1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not a Bug User can use one google email to register multiple accounts.

Discussion in 'Resolved Bug Reports' started by duydangle, Oct 11, 2011.

  1. duydangle

    duydangle Active Member

    caoanh204 and Romchik® like this.
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I am unable to reproduce this. When I register a new account and enter an email address with a period I can confirm that the activation email is being sent to that full email address. No periods are being omitted.

    Can you reproduce this problem yourself? Or is it just a user claiming to have done this? He might be registering all of those variations of the same email address. Spammers often register multiple email accounts.
  3. Kevin

    Kevin Well-Known Member

    Jake, what the OP is a describing is really a feature of Gmail itself. Take, for example, the email address of johndoe@gmail.com who then creates an account on your site named John Doe. If you send an email to johndoe@gmail.com it will work fine. However, Gmail allows you to use non-alpha characters in your email and it will also work. By that I mean if you send an email to john.doe@gmail.com it will work and go to the same person. Both emails will be received by the user with no problems.

    However, the OP is talking about a case when John Doe then tries to register a second account, Jane Doe on your site using the john.doe@gmail deviation. XenForo will create the account as normal and the email will be sent John Doe.

    Summary: The user is able to create multiple accounts due to a feature of Gmail and XenForo will not block it. However, I don't know of any forum software that takes Gmail's quirks into account and will block the second fake account.
  4. Saeed

    Saeed Well-Known Member

    caoanh204 likes this.
  5. duydangle

    duydangle Active Member

    The bug is fully described by Kevin.

    The problem here is email cannot be duplicated, but user can easily create a new account with the same email they used... Spammer have to create multiple emails, but use the same email with "dots" is much easier.

    //Some administrators block gmail, but I think that solution is not effective and not beneficial for the forum and users, because many people use gmail.
  6. jonsidneyb

    jonsidneyb Well-Known Member

    Is there anyway around this?
  7. duydangle

    duydangle Active Member

    The solution may be: Xenforo detects "dots" or "plus" in gmail account when users sign up.
  8. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    That's a dumb feature...
    Dean likes this.
  9. kkm323

    kkm323 Well-Known Member

    yes, I see this as a bug and need to be fix. I can't really think of any solution?
  10. Kevin

    Kevin Well-Known Member

    I think we can already do that...

    ACP => Options => User Registration => Username Validation

    I don't know though if you can get away with just putting "." in the "Disallowed Words In User Names" (blacklist) or if you would need to add an entry to the "User Name Match Regular Expression" (whitelist) value.
  11. Hoffi

    Hoffi Well-Known Member

    And Google also has more than one domain. gmail.com and googlemail.com - both works.
    You really can't get a perfect solution for this. There are too many ways of geeting an email-address.
  12. duydangle

    duydangle Active Member

    They are for usernames, not email :-s?
  13. Kevin

    Kevin Well-Known Member

    Oops, my bad, you are correct. :X3: Have I mentioned I've been sick for a few days and am still in a bit of a fog. :sick:
    duydangle likes this.
  14. MGSteve

    MGSteve Well-Known Member

    I wouldn't say its a bug, its a peculiarity with gmail that XF could do with stopping. It shouldn't really even be too hard to do - I don't know where the hooks are, but perhaps it could even be handled via a addon?
  15. James

    James Well-Known Member

  16. Jeremy

    Jeremy Well-Known Member

    I can see reasons for it. For example, a parent may like to filter emails coming to their child, so their child must use parentemail+childname@gmail.com so that its delivered to them. Or if I did something like this:

    dentel@gmail.com -> family account.
    dentel+jeremy@gmail.com -> mine.

    This would essential destroy that. True, that's an out htere case, but I can see it being annoying for someone.
    Kier and James like this.
  17. James

    James Well-Known Member

    I believe it's possible to filter (I know there was a vBulletin add-on), you just have to strip all instances of + and . from the email field before validating.

    The other solution (to retain their +ing or .ing) would be to strip all instances of the characters in the email, match it to all other emails (stripping their dots or pluses) and comparing, if it doesn't exist then allow it with all its plusdot magic.
    duydangle likes this.
  18. Saeed

    Saeed Well-Known Member

    Exactly. The feature itself is brilliant. I can't imagine using my Gmail without this feature. Apart from helping you with filters / labels, it can be used on sites which you do not trust with your personal email address.e.g.

    If I am registering at a new site which I do not know much, I could use an alias like saeed+untrustedsite@gmail.com to register there. Now, if let's say this site sells / exports my email address to any spam / ad agency, the email I would receive would be addressed to saeed+untrustedsite@gmail.com rather than my actual saeed@gmail.com. That way, I would know who's the culprit and deserves a whipping, and all without compromising my actual email address.
    duydangle likes this.
  19. duydangle

    duydangle Active Member

    So instead of seperate emails, should Xenforo have a feature or addon: Check if that's a gmail account and if there are "dots" or "plus", that new account's gmail can be compared with others'.
  20. James

    James Well-Known Member

    I notice XF validate e-mails using Zend_Validate, I would've thought Zend would've had this covered.

Share This Page