[Mediawiki-l] Restrict account creation
Mark Wonsil
wonsil at 4m-ent.com
Tue Oct 23 10:58:58 UTC 2007
> > # Restrict user creation to mydomain0.com/mydomain1.com
> > function fnAbortNonMyDomainHook($user, $message) {
> >
> > global $wgRequest;
> > $email = $wgRequest->getText( 'wpEmail' );
> > $emailSplitList = split("@", $email, 2);
> > if ( $emailSplitList[1] != "mydomain0.com" &&
> > $emailSplitList[1] != "mydomain1.com" ) {
> > $message = "The only allowed e-mail domains are mydomain0.com and
> mydomain1.com";
> > return false;
> > }
> > return true;
> > }
>
> This will not work: a (valid) email address like
> '"bob at example0.com"@evil.com' (including the double quotes, not
> including the single quotes) will pass, even though it's not actually
> supposed to.
This is true and one can make a regex that will match the end of the string
but I was thinking that one could force the user to confirm email before login
in addition to the regex check as noted here:
http://rageonline.wordpress.com/2007/04/30/force-email-confirmation-in-mediawi
ki-19/
One could also prompt for just the username and not the domain and then send
an email confirmation and abort the login if the account is not confirmed.
Mark W.
More information about the MediaWiki-l
mailing list