The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
able to modify account email without verification
#1
Not sure if this is a bug or by design... I have "Require User to Verify Their Email?" set to "yes" in the email settings and it seems to work fine on initial registration, but once I am registered I can go in and change the email in the account settings with no verification.

So, thinking like a bad guy, I could sign up and get a valid account and then change my email to someone else's address and then suddenly emails that are "verified" are actually not verified...

As far as I see there is no record of the initial, verified address, either...

And the column "email verified" in the "users" table still indicates 1.

Maybe this is standard behavior for user systems - I'm not sure I ever tested it on another system before. But I can see how it could be a cause for abuse/misuse so I'm throwing it out here.
  Reply


Messages In This Thread
able to modify account email without verification - by plb - 08-25-2016, 06:34 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)