Multiple Accounts, Same Email

Started by Eliana Tamerin, March 16, 2008, 02:17:25 PM

Previous topic - Next topic

Eliana Tamerin

Question: Can I allow multiple accounts to use the same email address?

Original Topic: http://www.simplemachines.org/community/index.php?topic=224650.0

Like many people who use SMF for roleplaying (RPG) forums, I found myself frustrated at the restrictions on multiple email addresses. I scoured the forums for solutions, but each time there were none. No one could or was willing to provide a solution for this, citing many reasons not to, and offering a few alternatives.

The best alternative was, and still is, the Multiple Personas Mod by jack. This is simple and easy to use, and works great. The only problem is, you still need to register multiple accounts. But at least this way, you don't have to remember five different passwords if you're careful about account security, and you can easily flip to another account to read a PM if necessary.

But I wanted somthing more. Now that I know a bit more about php, I decided to delve into the code myself. Before I go any further, I must interrupt myself for this.

DISCLAIMER: I do not accept any responsibility for the loss of security incurred by this trick.

Proceed at your own risk.

Reasons why you should not use this trick:
-The major issue with this is security. There is a good reason for this function being there.
-Users can log in with email addresses. The email address login defaults to the first account created with that email, so only login by username would be possible.
-Lost password function would be broken with this. It is imperitive, therefore, that if you use this, you make sure you and your members keep track of your passwords.
-If everyone signs up using the same email address and they all have access to this address, then any one of them can change the password for another member's account without that person's knowledge.
-Email notifications sent to same address. This means that if multiple people have registered with the same address, the readers of that email address will see the notifications for all those accounts. Possible security issue. Besides that, PM notification emails would allow everyone to read the PMs of the other members, which would be a loss of privacy.
-This allows spambots nearly unlimited access to your forum. This is not suggested AT ALL for forums that do not need this. I highly suggest you invest time into ensuring that your forum is secure by either admin approval of accounts or multiple anti-spambot measures. I would suggest you use any of the following mods: Akismet Spam Protection, No Spam by Guests, Anti-Bot Registration Puzzles, Are You Human? (Anti-Bot Check), Advanced Visual Verification (captcha), or Visual Verification Options.
-I would highly, highly, highly recommend that you keep any email addresses associated with admin/gmod/mod accounts unique.

And probably the biggest risk of all:
If you have instant registration enabled (Admin CP > Registration > Settings > Method of registration employed for new members), you can seriously wreck your forum by allowing guests to register with YOUR email address and then destroy your forum. Set your registration settings to Member Activation or Member Approval BEFORE you perform this trick.

I would highly suggest using the View Email Permission mod and disabling view permissions for guests, or checking the "Do not reveal contact details of members to guests" (Admin CP > Features and Options > Basic Settings)  option.


Ok, now that you've read my large disclaimer and reasons why you shouldn't use this, I'll continue.

There are three files you need to edit, all in the sources folder. Find subs-members.php, profile.php and register.php.

In both subs-members.php and register.php, find this code:
$request = db_query("
SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE emailAddress = '$_POST[new_email]'
LIMIT 1", __FILE__, __LINE__);
// !!! Separate the sprintf?
if (mysql_num_rows($request) != 0)
fatal_error(sprintf($txt[730], htmlspecialchars($_POST['new_email'])), false);
mysql_free_result($request);


And in profile.php, find this code:
$request = db_query("
SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE ID_MEMBER != $memID
AND emailAddress = '$_POST[emailAddress]'
LIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0)
$post_errors[] = 'email_taken';
mysql_free_result($request);


You have three choices. You can:
a) comment out this code.
b) remove this code (BACK UP FIRST!)
c) alter this code

I'll choose c, because the two others are relatively easy to do. And c can impose a limit on the number of accounts that one can register, useful if you have rules against having more than x accounts.

In subs-members.php and register.php, find this line:
if (mysql_num_rows($request) != 0)

and in profile.php, find this line:
if (mysql_num_rows($request) > 0)

and change all three to this:
if (mysql_num_rows($request) > X)

where X is the number you wish to limit it to. I chose to limit it to nine, so mine looks like this:

if (mysql_num_rows($request) > 9)

Save your three files and upload them to your server.

That's it, you're done. You can now register multiple accounts with the same email address. Please remember that I do not take responsibility for any damage or loss of security this change may incur.

In addition

If you or your members are being stumped by the error that results by registering one account and immediately registering a second, here is the fix:

Open up subs-members.php in your sources folder.

Find this line
// Make sure they didn't just register with this session.
if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck']))
fatal_lang_error('register_only_once', false);


And comment it out or remove it. Back up your file first before you do this.

That's it!

