[Resolved] [Plugin: Secure Invites] Can sign up as anyone once at registration page
This plugin is exactly what I was looking for and has lots of potential, but it needs some improvement. I am not too familiar with PHP (just learning) and I can appreciate all of the hard work that goes into coding plugins. Thank you.
I am running WordPress 3.0.1 and BuddyPress 126.96.36.199
After playing around with this plugin and testing the process I noticed a flaw in the security: After clicking the link in the email or typing it into a browser you do successfully reach the registration page, however, once at the registration page you can sign up as anyone with any email address. The Invitation list shows the original invitation as incomplete and shows the uninvited email and username as invited by the admin. This happened when using with the ‘BP Disable Activation Plugin’ so I decided to deactivate that plugin and try again. It still allows anyone to sign up only the new user is now completely undetected in the invitaion list. When logging in there is an alert that the account could not be activated but you are logged in anyway. Shouldn’t Secure Invite restrict signup to the email address in the invitation. Simply intercepting an email or adding ?emailaddress to the URL could allow anyone to register and this link remains open if the signup is not with the intended email address or until it expires or is deleted by the admin.
- The topic ‘[Resolved] [Plugin: Secure Invites] Can sign up as anyone once at registration page’ is closed to new replies.