1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Is this a way to bypass registration system?

Discussion in 'XenForo Questions and Support' started by flowerpot132, Aug 4, 2016.

  1. flowerpot132

    flowerpot132 Formerly mugtree

    Every member has to be manually checked on our forum. So awaiting approval then we check their details are ok and let them in.

    Someone got in but we didn't let them in as they didn't pass our checks.

    I remember seeing this user in awaiting to moderated and left them there.

    I also remember seeing them listed in the forum as members online which is technically ok right? But they can't see any of the forums. They can just login and out and change account details. Avatar, email address etc.

    They did change their email address.

    Now they are set as "valid" in the backend.

    Is that possible?
  2. Mike

    Mike XenForo Developer Staff Member

    Can you show the user change log history for this user?
  3. flowerpot132

    flowerpot132 Formerly mugtree

  4. Mike

    Mike XenForo Developer Staff Member

    When editing the user, look at the "change log" tab.
  5. flowerpot132

    flowerpot132 Formerly mugtree


    As you can see he has changed email address from a gmail version to an icloud one. Today admin edited the state from valid.
  6. Mike

    Mike XenForo Developer Staff Member

    Did someone manually edit the account to email bounced? The system will only put users into that state from the valid state, so it's a post-approval state only, which is why it went back to one of the other post-approval states (email confirmation from edit) and then to valid.

    Aside from the message displayed, going to the email bounced state doesn't differ from awaiting approval (we don't send most emails in either case), so there isn't generally an expectation of that as a change. If you really do want to change the state there, you should probably go back to awaiting email confirmation.
  7. flowerpot132

    flowerpot132 Formerly mugtree

    We do that on purpose. It's the one option that keeps the user details (opposed to reject and delete) and removed them from the list of awaiting to approve. We want that clear.

    So any idea of a user could become valid by doing that email change thing? Or was it a human error on our part and we approved them by mistake.
  8. Liam W

    Liam W Well-Known Member

    If a user is placed into the email invalid state, they will be placed into the valid state when they confirm their email, as the email invalid state will only be applied to valid users by the system.

    If you're using the email invalid state, you're basically approving them but making them change their email address.

Share This Page