Awaiting feedback User registration

Spartan

Well-known member
i have user registration off, but someone, or a bot, was able to register a username.
 

Attachments

  • image.webp
    image.webp
    107.3 KB · Views: 61
Open library library\XenForo\ControllerPublic\Register.php
Find:
PHP:
protected function _assertRegistrationActive()
{
// bunch of code here
}
Replace the last curly brace with
PHP:
XenForo_Error::logError(@serialize(get_declared_classes()));
    }
Create new account via this url yourdomain.com/register. logout and login to ACP, there should be a error message logged. Send it to me via PM or post it here :)
 
Yes, but not on my other site. On the-boneyard I have registration enabled, but each registration must be manually approved. This username got through, but was not manually approved.
Tapatalk is still active here:
http://the-boneyard.com/mobiquo/mobiquo.php

As long as that PHP file is there, the Tapatalk app can use it to bypass Xenforo's registration as its API has direct access to your database.
 
Last edited:
Open library library\XenForo\ControllerPublic\Register.php
Find:
PHP:
protected function _assertRegistrationActive()
{
// bunch of code here
}
Replace the last curly brace with
PHP:
XenForo_Error::logError(@serialize(get_declared_classes()));
    }
Create new account via this url yourdomain.com/register. logout and login to ACP, there should be a error message logged. Send it to me via PM or post it here :)

There will only be an error logged if debug mode is enabled, which is unlikely.
 
Top Bottom