Restrict Email Providers on Registration

[Kermit]

Thanks for the Mod. It seems to work most of the time.

I have set it to only allow registration from one domain. When I test it there are no problems. I have had a couple of members sneek through trying to register with yahoo and hotmail accounts. Is there something else I need to to to prevent them registering? The way I read the config you either have domains allowed or domains not allowed not both. Is that correct?

Logically to make it both is not possible,don't you think ? 

and regarding other problems,which have been said by other members in this thread, i will have a look when i have some spare time

[steiger]

Hi Kermit,
I just installed this mod and reduced the number of fake registrations noticeably.

But I found a small glitch in the code.
In some cases $_POST['email'] is not set which results in an entry in the error log for the preg_match line.
A check would be useful.

Subs-Members.php

Code Select Expand

   if (!empty($modSettings['enable_restrict_EmailProvider']) && !empty($modSettings['restricted_provider']))
   {
      foreach($restricted_provider as $provider)
      {         
         preg_match('/' . $provider . '+/i', $_POST['email'], $matches);
   
         if(count($matches) > 0)
            fatal_error(sprintf($txt['restricted'], $regOptions['username']), false);
      }
   }


My fix:
// Lets restrict some email providers
   if ((!empty($modSettings['restricted_provider'])) && isset($_POST['email']))
   {


Thanks for your work!

[steiger]

It seems that there is no interest in fixes for this mod.
The owner is active but does not respond.

OK for me. Will stop posting then.

[raevynn]

I have installed this mod with the latest version of SMF, but it appears to not be working. I use a whitelist only, and whenever I try to register an account with an e-mail address from the whitelist, I get the error message.

How can I fix this? This feature is essential to my forum.

[azasmith]

Hi Kermit,

sorry for bumping the old thread but I've got an error with the mod.

forum/index.php?action=register2
2: preg_match(): Compilation failed: nothing to repeat at offset 0
File: /home/hzinfo/public_html/forum/Sources/Subs-Members.php
Line: 536

Code Select Expand

if (!empty($modSettings['enable_restrict_EmailProvider']) && !empty($modSettings['restricted_provider']))
    {
        foreach($restricted_provider as $provider)
        {
            preg_match('/' . $provider . '+/i', $_POST['email'], $matches);

            if(count($matches) > 0)
                fatal_error(sprintf($txt['restricted'], $regOptions['username']), false);
        }
    }

Have you had anything like this in the past? Any ideas of what route to take to rectify it? It only occurs when a user successfully signs up, i.e uses an address that's not on the restriction list.

Thanks.

[IchBin™]

azasmith, try the preg_match link without the plus sign. I don't know regex that well, but from what little I know I don't "think" that is necessary and am wondering if that is the problem. Let me know if that fixes it.

This mod should be updated to use some hooks. This mod could probably be done without any file edits.

[Arantor]

Or not.

The error is quite clear about what the problem is, actually. + means 1 or more of the preceding, except there's nothing preceding it because $provider is empty, because $restricted_provider doesn't seem to be declared - $modSettings['restricted_provider'] is checked but not $restricted_provider, and I'm not exactly sure that $restricted_provider is the bare $modSettings['restricted_provider'] entry. Gut instinct tells me that $restricted_provider should have been declared before the foreach as explode(',', $modSettings['restricted_provider'])

But the + should be there.

[IchBin™]

Does the + mean one or more in this case?

[Arantor]

Well, that was the mod author's intention, to match one or more times.

Now that I think about it, there is potentially a bigger problem which the + may be to workaround; in regex, the period character (as in domain.com) is a special character. Unless there's a preg_quote involved to negate that, the + is probably there to work around the way the . will be handled.

[IchBin™]

Yeah I couldn't see why a + was needed. Good catch on the period being an issue. If it were me, I'd probably avoid doing preg_match and just use strstr() to find the string from the @ sign. Maybe I'll whip this mod up doing that with some hooks.

[Arantor]

Yeah, strstr could work and it would be cleaner because it would be able to match the entire domain name as opposed to potentially matching subdomains inappropriately - for example a match against @domain.co would block @domain.com, @domain.co.uk etc.

This may or may not be desirable behaviour depending on your outlook on it.

[azasmith]

Any help would be exceptionally helpful.

Blocking subdomains would be really useful as lots of the ones I've blocked come in .net,.com varieties which I may have missed.

[IchBin™]

Only thing I can think of is to check your restricted domains. Make sure there are no spaces or any other unneeded characters in it. That could possibly mess it up I suppose. It seems to think that you don't have any providers when it errors.

[azasmith]

It seems to think that you don't have any providers when it errors.

This is the correct behaviour, it only errors when an email address is used that's not in the blacklist.

For example:

User signs up using domain on blacklist - Blocked registration, no error.
User signs up using domain not listed - Allowed to sign up, error filed.

I'm thinking that it's taking the domains and checking it against the blacklist, not finding it listed, then checking it against the whitelist too, which is empty, thus the error. I'm not seeing much chance of the mod author seeing this thread, as they've not posted in over a year, but it's a fantastic mod.

[IchBin™]

Maybe I can explain a little better... It seems to me that the error you are getting is indicating that it doesn't think you have any email domains in the restricted provider part. When preg_match() tries to see if you have $provider in the $_POST['email'] it pukes on "offset 0" which is $provider. So something is happening with your restricted domains that you've entered. Either it is getting set to an empty array, or it is something is not set right in the array.

I'll see if I can't give this a test here and figure it out.  Would be helpful if you double checked the domains you have put in the restricted domains input box. Just to make sure you don't have something strange in that input that could cause any problems.

ETA:
I just noticed in the mod it says you should leave one empty. Are you using both accepted and restricted? The mod indicates you should only use one, but I'm not sure if that would cause problems at this point.

[azasmith]

Hi Ichbin, I missed your reply. I've been through the list of email addresses, noticed one or two were missing @ symbols. (It was a prepopulated list that someone else had used, I've been through and set them all into the right format.

Code Select Expand

@domain.com,@domain.com,

I've reuploaded this list and tested registrations again, still getting the error when I use an address not in the blacklist. I checked for any spaces, didn't catch any. Even tried find on ', @' etc.

I've only got emails in the blacklist. The whitelist is empty. As it's supposed to be.

[Arantor]

Except the comma on the end makes an empty entry.

When the explode() operation runs, it will create THREE items, the first @domain.com entry, the second @domain.com entry, and a third blank entry.

Take off the trailing , in that.

[azasmith]

Hi Arantor, Sorry, the last entry in the field doesn't have the trailing comma, probably should've included that. 

[Sudhakar Arjunan]

Is there a known list of these E-Mail providers?

I prepared a list of the most common 300 providers of disposable email addresses. It is here in the Charter-only section.

http://www.simplemachines.org/community/index.php?topic=274412.msg1798516#msg1798516

Please do not leak it.

Amazing mod kermit, thanks very useful to reduce spam registrations which was frustrating for years.

Anyone could open this link for us, which will be very useful.

[Arantor]

No, he actually specifically says about NOT leaking it.