Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only Allow Certain Emails To Register


  • Please log in to reply
4 replies to this topic

#1 xx66stangxx

xx66stangxx

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:02:11 PM

Posted 01 November 2007 - 01:33 AM

Ok so I have a project in mind which is create a social network for my college. but when the user registers I want to make sure they are an actual student of the college so they would have to sign up with the college email they use i.e. student@csu.fullerton.edu now is that possible? I realize that each student has a dif. prefix in the email but all the current student emails are @csu.fullerton.edu now how would I do that for the registration page?

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:11 PM

Posted 01 November 2007 - 07:31 AM

You would use some form of regular expression matching. But that still doesn't guarantee that they will give you a valid email address because "bozosrus@csu.fullerton.edu" would pass the same test that a valid address would. So the other option is that once they sign up, you send them a validation e-mail to which they have to respond before they can actually use the account.

#3 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:02:11 PM

Posted 01 November 2007 - 10:13 PM

ok I will look that up, yeah I planned on doing the validation email :-)

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:11 PM

Posted 02 November 2007 - 07:33 AM

If you are doing a validation email, then there is no need to check anything. Either they give a proper email address and get the validation link, or they do not give a proper address and do not get a validation link.

EDIT: Of course, that doesn't answer your original question. You can use javascript to initially check that the the address contains the required @csu.fullerton.edu, but all it will be checking isthat the address contains the proper domain. The regular expression used to match it is pretty simple. I nabbed this code from some random page and modified it. I did not test it, but it should be close:
function checkMail()
{
	var x = document.forms[0].email.value;
	var filter  = /^([a-zA-Z0-9_\.\-])+\@(csu.fullerton.edu)$/;
	if (filter.test(x)) alert('YES! Correct email address');
	else alert('NO! Incorrect email address');
}

This code only checks the address. It does not pass on the string if it is valid. There are tons of code samples for form validation, so you should have no problem finding something that works. On the server side, you will just need something to generate the validation email, and then a form that recognizes when a validation link has been clicked. Is it the back-end mechanism that you are asking about?

#5 ussr1943

ussr1943

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:11 PM

Posted 09 November 2007 - 12:00 AM

You could also use php to validate any inputs(requires host that supports php, and possibly database), then store all your info in a database for later retrieval(sending emails out). However if you do plan on saving user information please remember
1.) protect against database injections, xss, csrf ect.
2.) always encrpyt user information(if being stored), hashes and salts to prevent anyone outside from atleast understanding your stored info

There are many means to the end, you might just want to do a little online research first.

Edited by ussr1943, 09 November 2007 - 12:06 AM.

"Ideas are far more powerful than guns."
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards -- and even then I have my doubts." --Eugene H. Spafford
"One man's terrorist is another's freedom fighter"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users