Hi
I'm interested in applying custom rules for who is allowed to create a new account on my wiki, e.g. only allow new users who use an e-mail address from a particular domain.
How can I do this? I have looked at the ConfirmAccount-Extension but from what I understand it involves sysops manually approving new accounts, which seems cumbersome. Is there any way to do it automatically?
/Aron
Aron Hennerdal wrote:
Hi
I'm interested in applying custom rules for who is allowed to create a new account on my wiki, e.g. only allow new users who use an e-mail address from a particular domain.
How can I do this? I have looked at the ConfirmAccount-Extension but from what I understand it involves sysops manually approving new accounts, which seems cumbersome. Is there any way to do it automatically?
/Aron
We're also interested in this, especially bogus accounts using the ".ru" domain.
Chuck
I ended up implementing it as a function in LocalSettings.php and attached it to the 'AbortNewAccount'-hook. This triggers in the addNewAccountInternal-method of the LoginForm-class in SpecialUserlogin.php. Seems to do the trick.
If anyone has a better, cleaner or more secure way to do it, I'm interested.
/Aron
On Wed, Oct 17, 2007 at 09:39:09PM -0500, Chuck wrote:
Aron Hennerdal wrote:
Hi
I'm interested in applying custom rules for who is allowed to create a new account on my wiki, e.g. only allow new users who use an e-mail address from a particular domain.
How can I do this? I have looked at the ConfirmAccount-Extension but from what I understand it involves sysops manually approving new accounts, which seems cumbersome. Is there any way to do it automatically?
/Aron
We're also interested in this, especially bogus accounts using the ".ru" domain.
Chuck
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Could you post (somewhere) some details of what you did?
Being brand new to mediawiki and PHP and MySQL, what you are saying gets my interest but I really have no idea what you are talking about.
I am finding my way around but these generalize answers really do not help me (or other new users I would presume).
Thanks Ralph
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Aron Hennerdal Sent: Friday, October 19, 2007 5:16 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Restrict account creation
I ended up implementing it as a function in LocalSettings.php and attached it to the 'AbortNewAccount'-hook. This triggers in the addNewAccountInternal-method of the LoginForm-class in SpecialUserlogin.php. Seems to do the trick.
If anyone has a better, cleaner or more secure way to do it, I'm interested.
/Aron
On Wed, Oct 17, 2007 at 09:39:09PM -0500, Chuck wrote:
Aron Hennerdal wrote:
Hi
I'm interested in applying custom rules for who is allowed to
create a new account on my wiki, e.g. only allow new users who use an e-mail address from a particular domain.
How can I do this? I have looked at the
ConfirmAccount-Extension but from what I understand it involves sysops manually approving new accounts, which seems cumbersome. Is there any way to do it automatically?
/Aron
We're also interested in this, especially bogus accounts using
the ".ru"
domain.
Chuck
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Why not. I could use some feedback, as I'm not very experienced in php or mediawiki myself.
New code in LocalSettings.php:
# Restrict user creation to mydomain0.com/mydomain1.com function fnAbortNonMyDomainHook($user, $message) {
global $wgRequest; $email = $wgRequest->getText( 'wpEmail' ); $emailSplitList = split("@", $email, 2); if ( $emailSplitList[1] != "mydomain0.com" && $emailSplitList[1] != "mydomain1.com" ) { $message = "The only allowed e-mail domains are mydomain0.com and mydomain1.com"; return false; } return true; }
$wgHooks['AbortNewAccount'][] = 'fnAbortNonMyDomainHook';
The code checks what the user put as e-mail address into the form, and returns false if it doesn't match. By adding the function name to the $wgHooks-array at the 'AbortNewAccount'-entry, the function gets called before the user account is created.
Hooks are described in http://www.mediawiki.org/wiki/Manual:MediaWiki_hooks
/Aron
On Fri, Oct 19, 2007 at 10:53:55AM -0400, Ralph Hulslander wrote:
Could you post (somewhere) some details of what you did?
Being brand new to mediawiki and PHP and MySQL, what you are saying gets my interest but I really have no idea what you are talking about.
I am finding my way around but these generalize answers really do not help me (or other new users I would presume).
Thanks Ralph
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Aron Hennerdal Sent: Friday, October 19, 2007 5:16 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Restrict account creation
I ended up implementing it as a function in LocalSettings.php and attached it to the 'AbortNewAccount'-hook. This triggers in the addNewAccountInternal-method of the LoginForm-class in SpecialUserlogin.php. Seems to do the trick.
If anyone has a better, cleaner or more secure way to do it, I'm interested.
/Aron
On Wed, Oct 17, 2007 at 09:39:09PM -0500, Chuck wrote:
Aron Hennerdal wrote:
Hi
I'm interested in applying custom rules for who is allowed to
create a new account on my wiki, e.g. only allow new users who use an e-mail address from a particular domain.
How can I do this? I have looked at the
ConfirmAccount-Extension but from what I understand it involves sysops manually approving new accounts, which seems cumbersome. Is there any way to do it automatically?
/Aron
We're also interested in this, especially bogus accounts using
the ".ru"
domain.
Chuck
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
2007/10/23, Aron Hennerdal aron.hennerdal@cbr.su.se:
Why not. I could use some feedback, as I'm not very experienced in php or mediawiki myself.
New code in LocalSettings.php:
# Restrict user creation to mydomain0.com/mydomain1.com function fnAbortNonMyDomainHook($user, $message) {
global $wgRequest; $email = $wgRequest->getText( 'wpEmail' ); $emailSplitList = split("@", $email, 2); if ( $emailSplitList[1] != "mydomain0.com" && $emailSplitList[1] != "mydomain1.com" ) { $message = "The only allowed e-mail domains are mydomain0.com and mydomain1.com"; return false; } return true; }
This will not work: a (valid) email address like '"bob@example0.com"@evil.com' (including the double quotes, not including the single quotes) will pass, even though it's not actually supposed to.
2007/10/23, Schneelocke schneelocke@gmail.com:
This will not work: a (valid) email address like '"bob@example0.com"@evil.com' (including the double quotes, not including the single quotes) will pass, even though it's not actually supposed to.
Err, scratch that - I haven't had enough coffee yet today. Urgh. x.x
# Restrict user creation to mydomain0.com/mydomain1.com function fnAbortNonMyDomainHook($user, $message) {
global $wgRequest; $email = $wgRequest->getText( 'wpEmail' ); $emailSplitList = split("@", $email, 2); if ( $emailSplitList[1] != "mydomain0.com" && $emailSplitList[1] != "mydomain1.com" ) { $message = "The only allowed e-mail domains are mydomain0.com and
mydomain1.com";
return false;
} return true; }
This will not work: a (valid) email address like '"bob@example0.com"@evil.com' (including the double quotes, not including the single quotes) will pass, even though it's not actually supposed to.
This is true and one can make a regex that will match the end of the string but I was thinking that one could force the user to confirm email before login in addition to the regex check as noted here:
http://rageonline.wordpress.com/2007/04/30/force-email-confirmation-in-media... ki-19/
One could also prompt for just the username and not the domain and then send an email confirmation and abort the login if the account is not confirmed.
Mark W.
mediawiki-l@lists.wikimedia.org