Welcome to WebmasterWorld Guest from 107.21.159.218

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

How to check similar emails in login script

     

impact

1:36 am on Aug 8, 2011 (gmt 0)

5+ Year Member



Dear,

I just discovered a problem that never existed in my mind before. I have a regular signup script which accepts username, email and password.

I do not allow special characters or upper case in username so a standard search in the mysql database yields the desired result.

However, for email i do allow special character such as " . " I just realized that, in case of gmail when I email to abc@gmail.com or a.b.c@gmail.com or ab.c@gamil.com the email will be delivered to abc@gmail.com. This means that a person with one gmail id can create multiple account on my site. Which would be bad for me.

Please any one, any suggestion on this please?

Thank you.

lostdreamer

10:14 am on Aug 8, 2011 (gmt 0)

5+ Year Member



Eehm... I dont know how you're sending your emails, but when sending email to a.b.c@gmail.com, it will (**SHOULD**) be sent to a.b.c@gmail.com

Perhaps you have a reg_exp somewhere that removes the dots?

impact

11:05 am on Aug 8, 2011 (gmt 0)

5+ Year Member



Thanks for replying.

Lets say your email is abc@gmail.com. Try sending an email to ab.c@gmail.com and you will see that in most cases, the email will arrive at abc@gmail.com.

This special feature of gmail can allow a person to have double account in my site with the same gmail id. Which is bad. So I want to know how can i prevent this?

Thank you

lostdreamer

11:16 am on Aug 8, 2011 (gmt 0)

5+ Year Member



I have a few gmail domains (all with . in them)
Since every email I send to myself does go into my inbox you're saying someone with the same email as mine, but without the dots, would also get all my emails? Somehow I don't think this is the case ;)

To make sure I also created a gmail address with the same name as one of my others, but this time without any dots.

so for now I have i.e.: lost.dreamer@gmail.com and lostdreamer@gmail.com

sending email to lost.dreamer@gmail.com does not get into my lostdreamer@gmail.com mail address.

I have just tested this from PHP running localhost, and from a 'normal' email client.

The problem must be somewhere on your side...


Regards,
LostDreamer

impact

1:58 pm on Aug 8, 2011 (gmt 0)

5+ Year Member



How?

I just tried creating "impact@gmail.com" but it has been registered by some one else, then I tried "imp.act@gmail.com and this is the message I am getting from google;

We ignore periods when checking usernames, so imp.act and impact are the same. Try a new username.

Coming back to my problem, in my script I cant ignore periods for the simple reason that, other companies such as mail.com treats
impact@mail.com and imp.act@mail.com as two independent emails.

so what now?

Well, while I am writing this, it just came into my mind that, may be as far as gmail.com is concerned, I can ignore periods as a special case when the users email is from gmail.com and for all other domain, i can count as independent email.

Thank you

rocknbil

4:28 pm on Aug 8, 2011 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Seems fairly easy then, don't allow gmail user name dots in email and reflect the same message when encountered (that gmail removes the dots.)

I never knew that about gmail. Odd.

CSS_Kidd

5:12 pm on Aug 8, 2011 (gmt 0)

5+ Year Member



@impact: Just to confirm, I have had a gmail account for years as such - firstname.lastname@gmail.com. No matter where the '.' is or even if it isn't used, I will still receive emails regardless. This is basically what your are being told by google's message.

I did a search on how to weed out and prevent multiple accounts created using the "gmail loophole", and there are quite a few nice code snippets that use some if statements / reg expression trickery.

Just a note here, You may want to clarify this subject by updating the title to say something like "How to check for gmail address variations in login script"

penders

11:59 am on Aug 9, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



loastdreamer: To make sure I also created a gmail address with the same name as one of my others, but this time without any dots.
so for now I have i.e.: lost.dreamer@gmail.com and lostdreamer@gmail.com
sending email to lost.dreamer@gmail.com does not get into my lostdreamer@gmail.com mail address.


I don't know how you managed to achieve this? This should be impossible! lost.dreamer@gmail.com and lostdreamer@gmail.com are THE SAME ACCOUNT as far as gmail is concerned. As mentioned, gmail ignores the '.' when creating the unique email address.

----

Just a thought (as an end user)... if you filter periods out of @gmail addresses for the purpose of comparison, I would still like to see my email address with the periods intact (as I would have entered it) when viewing my account details. So I think this would mean you'd need an additional field in your database to hold the 'unique' email?

impact

2:46 pm on Aug 9, 2011 (gmt 0)

5+ Year Member



@ penders

Not really, when creating a new account, we all check if that email id is already existing in our database or not. What I am going to do now is to add another layer to check the domain of the email id, if it is gmail, i will double check the database. First as it is entered by the user. Secondly,if periods exist, without period.

That should solve the problem i guess !

penders

4:27 pm on Aug 9, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



If you are not storing the unique, non-period email address, then if the user entered "abc.def@gmail.com", you would need to...

#1 Check for "abc.def@gmail.com"
#2 Check for "abcdef@gmail.com"

and...
#3 Check for "a.bcdef@gmail.com"
#4 Check for "ab.cdef@gmail.com"
:
#n Check for "a.b.c.d.e.f@gmail.com"

This should perhaps be done with a SQL regular expression [dev.mysql.com].

Or, you simply store this unique email address (without periods) in the email address field. But the user then sees their (gmail) email address without periods.

Or, you have an additional field to store the unique email address.

penders

9:01 pm on Aug 9, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Just a thought... if your target audience also includes the UK, then "@googlemail.co.uk" is another domain that makes the period optional in the name part of the email address. AND "@googlemail.co.uk" is the same account/email as "@gmail.com". So, the unique email address (for comparison purposes) of "some.email.address@googlemail.co.uk" is actually "someemailaddress@gmail.com"!
 

Featured Threads

Hot Threads This Week

Hot Threads This Month