I am making an app that allow to register to a newsletter and then manage it.
There is the normal validation if the field is empty, if is email type, unique ecc..
But how can i check if the email really exists?
If someone enter a fake mail, that mail is entered in the database, and this can mess up the database. And there are other annoyance.
Is possible to check if the mail really exists?
Otherwise it is possible to automatically delete an unregistered user after 10 days?
You can create a rule to check if the e-mail format is valid:
$validator = Validator::make(
Input::all(),
array('email' => 'required|email')
);
if ($validator->fails())
{
return "This is not a valid e-mail";
}
But this will only check for the format (name#domain.tld), because there is no way to know if an e-mail address really exists.
Well... this is not entirely true, there is a way: send an e-mail to that address and if you don't get an error message, the address exists, probably.
The best way to do what you need is, when a user creates an account in your system, send him/her a confirmation e-mail, with a link where he/she should click to validate that address. If the account is not validated for x days you delete it. This is a question that might help you on that: Laravel 4: how to make confirmation email?.
About your last question: create an Artisan Command that checks for unvalidated accounts and delete them. Take a look at the docs, it's easy, Laravel does almost all the job for you. And you can run this command once a day using cron or task manager:
php /var/www/your-site-dir/artisan check:accounts
EDIT:
This question will show you how to create a command: Creating and using Laravel 4 commands
And in the method fire() you should do something like:
public function fire()
{
$dt = Carbon\Carbon::now();
User::where('activated', false)
->where('created_at', '<', $dt->subDays(10))
->delete();
}
There are some APIs you can use to verify the validity and existence of emails, but I am not sure how good they are. The free ones usually limit you to something like 10 an hour which probably would not be nearly enough for you, depending on how busy your site is.
Check out http://verify-email.org/register/levels.html
If you are worried about the sheer amount of emails being entered, you could probably log $_SERVER['REMOTE_ADDR'], which would be the client's IP address in the DB on emails and check to make sure that is unique as well before you save additional records to the table.
As far as how to actually validate the existence and validity of the entered email yourself, I believe you'd have to use fsockopen and issue smtp commands to servers. I did find this php class which attempts to do what we are talking about http://www.webdigi.co.uk/blog/wp-content/uploads/2009/01/smtpvalidateclassphp.txt
I doubt it works, but should get you a nice starting point.
Related
I am developing a Mozilla Thunderbird plug-in and need to get the user's email address.
Question: How do I retrieve this address?
I will use it inside a JavaScript.
You should first keep in mind that a user can have multiple e-mail addresses (from multiple accounts or even multiple identities for one account), and you have to decide in which one you are interested.
Note: there may exist an easier way then described below, e.g. a helper function in the existing Thunderbird Code. You could try to search comm-central for it
You somehow have to get the nsIMsgIdentity for the identity you are interested in. It has an email property, with the e-mail adress as a string.
One way to get all Identities should be via the allIdentities of nsIMsgAccountManager (didn't test it).
Use the follwing code to get the nsIMsgAccountManager:
Components.utils.import("resource:///modules/mailServices.js");
let accountManager = MailServices.accounts
If you have an nsIArray of nsIMsgIdentity, you can use the following code to loop over them:
for (let identity in fixIterator(identities, Components.interfaces.nsIMsgIdentity)) {
}
References which could be useful:
Overview of some interesting interfaces:
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Account_interfaces
Some account example Code:
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Account_examples
I have a User model, for login and registration, its email field is used (everything vanilla from the devise gem).
I want (other) users to be able to e.g. add Users to a team, with the email-address as the identifier.
That is fine when the User is already existing (pseudo #team.users.add(User.find_by(email: other_users_email))) but I am unsure how to handle situations where the user does not yet exist (did not [yet] register).
When a (new) User sets up a new account, for the example above after successfull registration current_user.teams should show up correctly.
I do not want to force these potentially new users to use the system (e.g. using devise_invitable) and bother them with an email.
I followed the path of creating the User when a user with the given email does not yet exist, but then when the user actually tries to setup an account, it fails (email not unique).
