Nonetheless, there is something wrong. A couple of users have complained that the site seems to over-ride the setting "Store my user name in a cookie for 1 year".
Is this a setting issue? Or a bug? How can I fix it?
site incorrectly identifies addresses with a "+" character as an invalid email address during the registration process.
while "+" characters have no special meaning in themselves, many mail systems handle them specially, as an extension to the part of the address before the "+" - e.g. "cas+gc@example.com" would be delivered to the same account as "cas@example.com" (but with the full plussed address left intact so that filtering software like procmail can save it to a separate folder or whatever). in this context, they're known as "plussed addresses".
some mail systems use a "-" character for the same job, but "+" is more common (and more "correct" by internet convention/habit/practice)
it's actually inexcusable for any software to do a bad job of address validation - the precise definition for a valid email address has been publicly documented for decades, and it has hardly changed at all even since the early days in the 1970s. it's not rocket-science, it's really straight-forward...and it's not even neccessary to "roll your own", there are dozens of freely re-usable functions, libraries, and code-snippets to do address validation that all do the job (as well as probably hundreds more that do the job badly).
it's even more inexcusable for GPL software like XOOPS to get it wrong - there are no license incompatibilities preventing use of one of the GPL libraries that do it.