Users can still see all the users in the forum by changing the number next to the members/username.4/.
If you change the number to "3" it will display the user so basicly every user can see all the users that ever registered and spam them.
Yes but then users can not see profiles at all... Surely there is a more elegant way of making the forum database of users without this exploit?
I mean its either users can see all the users that ever registered or users cannot access users profile at all.
No other way to allow users to see users that post but not users that never post?
I mean I have 2 options now, either to not allow all the users to see other users and rendering my forum basically useless or allow every new users that register getting spammed on the second he registers.
when changing the number next to the user name it should NOT give users the user profile in that number! its a bug that seems to be in all the version of this forum.
Surely there is a fix for this simple exploit? it is such an expensive forum and it is completely useless because of the way it builds the users database.