Alternatively, I could remodel the TeamMember-part and let it optionally either store an email-adress or the reference to an existing User. Then what I would need is to check for "open" TeamMembers directly after User-Account-creation (so, TeamMembers with the given email). I could also do this on each requst, but that looks too expensive to me. There might be race conditions, but I could live with that (and check for the every-now-in-a-millenia-gap with a cron-job).
Any pointers? I am sure this is not that unusual.
I'd do this:
When a user A adds user B to a team by email, create the object for that user B, but set a flag, something like auto_created_and_inactive: true
When user B signs up on the site, you just have to handle this in your users#create: first, try to find an auto-created record and update it (set a password or whatever; also reset the flag). Or otherwise proceed with the usual route of creating a new record.
I have to admit that I did not yet tried #sergio-tulentsevs approach (implement RegistrationController#create). But to complete what I sketched in my question:
User model can define an after_confirmation method, which is called after ... confirmation! So, if I store every information about a potential user with a reference to his/her email-adress, once he/she registered I can query this information and e.g. complete Team-Memberships.
# app/models/user.rb
def after_confirmation
# (pseudo-code, did not try)
self.teams < TeamMembership.open.where(email: self.email)
end
I'd like to make email address optional during magento registration. I'm going to be adding an additional username attribute that users will be able to log in with (I've already got that part working). What are the steps to do this, or is it even possible? I found an old extension that does what I want I think, but it is out dated. http://www.magentocommerce.com/magento-connect/email-not-required.html
Thanks for any help.
You could do something similar to what the extension does.
"This extension will allow you to add customers without a valid email address. If no email address is present it will insert automatically an email address [customernumber]#[default customer domain]...."
You could create a gmail (or if you use google app for you company email) or a catch all email
Email Format
noemail+[timestamp]-[ipaddress to long]#gmail/yourdomain.com
Then remove the validation js from the email field that make it required in your .phtml.
Then create a custom module that override your checkout controller (assuming one page checkout)
/app/code/core/Mage/Checkout/controllers/OnepageController.php
/**
* save checkout billing address
*/
public function saveBillingAction()
{
...
if (isset($data['email']) && strlen($data['email']) > 3) {
$data['email'] = trim($data['email']);
}
else{
$data['email'] = getNoEmailGen(); // return noemail+[timestamp]-[ipaddress to long]...
}
(You could also do this using JS, where you pre generate the email address (in a hidden field or variable) and if email field is left blank you append/post it before submitting your billing form)
You shouldn't do that because when you order something, transactional mails are going to take place so you can't have users without mail. This should be weird.
I want to extend Ion Auth to only allow certain email addresses to register.
I'm fairly sure I could hack this together and get something working, but as a newbie to codeigniter and ion auth I wish to find out if there is a "proper way" to be doing what I need?
For instance can I "extend" ion auth (so I can update ion auth core files without writing over my changes?).
I noticed there are also hooks including this one (in the register function):
$this->ci->ion_auth_model->trigger_events('pre_account_creation');
Where do these resolve and can I use this one in order to intercept registrations from email addresses which don't match a list of those I wish to register?
If so, how would I do it? I would need access to the $email variable from the register() function.
Or is it just a case of altering the base code from ion auth and not updating it in the future?
Thanks for any help you can give me. Don't worry about the email bit, I'm capable of working out whether an email address matches the required email domains, I'm more interested in what is the best way to go about extending the library.
Tom
EDIT: Hi Ben, thanks for your answer, and thanks for taking the time to have a look at my issue. Unfortunately this hasn't helped.
I guess what you're trying to do there is add a little bit to the sql query a "where in" clause? I guess that the where in bit is incorrect as there isn't a column name.
Also, at this point I can't modify the sql query satisfactorily to produce the required output. e.g. I can add a hook to a function which is literally $this->db->where('1=1') and this outputs this sql in the next query:
SELECT COUNT(*) AS `numrows` FROM (`users`) WHERE `1=1` AND `email` = 'rawr#rawr.com'
The AND email = 'rawr#rawr.com' bit will always still return no rows. It should be OR email = 'rawr#rawr.com', but without editing the Ion Auth core code then I won't be able to change this.
I am starting to suspect (from the last couple of hours of tinkering) that I may have to edit the ion auth core in order to achieve this.
