Open main menu

User talk:Wookienz

Extension:EmailDomainCheckEdit

Hi. Here's something I found re the above extension:

Even if you limit registration to a email addresses from a certain domain, the extension can easily be bypassed if:

  • A user creates an account with foo@required.com.
  • User does not confirm email address (so the email doesn't even have to be real).
  • User goes to preferences, changes email to whatever they want (such as their own email address), and confirms that one.
  • Afterwards, user can do whatever was previously restricted on the wiki.

I discovered this a couple of weeks ago while playing around with it on my personal wiki but forgot about it until I began deleting some old extensions from it today.

I'm not sure if this is the desired behavior or whether this can be addressed through a simple patch, but currently it seems that the extension isn't much use to someone who has a few minutes to circumvent it.

Cheers,

Fetchcomms 22:31, 3 January 2012 (UTC)


Not sure if this is the place to reply...

I built this along time agao for a project that i dont use anymore, so unlikely i will update it. You are correct in your points, however i am comfortable with people using a specific email address and when verified can change to someting else. I just needed to ensure they were from a specific domain from the start. The email will need to be verified to ednrue that you cant fake an email address.


Cheers.

EmailDomainCheck for multiple domainsEdit

Hi Wookienz, thanks for the extension for email domains. I hope you're still monitoring this page.

I need to provide a collaboration portal for disaster recovery documentation that will need to have contributions and (hopefully never) read access to implement disaster recovery procedures, so multiple domains are approved - one for each partner.

I have zero PHP skills, but develop in other languages so hopefully I am right that my proposal is simple to implement. Can you help out with expanding this to multiple acceptable domains? I imagine this can be achieved by using a variable like $wgEmailDomains, a space- (or other) separated list of acceptable domains and iterating over the expanded array.

Thanks


Hi,

Havent touched this in years but i had a quick look and maybe this will work...


function efEmailDomainCheck( $user, &$error ) {

       global $wgEmailDomain;

       if ( isset( $wgEmailDomain ) ) {

               list( $name, $host ) = explode( "@", $user->getEmail() );
               if in_array($host, $wgEmailDomain) {
                       return true;
               } else {
                       $error = wfMsgHtml( 'emaildomaincheck-error', $wgEmailDomain );
                       return false;
               }
       }

}


and

$wgEmailDomain = array( 1 => 'somedomain.org', 2 => 'otherdomain.org')


cheers.

Added feature to EmailDomainCheckEdit

Hello Wookienz,

I have added a new feature to the Extension:EmailDomainCheck extension that checks to see if the email address has already been used with a registered account. I was wondering if you would be interested in reviewing my contributions and possibly adding it to the extension code. If not, I can post on the talk page.

--Dgennaro 18:33, 10 February 2015 (UTC)

Return to the user page of "Wookienz".