Someone got in but we didn't let them in as they didn't pass our checks.
I remember seeing this user in awaiting to moderated and left them there.
I also remember seeing them listed in the forum as members online which is technically ok right? But they can't see any of the forums. They can just login and out and change account details. Avatar, email address etc.
They did change their email address.
Now they are set as "valid" in the backend.
Is that possible?