User talk:Wookienz

From mediawiki.org
Jump to navigation Jump to search

Extension:EmailDomainCheck[edit]

Hi. Here's something I found re the above extension:

Even if you limit registration to a email addresses from a certain domain, the extension can easily be bypassed if:

  • A user creates an account with foo@required.com.
  • User does not confirm email address (so the email doesn't even have to be real).
  • User goes to preferences, changes email to whatever they want (such as their own email address), and confirms that one.
  • Afterwards, user can do whatever was previously restricted on the wiki.

I discovered this a couple of weeks ago while playing around with it on my personal wiki but forgot about it until I began deleting some old extensions from it today.

I'm not sure if this is the desired behavior or whether this can be addressed through a simple patch, but currently it seems that the extension isn't much use to someone who has a few minutes to circumvent it.

Cheers,

Fetchcomms 22:31, 3 January 2012 (UTC)


Not sure if this is the place to reply...

I built this along time agao for a project that i dont use anymore, so unlikely i will update it. You are correct in your points, however i am comfortable with people using a specific email address and when verified can change to someting else. I just needed to ensure they were from a specific domain from the start. The email will need to be verified to ednrue that you cant fake an email address.


Cheers.

EmailDomainCheck for multiple domains[edit]

Hi Wookienz, thanks for the extension for email domains. I hope you're still monitoring this page.

I need to provide a collaboration portal for disaster recovery documentation that will need to have contributions and (hopefully never) read access to implement disaster recovery procedures, so multiple domains are approved - one for each partner.

I have zero PHP skills, but develop in other languages so hopefully I am right that my proposal is simple to implement. Can you help out with expanding this to multiple acceptable domains? I imagine this can be achieved by using a variable like $wgEmailDomains, a space- (or other) separated list of acceptable domains and iterating over the expanded array.

Thanks


Hi,

Havent touched this in years but i had a quick look and maybe this will work...


function efEmailDomainCheck( $user, &$error ) {

       global $wgEmailDomain;

       if ( isset( $wgEmailDomain ) ) {

               list( $name, $host ) = explode( "@", $user->getEmail() );
               if in_array($host, $wgEmailDomain) {
                       return true;
               } else {
                       $error = wfMsgHtml( 'emaildomaincheck-error', $wgEmailDomain );
                       return false;
               }
       }

}


and

$wgEmailDomain = array( 1 => 'somedomain.org', 2 => 'otherdomain.org')


cheers.

Added feature to EmailDomainCheck[edit]

Hello Wookienz,

I have added a new feature to the Extension:EmailDomainCheck extension that checks to see if the email address has already been used with a registered account. I was wondering if you would be interested in reviewing my contributions and possibly adding it to the extension code. If not, I can post on the talk page.

--Dgennaro 18:33, 10 February 2015 (UTC)