Home
Category
Website
- Domain
- MySQL
- Online Tools
- PHP
- Web Design
- Web Hosting
- Website Review
PHP

Prevent Spammer to Register Using The Same Gmail Email (Duplicate User Accounts)

Gmail logo new look

Gmail, Gmail is …, ah I really don’t need to explain this. So, continue reading

The Facts

Gmail ignores . (dot) in username

If you have Gmail account example@gmail.com, actually you also have ex.ample@gmail.com, exam.ple@gmail.com, and so on until all characters in the username are separated with dot. These all have same inbox, and you can login using each of them. Also, emails come to that address will be received into one inbox example@gmail.com See: Gmail Dot Trick Bug or a Feature ?

Gmail ignores all character after + (plus sign) in username

While you think the dot feature is not enough, Gmail also has another feature; you can add acceptable character in your username, separated by + (plus sign). It can be example+one@gmail.com, example+two@gmail.com, etc. An email sent to example@gmail.com or example+one@gmail.com or example+two@gmail.com will all be redirected to one common email address and that is example@gmail.com. See: GMail Easter Eggs: Dot Blindess & Email Aliases.

Gmail does not recognize characters after the PLUS symbol but the gmail search filter can distinguish between the different address and you can therefore redirect these email to separats gmail folders or apply different labels.

Gmail user can use @googlemail.com instead of @gmail.com

Again, example@gmail.com can be replaced with example@googlemail.com as well as if it combined with dot and plus.

The Problem

Spammer in SMF forum

Besides the advantage of filtering, this feature has disadvantage for website owner, eg Community Forum and or website that requires unique membership. Yes, persons with Gmail account could have as many as possible duplicate accounts in our website. Of course this is very undesirable. Moreover, this way mostly used by spammer to register in our forum as they only need one Gmail account to register their hundreds clone. Imagine this, how many accounts can be generated from one Gmail account? It almost infinite, if I can’t say unlimited.

The Solution

If you think Gmail feature is bad for membership website, the only solution is to strip all gmail aliases and leave only original example@gmail.com during member registration process. The following lines of code is a PHP functions for this task.

<pre>function strip_gmail_email_aliases($email){ if(preg_match('/gmail|googlemail/i',$email)){ /*detect if email string matches gmail or googlemail using preg_match() regex*/ $emailbody = explode('@',strtolower($email)); /*separate email at @ sign using explode()*/ $mailusername = preg_replace('/([\.]+)|((\+)+([\+\.\-_a-z0-9]+))/i','',$emailbody[0]); /*most important part, strip all dot and everything after 'plus' */ $email = $mailusername.'@gmail.com'; /*rebuild email string, and use only gmail.com*/ } return $email; /* return the new email string*/ }</pre>

Implementations

In WordPress

wordpress logo

It’s easy to call this function in WordPress platform, using user_registration_email filter hook. This function will be invoked immediately while user perform registration. Place this code in functions.php in your WordPress theme file or can be packaged into a plugin.

<pre>add_filter( 'user_registration_email', 'strip_gmail_email_aliases'); /* this filter will call strip_gmail_email_aliases functions*/ function strip_gmail_email_aliases($email){ if(preg_match('/gmail|googlemail/i',$email)){ $emailbody = explode('@',strtolower($email)); $mailusername = preg_replace('/([\.]+)|((\+)+([\+\.\-_a-z0-9]+))/i','',$emailbody[0]); $email = $mailusername.'@gmail.com'; } return $email; }</pre>

In SMF (Simple Machines Forum)

SMF Forum Logo

Unlike WordPress, SMF needs more attention while doing modifications. Yes, you need to hardly editing existing file, so don’t forget to backup before you do anything with files in SMF.

The file you will edit located in /Sources/Register.php
Open file with code editor, eg. Notepad++
Find this set of codes:
 <pre> // Set the options needed for registration. $regOptions = array( 'interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array(), );</pre>
DO NOT edit anything inside the code above, yet add this code after it:
 <pre>/* strip all gmail aliases, comment here is useful when you want to do something in the future*/ if(preg_match('/gmail|googlemail/i',$regOptions['email'])){ $emailbody = explode('@',strtolower($regOptions['email'])); $mailusername = preg_replace('/([\.]+)|((\+)+([\+\.\-_a-z0-9]+))/i','',$emailbody[0]); $regOptions['email']= $mailusername.'@gmail.com'; } /* end strip all gmail aliases*/</pre> 

As you see this is a direct code, not a PHP function, since it’s already in another SMF function, Register2()
Save file and re-upload it to server.

In Custom PHP

If you using custom PHP code or CMS other than WordPress and SMF, call strip_gmail_email_aliases() right after registration form is submitted. Example:

<pre>/* define function*/ function strip_gmail_email_aliases($email){ if(preg_match('/gmail|googlemail/i',$email)){ $emailbody = explode('@',strtolower($email)); $mailusername = preg_replace('/([\.]+)|((\+)+([\+\.\-_a-z0-9]+))/i','',$emailbody[0]); $email = $mailusername.'@gmail.com'; } return $email; /* return the new email string*/ } if(isset($_POST['submit_register'])){ /* It's only an illustration and may differ with your actual code.*/ $email = strip_gmail_email_aliases($_POST['email']); /* do the rest code here */ } </pre>

Conclusion

If you put the code correctly and work well, the registration will only record example@gmail.com (without dot, without + and other character after it, and not googlemail.com domain) and all other alias combination will be considered as duplicate (already registered).

Your comment are welcome.

Incoming search terms:

gmail registration
php duplicate registration codes
php prevent duplicate account creation
php prevent duplicate user register
php prevent gmail dots and pluses
prevent duplicate user register
prevent duplicate username in php
prevent user from using same email php
register com email duplicated in gmail
!empty( $_POST[email] wordpress

http://www.ecommerce-web-developers.com/ ecommerce development

This is really a fact.Spammers do spam without our will. Thanks for sharing.

Recent Posts