Email Validation for register.php and cart.php are allowing false email addresses!

[paperweight]

I noticed a problem over recent weeks that has become much much more worrisome in recent days with lots of spammy registered users at my site. Most of these spammy email addresses are not actually TLDs, such as the email address jhvgyr65ytghv@mmmmmm.mmm that was recently registered today. How did that email address get past WHMCS validation??

 

Is there somethign wrong with my WHMCS setup? Why is an email address at mmmmmm.mmm allowed to be registered? It should fail on validation, correct?

[paperweight]

I am doing more tests now and I see pretty much any nonsensical address -- even if it is not a TLD -- is allowed by WHMCs. Any idea if my settings are correct and how to fix this?

[othellotech]

There is no check on the 'validity' of an email address, only on the 'format' (contains an @ and a dot)

[Kian]

I am doing more tests now and I see pretty much any nonsensical address -- even if it is not a TLD -- is allowed by WHMCs. Any idea if my settings are correct and how to fix this?

About this it's normal. In fact you can't determine what is a TLD and what is not. For example a company could even order an hosting account for a non-existing domain/extension like i.am.awesome and make it accessible only from devices of employers. I know that it sounds odd but you can't limit the use of domains that they want to point to your service.

 

Anyway, as I have already said in other occasions, in my opinion the best thing is to replace the standard registration form with a totally custom one with all your validations like you can see in this page (it's a work in progress website). It's WHMCS and as you can see it uses custom client/server side validations. No more telephone numbers in tens of different formats like "+39 123456", "39123456", "39.123456" or "123456" but just the number in the way it's meant to be specified, no nome names and lastnames like "MIKE FRANCO", "mike franco" but just "Mike Franco" etc. As soon as all validations are fine, you send all your validated and normalized data to WHMCS via API and all problems are solved.

[paperweight]

 

Anyway, as I have already said in other occasions, in my opinion the best thing is to replace the standard registration form with a totally custom one with all your validations like you can see in this page (it's a work in progress website).

 

Yes I see your point and understand what you mean. Is your register.php available as a paid module or in some way we can pay and see how it is crafted and tweak for our own needs? Shall I contact you a your website?

[Kian]

For sure the script that I used in the website I linked above doesn't fit your needs since it also runs several actions when the client registers. Feel free to PM me or send an email info /at\ revhosting.org.