; ?></div>
	</div>
	<div onclick="getPassword();" class="listing_half_element blisting">
		<div class="bcell_mid"><i class="fa fa-key proicon"></i><?php echo $lang['change_password']; ?></div>
	</div>
	<?php } ?>

ibn

naseemtork 👍👍👍

ibn

You can also do like this if you want them to be able to open the email box and view their email.

system/box/edit_email.php

replace this

<?php
require('../config_session.php');
if(!isMember($data)){ 
	die();
}
?>
<div class="modal_content">
	<div class="setting_element ">
		<p class="label"><?php echo $lang['email']; ?></p>
<input id="set_profile_email" value="<?php echo $data['user_email']; ?>" class="full_input" disabled/>
	</div>