User talk:Wookienz
Hi. Here's something I found re the above extension:
Even if you limit registration to a email addresses from a certain domain, the extension can easily be bypassed if:
- A user creates an account with foo@required.com.
- User does not confirm email address (so the email doesn't even have to be real).
- User goes to preferences, changes email to whatever they want (such as their own email address), and confirms that one.
- Afterwards, user can do whatever was previously restricted on the wiki.
I discovered this a couple of weeks ago while playing around with it on my personal wiki but forgot about it until I began deleting some old extensions from it today.
I'm not sure if this is the desired behavior or whether this can be addressed through a simple patch, but currently it seems that the extension isn't much use to someone who has a few minutes to circumvent it.
Cheers,
Fetchcomms 22:31, 3 January 2012 (UTC)
Not sure if this is the place to reply...
I built this along time agao for a project that i dont use anymore, so unlikely i will update it. You are correct in your points, however i am comfortable with people using a specific email address and when verified can change to someting else. I just needed to ensure they were from a specific domain from the start. The email will need to be verified to ednrue that you cant fake an email address.
Cheers.
EmailDomainCheck for multiple domains[edit]
Hi Wookienz, thanks for the extension for email domains. I hope you're still monitoring this page.
I need to provide a collaboration portal for disaster recovery documentation that will need to have contributions and (hopefully never) read access to implement disaster recovery procedures, so multiple domains are approved - one for each partner.
I have zero PHP skills, but develop in other languages so hopefully I am right that my proposal is simple to implement. Can you help out with expanding this to multiple acceptable domains? I imagine this can be achieved by using a variable like $wgEmailDomains, a space- (or other) separated list of acceptable domains and iterating over the expanded array.
Thanks
Hi,
Havent touched this in years but i had a quick look and maybe this will work...
function efEmailDomainCheck( $user, &$error ) {
global $wgEmailDomain;
if ( isset( $wgEmailDomain ) ) {
list( $name, $host ) = explode( "@", $user->getEmail() );
if in_array($host, $wgEmailDomain) {
return true;
} else {
$error = wfMsgHtml( 'emaildomaincheck-error', $wgEmailDomain );
return false;
}
}
}
and
$wgEmailDomain = array( 1 => 'somedomain.org', 2 => 'otherdomain.org')
cheers.
Added feature to EmailDomainCheck[edit]
Hello Wookienz,
I have added a new feature to the Extension:EmailDomainCheck extension that checks to see if the email address has already been used with a registered account. I was wondering if you would be interested in reviewing my contributions and possibly adding it to the extension code. If not, I can post on the talk page.