Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
310 views
in Q2A Core by
Any registered user can create multiple accounts and send messages to any user even without their account being approved. This is a serious flaw. Many trolls are taking advantage of this on my forum.

1 Answer

0 votes
by

in qa-include/pages/message.php 

change  this at line 150

if ($toaccount['flags'] & QA_USER_FLAGS_NO_MESSAGES) {

to this

if (($toaccount['flags'] & QA_USER_FLAGS_NO_MESSAGES) && qa_get_logged_in_level() < QA_USER_LEVEL_SUPER) {

and

in qa-include/pages/user-profile.php  

change this at line 791

if (qa_opt('allow_private_messages') && isset($loginuserid) && $loginuserid != $userid && !($useraccount['flags'] & QA_USER_FLAGS_NO_MESSAGES) && !$userediting) {

to this

if ((qa_opt('allow_private_messages') && isset($loginuserid) && $loginuserid != $userid && !($useraccount['flags'] & QA_USER_FLAGS_NO_MESSAGES) && !$userediting) || qa_get_logged_in_level() >= QA_USER_LEVEL_SUPER) {

...