Thank you, and I hope you enjoyed this trick.
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

H

-H
Former Support Team Lead
                              I recommend:
Namecheap (domains)
Fastmail (e-mail)
Linode (VPS)
                             

Eliana Tamerin

Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

day-there

Autograph...

Eliana Tamerin

You're welcome. I hope this helped you, if you use it, and you were able to get it working without any problems.
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

Eliana Tamerin

I should update this to inform anyone using this tip/trick that for SMF 2.0 RC2, there is a mod that works much better, called Subaccounts: http://custom.simplemachines.org/mods/index.php?mod=2264
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

Yahmez

You can also use phpmyadmin to change the email of multiple accounts to the same address.

Eliana Tamerin

You can, but then any time you attempt to change the Account Settings of an account with a duplicate email, you'll get an error message. This goes for the account owner or the admin.
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

Yahmez

Hmm... I just tested that with RC3 and it updated the profile without a SMF scolding and I checked the error log and nothing there...

Eliana Tamerin

Hmm. Well, this is a simpler (or the mod I mentioned) method for those who don't know what they're doing with phpMyadmin.
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

Yahmez

Well I don't know what I'm doing in phpmyadmin but I managed :P

Not to detract from your tip though, thank you for the clear understanding of how SMF handles this situation. Oh and while I'm at it, thanks for your work w/ simple portal. Really, it's great!

netjockey

well , is there any other way round

like if admin is creating a user from backend (i mean admin cp panel) then it should ignore the email(whether they are unique or duplicate it should ignore the email field and create the account)

and if any user is creating an account from normal registration page it should work as normal(means it should not allow duplicates email)

i have tested the mybb software , it work like these way only, and when you use the forgot password feature of mybb it sends multiple mails to the same address

like user1 and user2 have same address as email1 then two(1 for user1 and 1 for user2) emails will be send to email1

Eliana Tamerin

There is another way around:

Quote from: Eliana Tamerin on November 21, 2009, 09:56:46 AM
I should update this to inform anyone using this tip/trick that for SMF 2.0 RC2, there is a mod that works much better, called Subaccounts: http://custom.simplemachines.org/mods/index.php?mod=2264

Otherwise, nope, not unless you manually edit the database (which most users don't know how to do, so I wouldn't advocate that). SMF checks for duplicate emails whenever you register or update an email, regardless of who's doing it. It can be a guest, a member or and admin, but SMF checks it all the same.

As for MyBB, I doubt they allow logins via email in that case. SMF does, which is the primary reason for the duplicate email checking. This tip/trick breaks that functionality partially, but such is the price that you pay for getting a little bit of an unorthodox feature.
Do NOT PM me for support.

SimplePortal 2.3.6 is OUT!
SimplePortal Project Manager
Download | Docs
SimplePortal: Power of Simplicity!

netjockey

You are Correct mybb does not allow login through email,but that mod you are saying is for smf 2.0 i  am  using smf 1.1.11 latest version

netjockey

Hello, i would like to ask whether it is possible for admins to create account without email id (i mean leaving the email id field blank) from the admin cp

and the normal user registration form (from front) should work as normal


netjockey

hello buddy , i have tried something unusual and it is working like charm , i would like to confirm these from you guys

what i did that change these

$request = db_query("
SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE emailAddress = '$_POST[new_email]'
LIMIT 1", __FILE__, __LINE__);
// !!! Separate the sprintf?
if (mysql_num_rows($request) != 0)
fatal_error(sprintf($txt[730], htmlspecialchars($_POST['new_email'])), false);
mysql_free_result($request);


to these only in Subs-members.php only

if (allowedTo('moderate_forum') && !$user_info['is_guest'])
{
if (mysql_num_rows($request) > 9)
fatal_error(sprintf($txt[730], htmlspecialchars($regOptions['email'])), false);
mysql_free_result($request);
}
else
{
if (mysql_num_rows($request) != 0)
fatal_error(sprintf($txt[730], htmlspecialchars($regOptions['email'])), false);
mysql_free_result($request);
}


The Result ,

You as a Admin can Create Multiple User account from Admin cp  with same email Address

normal member have to follow the same rule ,ie that they cannot multiple account with same email address

please give feedback about these changes i made, is there any harmful effect?
i have tested it there seem to no problem

netjockey


Alistair Thomson

netjockey, your fix was good for me. I have a forum based on 1.1.2 and maybe that was the problem, but I could not find the code in subs-members.php that either you or the OP had listed.

But I found

if (mysql_num_rows($request) != 0)

occurring just once in subs-members.php and applied your code as appropriate, and it works just fine. In the forum I set up, only Admin is allowed to register members, so since your code works for that scenario I guess profiles.php and register.php can be left untouched. :D

John Willson

Hello every one,Thanks for the shearing.




netjockey

thanks for replying i just wanted confirmation of this

Advertisement: