1

Topic: Restricting email addresses

Hi, I thought I might just make a quick note here in case it's useful to anyone. I need to restrict registrations to one of a set of pre-defined email addresses. This is for a site that is being run for University classes.

In config.php, add (for example):

$email_whitelist = array(
  "uts.edu.au",
  "eecs.berkeley.edu"
);

In lang/English/common.php, add:

'Unlisted e-mail'               =>      'This email address does not match the list of valid email suffixes. Please post in the login help forum if you believe this is an error.',

In register.php, after:

        if (!is_valid_email($email1))   
                message($lang_common['Invalid e-mail']);

add:

        else if (!is_email_whitelisted($email1))
                message($lang_common['Unlisted e-mail']);   

And in include/email.php, add:

//
// Check if an email address is whitelisted
//
function is_email_whitelisted($email) {
        global $email_whitelist;
        foreach ($email_whitelist as $p) {
                $p1 = ereg_replace('\.', '\\.', $p);
                $p2 = '^[^@]+@' . $p1 . '$';
                $p3 = '^[^@]+@[^@]+\.' . $p1 . '$';

                if (eregi($p2, $email) || eregi($p3, $email))
                        return true;
        }
        return false;
}

Only tested quickly but it seems to work. Thanks smile

JohnR

Re: Restricting email addresses

Possibly an easier way: explode the given email address on the @ and compare $element[1] to the email smile

Re: Restricting email addresses

And faster too.

4

Re: Restricting email addresses

Ah, but you have to be able to register with subdomains. eg when it says "uts.edu.au" up there, then 235213@student.uts.edu.au is also a valid email address.

5

Re: Restricting email addresses

I commented out the flood registration check. Students will be registering from behind a proxy, one per hour won't work...! It would be nice if that were an admin option wink

First class tomorrow...

Re: Restricting email addresses

*points at signature*
With the mod in the first link you can set the timeout from the admin panel wink

Re: Restricting email addresses

Could this be modified to allow any email domain _except_ for hotmail.com?

I'm one of the unlucky people who can't get any emails to Hotmail.com users. It would be nice if there was a way to not allow users to use a hotmail.com email address at all. I've already got a little message about it when they sign up, but  this would be an added security.

Re: Restricting email addresses

You can ban *@hotmail.com by default I believe

9 (edited by teamriab 2007-04-13 20:40)

Re: Restricting email addresses

Smarty! You're so smart. Thanks!

update: Weird. I just added the "*@hotmail.com" to the ban domains, then swithed  to "No" the setting in the Admin Permissions to disallow users from changing email to a banned address/domain.

I then logged in as a test user, and was able to change my email in my Profile to a hotmail.com one with no error message.

Re: Restricting email addresses

JohnR wrote:

Ah, but you have to be able to register with subdomains. eg when it says "uts.edu.au" up there, then 235213@student.uts.edu.au is also a valid email address.

How about checking the end of the string?

function is_email_whitelisted($email) {
    global $email_whitelist;

    $input = explode('@', $email);
    $input_length = strlen($input[1]);
    
    foreach($email_whitelist as $white) {
        if (substr($input[1], -strlen($white)) == $white)
            return true;
    }
    
    return false;
}

Re: Restricting email addresses

OK, I sort of figured it out.

There's nothing "wrong" with the way I did it, I just expected it to work a different way than it does.

"Banning" a domain only prevents new users from registering with an email domain on the ban list. It does not prevent them from changing their email address once logged in, to an email domain on the banned list.