Problem with banned email domains

Posted: Wed Mar 02, 2005 9:39 pm

Hi

I'm just starting to look into this problem, but I thought I should report it.

I extensively use the banned email domains functions.

I noticed tonight that if registering with gmail.com as the domain, it is denied because of the banning of mail.com.

This tells me that there is a problem with the system recognizing PART of the domain match instead of an exact match.

This needs to be corrected... I'm still trying to figure out where things are going south.

Steph

Posted: Wed Mar 02, 2005 10:26 pm

It would be this line in the function ya_mailcheck($user_email)
if (eregi($BadMailList[$i], $user_email)) {

Maybe something like this instead?

Code:




   if ($ya_config['bad_mail'] > "") {


              list($ya_emailname, $ya_userEdomain) = explode("@",$user_email);


      $BadMailList = explode("\n",$ya_config['bad_mail']);


      for ($i=0; $i < count($BadMailList); $i++) {


       if (stristr($ya_userEdomain, $BadMailList[$i])) {


                  $ya_checkEdomain = count(count_chars($ya_userEdomain,1));


                  $ya_badEdomain = count(count_chars($BadMailList[$i],1));


                  if($ya_checkEdomain === $ya_badEdomain){


            $stop = ""._YA_MAIL_BLOCKED." <b>".$BadMailList[$i]."</b>\n";


                  }


       }


      }


   }

Seems like a lot of trouble to get to the desired result if you can think of something simpler feel free to send it my way!

:::Psst I didn't try this yet its off the top of my head and I'm way tired and going to bed now!:::

Posted: Wed Mar 02, 2005 10:38 pm

Something went wrong, it's not banning any of them now.

hmmm

Posted: Wed Mar 02, 2005 10:49 pm

I may be way off here, but wouldn't it be easier to do a preg_match?

Posted: Mon Mar 07, 2005 12:49 pm

I'm still using the last version of NSNYA that I produced and the mail check routine works perfectly fine:

Code:

function ya_mailCheck($user_email) {


    global $stop, $user_prefix, $db, $ya_config;


    $user_email = strtolower($user_email);


    if ((!$user_email) || ($user_email=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$user_email))) $stop = "<center>"._ERRORINVEMAIL."</center><br>";


    if ($ya_config['bad_mail'] > "") {


        $BadMailList = explode("\r\n",$ya_config['bad_mail']);


        for ($i=0; $i < count($BadMailList); $i++) {


            if (eregi($BadMailList[$i], $user_email)) $stop = "<center>"._MAILBLOCKED." <b>".$BadMailList[$i]."</b></center><br>";


        }


    }


    if (strrpos($user_email,' ') > 0) $stop = "<center>"._ERROREMAILSPACES."</center><br>";


    if ($db->sql_numrows($db->sql_query("SELECT user_email FROM ".$user_prefix."_users WHERE user_email='$user_email'")) > 0) $stop = "<center>"._EMAILREGISTERED."</center><br>";


    if ($db->sql_numrows($db->sql_query("SELECT user_email FROM ".$user_prefix."_users WHERE user_email='".md5($user_email)."'")) > 0) $stop = "<center>"._EMAILNOTUSABLE."</center><br>";


    if ($db->sql_numrows($db->sql_query("SELECT user_email FROM ".$user_prefix."_users_temp WHERE user_email='$user_email'")) > 0) $stop = "<center>"._EMAILREGISTERED."</center><br>";


    return($stop);


}

Posted: Mon Mar 07, 2005 1:11 pm

Hi Bob

Thanks for replying.

Unfortunately, that is the same code that exists now and is causing my problems.

For example, If I have mail.com in the banned list and then apply using [ Only registered users can see links on this board! Get registered or login! ], the message I get is:

Quote:

Registration Error!

This site does not allow email accounts from mail.com

Again, it looks like there is not an exact match going on, but rather it is picking up on the last characters of the name.... (thinking gmail.com = mail.com).

Ideas?

Posted: Mon Mar 07, 2005 1:20 pm

Maybe a better question is what in the code I posted above isn't working on your php? Because again I have tested it repeatedly on win/Apache PHP4.3.10 and RedHat/Apache PHP4.3.10.

Anyway try this simplified check.

Code:




   if ($ya_config['bad_mail'] > "") {


              list($ya_emailname, $ya_userEdomain) = explode("@",$user_email);


      $BadMailList = explode("\n",$ya_config['bad_mail']);


      for ($i=0; $i < count($BadMailList); $i++) {


       if (stristr($ya_userEdomain, $BadMailList[$i])) {


                  $ya_checkEdomain = $ya_userEdomain;


                  $ya_badEdomain = $BadMailList[$i];


                  if($ya_checkEdomain == $ya_badEdomain){


            $stop = ""._YA_MAIL_BLOCKED." <b>".$BadMailList[$i]."</b>\n";


                  }


       }


      }


   }

Posted: Mon Mar 07, 2005 4:03 pm

Using the above function failed to block any banned domains. No errors reported... (in fact, I get no errors using any method provided, but rather one of 3 scenarios.

Scenario 1 - original code:
Inproperly blocks domains not in the banned table and identifies a different than banned domain that matches the last characters of the actual domain used during registation.

Scenario 2 - Provided code fix:
Fails to block any domains in the banned table.

Scenario 3 - Other code tried:
Blocks all domains, regardless of if they are in the banned table or not.

I am using PHP4.3.10 in a Apache/1.3.33 (Unix) environment.

When you say "have tested repeatedly" have you tried the exact scenario that I am describing?

1) Put mail.com in your banned table throught the CNBYA Admin User Configuration screen.
2) Attempt to register using any gmail.com address.

Steph

Posted: Mon Mar 07, 2005 4:51 pm

Yes exactly [ Only registered users can see links on this board! Get registered or login! ] fails but [ Only registered users can see links on this board! Get registered or login! ] passes with the first code above. If you don't believe me try it yourself here

But I don't understand is why it fails for you without giving any error or hint as to why.

Posted: Mon Mar 07, 2005 5:05 pm

I dunno six. I can only assume there exists some other difference between the processes of 440B2 and 450B1 that is preventing you from replicating the issue. Either that or there is something screwy on this end, but at this point, I'm at a loss regarding where I should be looking.

Again, it would be nice if there was some way to echo exactly what was going on, but at this point all I can do is report my results.

I even tried to integrate the features of phpBB ban's functions in without success (which always worked with my old YA module)....

Suggestions appreciated.

Steph

Posted: Tue Mar 08, 2005 3:32 am

if you have mail.com to be blocked add @ to the begining of it so it's like @mail.com . That way @hotmail.com, @gmail.com would pass but not @mail.com

Site Admin Joined: Jun 04, 2004 Posts: 6433

Like Bob said, you could add an @ before the banned domain as you define them (e.g. @mail.com instead of mail.com) OR insert @ in the EREGI statement like this:

Code:

            if (eregi('@'.$BadMailList[$i], $user_email)) $stop = "<center>"._MAILBLOCKED." <b>".$BadMailList[$i]."</b></center><br>";

More complex email address validation functions are available using EREGI here: [ Only registered users can see links on this board! Get registered or login! ]

The post by joseph dot ragsdale at xconduit dot com is pretty thorough, and could be easily modified to check for banned email addresses, too. However, since we're talking about registration, I think this is only necessary if you auto-add members without requiring email activation.

Posted: Sun Mar 13, 2005 7:21 am

I hadn't seen six's approach above, but that should also work unless the user fools it by using 2 @ symbols in the email address (e.g. six@one@mail.com).