Store Community Support Documentation

Ok, I need someone to check this out ASAP!

I set up my site as invite only.

I also set it up to verify the email address.

I logged in as a member I made with the membership of a registered user.

I then use the invite in the footer and invited a made-up email address.

123456@123456.com

and it said it was sent...ok

Then I opened another browser and went to the home page and put that email address in the invite box and it came up and allowed me to enter a Name, the same email address and a password.  I did that and bang...my account was made with no verification of email.  So I think a spammer could use excel spreadsheet and make a list of fake emails like obama@whitehouse.gov, trump@whitehouse.gov to something simple like 1@1.com, 2@1.com, 3@1.com up to 50 at a time and the system would let it pass through without verification that you even own that email address or worst yet...doesn't even exist.

Please, someone, check this out and tell me I am wrong!  I am hoping I am.

Kirk
#6

Disabling invite would be okay unless your site is invite only. So that's no good. I guess until it's fixed you could keep it disabled and invite via email. Then new members would have to go through the normal registration process. Still, I hope this is fixed soon (I don't use it but I'll bet a lot of people do).

::

By the way, I get tons of spam memberships on a new install even with captcha enabled. I have to go with the Q&A at signup in addition to stop the massive spam influx.

Last update on June 8, 6:54 pm by Kirk.
Jonathan Mitchell
#7

Never really liked captcha..instead I use the anti-spam question  .. I use a photo for it  like this:   

I rarely see any spammers

JohnJr
#8

That spam question is genius. Too bad both do not work in an invite only community :(

Last update on June 9, 11:31 am by JohnJr.
Kirk
#9

Holy cow! That spam question is brilliant!

JohnJr
#10

With that question, you could make the spammers work for it by adding the following - also put the letters in alphabetical order...LOL

Kirk
#11

Backwards. :D

JohnJr
#12

Where is phpfox?  Seems like a response would be nice.

JohnJr
#13

So no response by phpfox,  but I tried to do it on there demo site, and I guess the invite does not work the same way.   I think it does send an email just like the invite-only site, but it does not let you add in your email without the URL which is correct in my mind...maybe I need to find the code to stop that just entering an email address in to set up your account code.

spirog
#14

@JohnJr 

Here is captcha and spam questions  working with invite only . I created a user group and logged in as that user in tye user group and clicked invite at bottom of pages from groups section. Then logged out and recieved email .Clicked email brought up this screen .entered all information and clicked submit. Now it's ready but I still need to verfiy user in order for them to login. So you won't get any spam logins cause you have to verify each person. And hopefully tyry wilp someday use my GitHub.com post for feature request.

I asked That admins can have option to get email notification when a user is waiting to get verified Or reg signs up and is waiting on admin to verify email

Also asked if f we could get notificstion when there is a blog or video or group page tust needs our approval first before it goes live. 

 

Hope there listening this I think is well needed. At least to get notifications when users are waiting to get verification Ed from admin sontuet can login. Otherwise if we wait too long they will never come back to the site. And or delete there account .

Thanks hope this helps that it's actually working in Ver 4.6.1.b4 

 

See photo 

spirog
#15

@JohnJr 

Here is captcha and spam questions  working with invite only . I created a user group and logged in as that user in the user group and clicked invite at bottom of pages from groups section. Then logged out and recieved email .Clicked email brought up this screen .entered all information and clicked submit. Now it's ready but I still need to verfiy user in order for them to login. So you won't get any spam logins cause you have to verify each person. And hopefully phpfoxp will  someday use my GitHub.com post for feature request.

I asked That admins can have option to get email notification when a user is waiting to get verified Or reg signs up and is waiting on admin to verify email

Also asked if we could get notifications when there is a blog or video or group page that needs our approval first before it goes live. 

 

Hope their listening

this I think is well needed.

At least to get notifications when users are waiting to get verified from admin so they can login.

Otherwise if we wait too long they will never come back to the site. And or delete there account .

Thanks,

hope this helps that it's actually working in Ver 4.6.1.b4 email verification , friends only , admin verify email, captcha and spam questions .

 

See photo 

Attachments
Screenshot_20180718-001039.png 98.83 Kb . 27 Views
Last update on July 18, 5:30 am by spirog.
JohnJr
#16

Yes for sure it is working in this new version when using invite link as it worked correctly when I justed tested it...need to check it on groups tonight as I think that was my issue.

JohnJr
#17

I don't know what is going on...maybe I was drunk that night :) but it seems like it does work so unless I figure out what I was doing wrong...let just say it works the way it is supposed to.  The only thing I can think of is maybe the verification didn't save and that is why I was able to make all those weird email addresses I listed above.

Kirk
#18

It seems to me, drunk or not, verification saved or not, you did something to make it behave the way you describe in your original post or you wouldn't have experienced it. So there might still be a problem. It might take 10 different things to happen in a specific order for the issue to appear... but still.

JohnJr
#19

I would agree, but I am thinking if that if the verification by email is not set whether invite only or not then anyone can use any email with no check so you could use anything I guess...but I never tried it without email verification.  So like I said above that is the only thing I can think of that maybe didn't set correctly...but you never know.  I am planning on doing a reinstall and try again when the next version comes up.

JohnJr
#20

Update...did a reinstall from scratch and now it works...me happy!