homepage Welcome to WebmasterWorld Guest from 54.234.128.25
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
How to check similar emails in login script
impact




msg:4348881
 1:36 am on Aug 8, 2011 (gmt 0)

Dear,

I just discovered a problem that never existed in my mind before. I have a regular signup script which accepts username, email and password.

I do not allow special characters or upper case in username so a standard search in the mysql database yields the desired result.

However, for email i do allow special character such as " . " I just realized that, in case of gmail when I email to abc@gmail.com or a.b.c@gmail.com or ab.c@gamil.com the email will be delivered to abc@gmail.com. This means that a person with one gmail id can create multiple account on my site. Which would be bad for me.

Please any one, any suggestion on this please?

Thank you.

 

lostdreamer




msg:4348957
 10:14 am on Aug 8, 2011 (gmt 0)

Eehm... I dont know how you're sending your emails, but when sending email to a.b.c@gmail.com, it will (**SHOULD**) be sent to a.b.c@gmail.com

Perhaps you have a reg_exp somewhere that removes the dots?

impact




msg:4348962
 11:05 am on Aug 8, 2011 (gmt 0)

Thanks for replying.

Lets say your email is abc@gmail.com. Try sending an email to ab.c@gmail.com and you will see that in most cases, the email will arrive at abc@gmail.com.

This special feature of gmail can allow a person to have double account in my site with the same gmail id. Which is bad. So I want to know how can i prevent this?

Thank you

lostdreamer




msg:4348965
 11:16 am on Aug 8, 2011 (gmt 0)

I have a few gmail domains (all with . in them)
Since every email I send to myself does go into my inbox you're saying someone with the same email as mine, but without the dots, would also get all my emails? Somehow I don't think this is the case ;)

To make sure I also created a gmail address with the same name as one of my others, but this time without any dots.

so for now I have i.e.: lost.dreamer@gmail.com and lostdreamer@gmail.com

sending email to lost.dreamer@gmail.com does not get into my lostdreamer@gmail.com mail address.

I have just tested this from PHP running localhost, and from a 'normal' email client.

The problem must be somewhere on your side...


Regards,
LostDreamer

impact




msg:4348997
 1:58 pm on Aug 8, 2011 (gmt 0)

How?

I just tried creating "impact@gmail.com" but it has been registered by some one else, then I tried "imp.act@gmail.com and this is the message I am getting from google;

We ignore periods when checking usernames, so imp.act and impact are the same. Try a new username.

Coming back to my problem, in my script I cant ignore periods for the simple reason that, other companies such as mail.com treats
impact@mail.com and imp.act@mail.com as two independent emails.

so what now?

Well, while I am writing this, it just came into my mind that, may be as far as gmail.com is concerned, I can ignore periods as a special case when the users email is from gmail.com and for all other domain, i can count as independent email.

Thank you

rocknbil




msg:4349063
 4:28 pm on Aug 8, 2011 (gmt 0)

Seems fairly easy then, don't allow gmail user name dots in email and reflect the same message when encountered (that gmail removes the dots.)

I never knew that about gmail. Odd.

CSS_Kidd




msg:4349096
 5:12 pm on Aug 8, 2011 (gmt 0)

@impact: Just to confirm, I have had a gmail account for years as such - firstname.lastname@gmail.com. No matter where the '.' is or even if it isn't used, I will still receive emails regardless. This is basically what your are being told by google's message.

I did a search on how to weed out and prevent multiple accounts created using the "gmail loophole", and there are quite a few nice code snippets that use some if statements / reg expression trickery.

Just a note here, You may want to clarify this subject by updating the title to say something like "How to check for gmail address variations in login script"

penders




msg:4349434
 11:59 am on Aug 9, 2011 (gmt 0)

loastdreamer: To make sure I also created a gmail address with the same name as one of my others, but this time without any dots.
so for now I have i.e.: lost.dreamer@gmail.com and lostdreamer@gmail.com
sending email to lost.dreamer@gmail.com does not get into my lostdreamer@gmail.com mail address.


I don't know how you managed to achieve this? This should be impossible! lost.dreamer@gmail.com and lostdreamer@gmail.com are THE SAME ACCOUNT as far as gmail is concerned. As mentioned, gmail ignores the '.' when creating the unique email address.

----

Just a thought (as an end user)... if you filter periods out of @gmail addresses for the purpose of comparison, I would still like to see my email address with the periods intact (as I would have entered it) when viewing my account details. So I think this would mean you'd need an additional field in your database to hold the 'unique' email?

impact




msg:4349508
 2:46 pm on Aug 9, 2011 (gmt 0)

@ penders

Not really, when creating a new account, we all check if that email id is already existing in our database or not. What I am going to do now is to add another layer to check the domain of the email id, if it is gmail, i will double check the database. First as it is entered by the user. Secondly,if periods exist, without period.

That should solve the problem i guess !

penders




msg:4349552
 4:27 pm on Aug 9, 2011 (gmt 0)

If you are not storing the unique, non-period email address, then if the user entered "abc.def@gmail.com", you would need to...

#1 Check for "abc.def@gmail.com"
#2 Check for "abcdef@gmail.com"

and...
#3 Check for "a.bcdef@gmail.com"
#4 Check for "ab.cdef@gmail.com"
:
#n Check for "a.b.c.d.e.f@gmail.com"

This should perhaps be done with a SQL regular expression [dev.mysql.com].

Or, you simply store this unique email address (without periods) in the email address field. But the user then sees their (gmail) email address without periods.

Or, you have an additional field to store the unique email address.

penders




msg:4349674
 9:01 pm on Aug 9, 2011 (gmt 0)

Just a thought... if your target audience also includes the UK, then "@googlemail.co.uk" is another domain that makes the period optional in the name part of the email address. AND "@googlemail.co.uk" is the same account/email as "@gmail.com". So, the unique email address (for comparison purposes) of "some.email.address@googlemail.co.uk" is actually "someemailaddress@gmail.com"!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved