• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Not a bug User can use one google email to register multiple accounts.

Jake Bunce

XenForo moderator
Staff member
#2
I am unable to reproduce this. When I register a new account and enter an email address with a period I can confirm that the activation email is being sent to that full email address. No periods are being omitted.

Can you reproduce this problem yourself? Or is it just a user claiming to have done this? He might be registering all of those variations of the same email address. Spammers often register multiple email accounts.
 

Kevin

Well-known member
#3
I am unable to reproduce this. When I register a new account and enter an email address with a period I can confirm that the activation email is being sent to that full email address. No periods are being omitted.

Can you reproduce this problem yourself? Or is it just a user claiming to have done this? He might be registering all of those variations of the same email address. Spammers often register multiple email accounts.
Jake, what the OP is a describing is really a feature of Gmail itself. Take, for example, the email address of johndoe@gmail.com who then creates an account on your site named John Doe. If you send an email to johndoe@gmail.com it will work fine. However, Gmail allows you to use non-alpha characters in your email and it will also work. By that I mean if you send an email to john.doe@gmail.com it will work and go to the same person. Both emails will be received by the user with no problems.

However, the OP is talking about a case when John Doe then tries to register a second account, Jane Doe on your site using the john.doe@gmail deviation. XenForo will create the account as normal and the email will be sent John Doe.

Summary: The user is able to create multiple accounts due to a feature of Gmail and XenForo will not block it. However, I don't know of any forum software that takes Gmail's quirks into account and will block the second fake account.
 

duydangle

Active member
#5
The bug is fully described by Kevin.

The problem here is email cannot be duplicated, but user can easily create a new account with the same email they used... Spammer have to create multiple emails, but use the same email with "dots" is much easier.

//Some administrators block gmail, but I think that solution is not effective and not beneficial for the forum and users, because many people use gmail.
 

Jake Bunce

XenForo moderator
Staff member
#8
Jake, what the OP is a describing is really a feature of Gmail itself. Take, for example, the email address of johndoe@gmail.com who then creates an account on your site named John Doe. If you send an email to johndoe@gmail.com it will work fine. However, Gmail allows you to use non-alpha characters in your email and it will also work. By that I mean if you send an email to john.doe@gmail.com it will work and go to the same person. Both emails will be received by the user with no problems.

However, the OP is talking about a case when John Doe then tries to register a second account, Jane Doe on your site using the john.doe@gmail deviation. XenForo will create the account as normal and the email will be sent John Doe.

Summary: The user is able to create multiple accounts due to a feature of Gmail and XenForo will not block it. However, I don't know of any forum software that takes Gmail's quirks into account and will block the second fake account.
That's a dumb feature...
 

Kevin

Well-known member
#10
The solution may be: Xenforo detects "dots" or "plus" in gmail account when users sign up.
I think we can already do that...

ACP => Options => User Registration => Username Validation

I don't know though if you can get away with just putting "." in the "Disallowed Words In User Names" (blacklist) or if you would need to add an entry to the "User Name Match Regular Expression" (whitelist) value.
 

Hoffi

Well-known member
#11
And Google also has more than one domain. gmail.com and googlemail.com - both works.
You really can't get a perfect solution for this. There are too many ways of geeting an email-address.
 

duydangle

Active member
#12
I think we can already do that...

ACP => Options => User Registration => Username Validation

I don't know though if you can get away with just putting "." in the "Disallowed Words In User Names" (blacklist) or if you would need to add an entry to the "User Name Match Regular Expression" (whitelist) value.
They are for usernames, not email :-s?
 

MGSteve

Well-known member
#14
yes, I see this as a bug and need to be fix. I can't really think of any solution?
I wouldn't say its a bug, its a peculiarity with gmail that XF could do with stopping. It shouldn't really even be too hard to do - I don't know where the hooks are, but perhaps it could even be handled via a addon?
 

James

Well-known member
#15

James

Well-known member
#17
I believe it's possible to filter (I know there was a vBulletin add-on), you just have to strip all instances of + and . from the email field before validating.

The other solution (to retain their +ing or .ing) would be to strip all instances of the characters in the email, match it to all other emails (stripping their dots or pluses) and comparing, if it doesn't exist then allow it with all its plusdot magic.
 

Saeed

Well-known member
#18
Exactly. The feature itself is brilliant. I can't imagine using my Gmail without this feature. Apart from helping you with filters / labels, it can be used on sites which you do not trust with your personal email address.e.g.

If I am registering at a new site which I do not know much, I could use an alias like saeed+untrustedsite@gmail.com to register there. Now, if let's say this site sells / exports my email address to any spam / ad agency, the email I would receive would be addressed to saeed+untrustedsite@gmail.com rather than my actual saeed@gmail.com. That way, I would know who's the culprit and deserves a whipping, and all without compromising my actual email address.
 

duydangle

Active member
#19
So instead of seperate emails, should Xenforo have a feature or addon: Check if that's a gmail account and if there are "dots" or "plus", that new account's gmail can be compared with others'.