Check out this example: https://gist.github.com/2881995
In the end I just wrote a little form_verification callback function which I put in the auth controller of ion_auth which checked through a list of allowed domains. :)
When you validate your form in the auth controller you add a callback:
$this->form_validation->set_rules('email', 'Email Address', required|callback_validate_email');
You create a method in the controller called validate_email:
function validate_email() {
if (strpos($this->input->post('email'), '#mycompany.com') === false) {
$this->form_validation->set_message('validate_email', 'Not official company email address.');
return false;
} else return true;
}
This will cause the creation of the user to fail, since all rules must pass. You also provide an error message. Just make sure to have this line on the form view side:
echo validation_errors();
Let's say I'm building a web application whose user pages can be found at http://example.com/NAME. What's the best way to make sure the username doesn't conflict with a reserved word (e.g. 'about', 'contact', etc.)? I can think of two ways:
Maintain a list somewhere in my code. This is great and all, but means I have another piece of code I have to edit if I decide to, say, change the "about" page to "aboutus".
Request the URI (e.g. http://example.com/someusername) and check if it exists (doesn't return a 404). This feels kind of like a hack, but on the other hand it does exactly what it's supposed to do. On the other hand, I can't reserve anything without making a page for it.
What would be the best way to go about this? Manual validation of usernames is not an option. Thanks!
EDIT: I forgot to mention, the username has to go at the root, like this:
http://example.com/USERNAME
Not like this:
http://example.com/users/USERNAME
Hence why I'm asking this question. This is for technical reasons, don't ask.
I would strongly suggest using a unique path like http://example.com/users/NAME instead. Otherwise, what are you going to do if you want to add a reserved word, but a user has already taken it as their user name? You'll end up with all kinds of potential migration problems down the track.
Alternatively, if you must have something that goes straight off http://example.com/, could you possibly prefix all user names? So that user jerryjvl would translate to link http://example.com/user_jerryjvl?
If there is really no other possible solution, then I'd say either check user names against whatever data source determines what the 'reserved words' are, or make a lookup file / table / structure somewhere that contains all the reserved words.
In the interest of completeness, if you can't change the routing. Another possibility is to have your user routes and your non-user routes have a programmatic distinction. For example, if you appended a '_' to the end of each of your user routes, then you can make sure that users are located at: http://example.com/NAME_ and the other route would never end in '_'
How about changing your routing scheme so that users are at example.com/users/NAME ?
I maintain the reserved words inside the code.
This is the PERL code that I use in the http://postbit.com/ website to check if the usernamename is a reserved word:
# Black list of logins and sub-domains reserved keywords
my #black_list = qw(
about access account accounts add address adm admin administration
adult advertising affiliate affiliates ajax analytics android anon
anonymous api app apps archive atom auth authentication
...
);
my $username_normalized = lc($username);
$username_normalized =~ s/\W//gs; # 'log-in' -> 'login'
for my $this_username (#black_list) {
if ($username_normalized eq $this_username) {
die("This username is already taken. Please choose other username.\n");
}
}
The complete list of reserved names (like 'css', 'images', 'js', 'admin', 'root', 'old', 'test', 'www', 'admin', 'login', 'devel'...) with more than 300 login usernames is posted here:
http://blog.postbit.com/reserved-username-list.html
You only know what are these 'reserved' words. So better maintain a list and validate against it.
Another method will be if you use a CMS, then all these keywods 'about', 'contact' etc. will be there in your database. Validate against it.
Right next to the text box something like: "Please use your personal nickname or you real name. Usernames with common words indicating affiliation with the site administration may be revoked".
How about just create dummy accounts first with all the reserve words? just list all the possible ones and create them.
if you use
www.example.com/user/name
then there will be no problem but it seems like you'd like the URL to be short.
Maintain a list somewhere in my code. This is great and all, but means I have another piece of code I have to edit if I decide to, say, change the "about" page to "aboutus".
Your menus should be stored in an array/list. This way you would have only 1 piece of code to edit, not 2. =]
Then, since all menus are in one array, you can match username with elements in the array.
for example
$menu = array('About', 'Contact', 'Home')
if( in_array($username, $menu) ) {
echo 'invalid username'
}
You could always look and see how stackoverflow.com works.