the main issue here is the username that supposedly to be used. If ever you just inputted something wrong ex. confirmed password, error discount code, etc. ... and press the submit button. The username will not be available anymore. ox_signup table will be filled up of unnecessary records. There is something wrong of the processing of the form.
Again, I would suggest using form field error checking to make sure. Coupon is not a problem. It is checked before username is checked or placed in temporary table. All other fields are echoed back to page if bad coupon, and allowed to submit again.
I am not sure what field isn't being checked for input on your setup, however make sure it is and you wont have the problem. The default with RevMax is wforms.js
http://www.formassembly.com/wForms/v2.0/documentation/input-validation.phpIf all form fields are submitted correctly the next stop is payment, if payment succeeds the user is placed in the users table and has access to features, if not completed they are still in a pending state. If your organization has enough failed sign ups and your temporary sign up table becomes excessive you can run a cron job to truncate the table once a day or so.
You had mentioned captcha, and phpcaptcha is easy to integrate also. You can find more information here:
http://www.phpcaptcha.org/documentation/quickstart/ Again, this is not any sort of security issue, the user is never placed in a state thet they might gain any benifit other than creating useless records. Again this can be stoped with form field error checking as outlined above. Please check your form.
I am closing this thread.
