5
Quote:
Currently, once a user had created an account, he could change his/her email address to anything without any verifications.
In the waiting for this useful fix, I've skipped this problem by removing the option to change the email by XOOPS users (RC2-only hack)
Just look at the edituser.php file at line 43:
<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br /><input class='textbox' type='text' name='email' value='". $xoopsUser->email("E") ."' size='30' maxlength='60' /><br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";and change it in this way:
<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br />". $xoopsUser->email("E") ."<br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";Rc3 is some different and I'm still working on it (but should be easier)
Why should use a temporary solution? well, as soon I've published on xoops.it about this issue, just 2 minutes after lots of trolls was subscribing with fantasious email addresses