Jump to content

Email Validation for register.php and cart.php are allowing false email addresses!


paperweight

Recommended Posts

I noticed a problem over recent weeks that has become much much more worrisome in recent days with lots of spammy registered users at my site. Most of these spammy email addresses are not actually TLDs, such as the email address jhvgyr65ytghv@mmmmmm.mmm that was recently registered today. How did that email address get past WHMCS validation??

 

Is there somethign wrong with my WHMCS setup? Why is an email address at mmmmmm.mmm allowed to be registered? It should fail on validation, correct?

Link to comment
Share on other sites

I am doing more tests now and I see pretty much any nonsensical address -- even if it is not a TLD -- is allowed by WHMCs. Any idea if my settings are correct and how to fix this?

About this it's normal. In fact you can't determine what is a TLD and what is not. For example a company could even order an hosting account for a non-existing domain/extension like i.am.awesome and make it accessible only from devices of employers. I know that it sounds odd but you can't limit the use of domains that they want to point to your service.

 

Anyway, as I have already said in other occasions, in my opinion the best thing is to replace the standard registration form with a totally custom one with all your validations like you can see in this page (it's a work in progress website). It's WHMCS and as you can see it uses custom client/server side validations. No more telephone numbers in tens of different formats like "+39 123456", "39123456", "39.123456" or "123456" but just the number in the way it's meant to be specified, no nome names and lastnames like "MIKE FRANCO", "mike franco" but just "Mike Franco" etc. As soon as all validations are fine, you send all your validated and normalized data to WHMCS via API and all problems are solved.

Link to comment
Share on other sites

 

Anyway, as I have already said in other occasions, in my opinion the best thing is to replace the standard registration form with a totally custom one with all your validations like you can see in this page (it's a work in progress website).

 

Yes I see your point and understand what you mean. Is your register.php available as a paid module or in some way we can pay and see how it is crafted and tweak for our own needs? Shall I contact you a your website?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated