When signing up, is it possible to restrict the types of email addresses the user can use?
For example, @hotmail.com can't be used, but @gmail.com can.
Topic on Project:Support desk
Use the hook AbortNewAccount. In that hook, you have the variable $user, which allows you to access the data, which the user has provided. This also includes the email address.
You could for example add something like this to LocalSettings.php:
// Call hook when a new user is registered
$wgHooks['AbortNewAccount'][] = 'onAbortNewAccount';
/**
* Check, if the email address is OK
*
* @returns TRUE, if it was OK, FALSE, if it was not
*/
function onAbortNewAccount( $user, $message ) {
// Check the email address...
// Add your code here...
$providedEmailAddress = $user->getEmail();
if (strpos($providedEmailAddress, '@hotmail.com' !== FALSE)
|| strpos($providedEmailAddress, '@example.com' !== FALSE)) {
// Set error message
$message = 'You cannot use an email address from hotmail.com or example.com. Use another host instead!';
// Stop processing; no registration possible
return FALSE;
}
return TRUE;
}
Untested, but should give you an idea of what to do...
Would I be right in saying that
||
means OR?
Would this work: <syntaxhighlight lang="php"> if (strpos($providedEmailAddress, '@hotmail.com' !== FALSE)
|| strpos($providedEmailAddress, '@example.com' !== FALSE)
|| strpos($providedEmailAddress, '@google.com' !== FALSE)) {
// Set error message
$message = 'You cannot use an email address from $providedEmailAddress . Use another host instead!';
// Stop processing; no registration possible
return FALSE;
}Yes, "||" means "or".
In the part you quoted, you can remove the check against "example.com". example.com is a domain,which is reserved for examples. It can only be used in examples; you can be sure that no one will have it in real life. For $message you need to amend the different parts of the string together. Like so:
if (strpos($providedEmailAddress, '@hotmail.com' !== FALSE)
|| strpos($providedEmailAddress, '@google.com' !== FALSE)
|| strpos($providedEmailAddress, '@spammer.com' !== FALSE)) {
// Set error message
$message = 'You cannot use the email address ' . $providedEmailAddress . '. Use an address from another host instead!';
// Stop processing; no registration possible
return FALSE;
}
(Apologies in advance if it's bad etiquette here to resurrect an old discussion thread. :) )
On a security note, you should be careful using "strpos() !== FALSE" to check for the domain name of an email address. It can be fooled by a custom-made subdomain, e.g. "badguy@google.com.myrealdomain.example.com". In this particular case, the example is about blacklisting domains, so it doesn't matter that much, but if you were trying to whitelist domains, then this would be a big problem
If you're trying to determine for sure whether an email address is @ a particular domain, you need to specifically check that the email address ends with "@" and the domain. There are several ways to achieve this in PHP. One way that's fairly easy is to reverse the email address, and reverse the domain name + "@", and then use strpos to see if the reversed domain name is at the start of the reversed email address:
// Note that you need to do the triple-equals sign, because we're checking for the integer 0.
if (strpos(strrev($providedEmailAddress), strrev('@hotmail.com')) === 0) {
// It's a hotmail account...
}