Welcome to Geeklog Sunday, October 17 2021 @ 11:37 pm EDT

Geeklog Forums

Prevent new user creation


Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Is there a function I can add to filter new user applications by email address. I have a bunch of bogus user accounts with mail.ru and cashette.com return addresses that I will I could just deny when they were creating the accounts. Is there a built in way to do this or do I need to make a hack?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
In config.php:
PHP Formatted Code
$_CONF['usersubmission']  = 0; // 1 = new users must be approved
(...)
// When user submission is activated, allow users from these domains to
// register without having to go through the submission queue.
$_CONF['allow_domains'] = ''; // e.g. 'mycompany.com,myothercompany.com'
 

bye, Dirk
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
No, that's a whitelist. I want the opposite. I want all users to be automatically approved except for a few blacklisted domains.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by jmucchiello: No, that's a whitelist.

Right, but that's all Geeklog has to offer at the moment.

bye, Dirk
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Any chance you could add something like this to lib-common.php:

PHP Formatted Code
function COM_isEmail( $email )
{
    if (function_exists('custom_emailblacklist'))
    {
        if (custom_emailblacklist($email))
        {
            return FALSE;
        }
    }
// rest of COM_isEmail continues here.
}
 


In lib-custom.php a sample custom_emailblacklist would look something like:
PHP Formatted Code
// custom_emailblacklist returns TRUE if the $email address matches a pattern on the blacklist
function custom_emailblacklist( $email )
{
    if (strpos($email, 'somebad.address') !== FALSE or
        strpos($email, 'someother.address') !== FALSE or
        strpos($email, 'athird.address') !== FALSE)
    {
         return TRUE;
    }
    return FALSE;
}
 


That's may off the cuff hack anyway. Move this thread to hacks if you like.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
confused
Actually, it appears that $_CONF['allow_domains'] has gone missing from 1.4.0 for whatever reason. I.e. it's documented and listed in config.php but not used anywhere. Hmm ...

bye, Dirk
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
My hack is ugly. Properly done there'd be an array of regexes in something like $_CONF["address_blacklist"] that the funciton would check using preg_match.
 Quote

DeCEiVeR

Anonymous
Hey guys, I know this is an old post but is there anyway to send an access denied email to the new users that were not approved?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by DeCEiVeR: is there anyway to send an access denied email to the new users that were not approved?

No, but that sounds like a good idea. Submit a feature request ...

bye, Dirk
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
You would probably have to change COM_isEmail to return a reason code for its rejection of an address. Addresses that returned EMAIL_BAD_FORMAT would not receive the above email while addresses that return EMAIL_BANNED_DOMAIN could receive the email.

OTOH, I suspect that sending "sorry your domain is banned" emails will just result in a bunch of bounced messages in your inbox.

While I'm here, this is my current custom_blacklist function:
PHP Formatted Code
function custom_emailblacklist($email)
{
    $blocking = Array(
        'mail.ru',
        'cashette.com',
        'yandex.ru',
        'ya.ru',
        'gold-profits',
        'gawab.com'
        // I've eliminated the ones with curse words in them
    );
    foreach ($blocking as $addr) {
       if (strpos($email, $addr) !== FALSE) {
            COM_accessLog("tried to register $email");
            return TRUE;
        }
    }
    return FALSE;
}
 
 Quote

Status: offline

scroff

Forum User
Regular Poster
Registered: 19/02/03
Posts: 111
This gets dropped into lib-custom?
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
And you have to add a call to the custom function in COM_isEmail in lib-common.php as shown in my 3rd post above (dated July 22). This is a hack. 1.4.1b2 has support for something similar to this right in the config.php.
 Quote

Status: offline

scroff

Forum User
Regular Poster
Registered: 19/02/03
Posts: 111
Thanks for your quick reply.

I added this to lib-custom and the call in lib-common and three blocks ceased to function, giving a 'not found' error;

phpblock_gusstats, phpblock_mg_randommedia and phpblock_mg_maenroll.

The first is for the Who's Online custom block, the second and third are from Media Gallery.

I undid it and they are back.

Just seems I can't use it. Giving it a try
 Quote

All times are EDT. The time is now 11:37 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content