Duplicate  Unconfirmed user can update status

erich37

Well-known member
I have a user which signed-up today and also posted a "profile message" onto his own profile and also entered his "locaton" and his "occupation".

The strange thing is:
this user still did not confirm his e-mail-address. When I go into my ACP, then it says for this user:
User state: "awaiting e-mail confirmation"

Question:
why and how can a user enter a profile-message onto his profile-page when he even did not confirm his e-mail-address ???

Are you guys sure this should be like it is ?

IMO this is a potential leak for spammers.
 
the user is not showing up in the "Members List", but the user and his profile-post is showing up within "Members > Recent Activity".
 
admin.php?user-groups/system-unregistered-unconfirmed.1/edit

profile settings > can post profile post : is this set to inherit, yes, no ?
 
I have just tested this and I am unable to post on the profile of an unconfirmed account.

Other profile information is able to be entered such as status message, location, occupation, home page, etc.

This is by design.
 
I have just tested this and I am unable to post on the profile of an unconfirmed account.

Other profile information is able to be entered such as status message, location, occupation, home page, etc.

This is by design.

no idea, but a user has done so on my forum.
the user has posted onto his own Profile-page.
 
Indeed that would be the spot. :)

the strange thing I see in my left screenshot is the time:

- the post was made at 5:52 A.M
- user was last seen at 5:48 A.M

not sure if the issue is coming from there, but the timing looks a bit strange....?
 
Ajax actions (like posting statuses) don't update the session activity. They clicked onto the page to post the status at 5:48, and clicked post 4 minutes later without leaving that page.
 
I have just tested this and I am unable to post on the profile of an unconfirmed account.

Other profile information is able to be entered such as status message, location, occupation, home page, etc.

This is by design.

Homepage as well ?

Not great design if an unconfirmed user is allowed to enter a Homepage-link.....
 
Top Bottom