Modifying phpbb3 email validation system
Posted: Sun May 31, 2015 3:57 pm
I am trying to modify the code that processes a user registration request to only accept emails that are from "whitelisted" providers, using the mySQL database to hold the list of allowed email providers.
One of the checks the phpbb3 performs on an entered email address is to check to make sure it is not already in the database. The code for this is as follows:
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "
WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
return 'EMAIL_TAKEN';
}
}
$email is the string that contains the entered email address, "sosoandso@website.ext", etc.
In my mySQL database, I have created a separate table called phpbb_emails, with a single field "email_extension".
There is a single entry in there with an email extension like "google.com".
I am trying to strip the $email string into just the characters after the "@" symbol, then check to see if the extension matches any of the entries in the phpbb_emails table, and throw the exception 'EMAIL_TAKEN' if it is not present.
Here is the code I have added directly after the previous code:
$email_char = '@';
$cpos = strpos($email, $email_char);
$email_extension = substr($email,($cpos + 1));
$sql = 'SELECT email_extension
FROM ' . phpbb_emails . "
WHERE email_extension = " . $db->sql_escape('email_extension');
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
return 'EMAIL_TAKEN';
}
Now, I am pretty sure the select function is going through because if it didn't I would be getting an error message when I tried to register on the phpbb3 site I have. However, I found it would not reject an email extension that was not on the "whitelist" table.
I am basically teaching myself to use php and mySQL via the phpbb3 code and online resources, but unfortunately the developers used different format than what I see explained. I am wondering if I botched my attempt to set up the SQL table so it is not indexing properly.
My question is, what is the proper way to search to see if the table "phpbb_emails" contains an entry with the value of the column "email_extension" matching the string "website.ext"? And, if possible, where should I go to figure out the proper way to set up the phpbb_emails table for the previously mentioned goal?
One of the checks the phpbb3 performs on an entered email address is to check to make sure it is not already in the database. The code for this is as follows:
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "
WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
return 'EMAIL_TAKEN';
}
}
$email is the string that contains the entered email address, "sosoandso@website.ext", etc.
In my mySQL database, I have created a separate table called phpbb_emails, with a single field "email_extension".
There is a single entry in there with an email extension like "google.com".
I am trying to strip the $email string into just the characters after the "@" symbol, then check to see if the extension matches any of the entries in the phpbb_emails table, and throw the exception 'EMAIL_TAKEN' if it is not present.
Here is the code I have added directly after the previous code:
$email_char = '@';
$cpos = strpos($email, $email_char);
$email_extension = substr($email,($cpos + 1));
$sql = 'SELECT email_extension
FROM ' . phpbb_emails . "
WHERE email_extension = " . $db->sql_escape('email_extension');
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
return 'EMAIL_TAKEN';
}
Now, I am pretty sure the select function is going through because if it didn't I would be getting an error message when I tried to register on the phpbb3 site I have. However, I found it would not reject an email extension that was not on the "whitelist" table.
I am basically teaching myself to use php and mySQL via the phpbb3 code and online resources, but unfortunately the developers used different format than what I see explained. I am wondering if I botched my attempt to set up the SQL table so it is not indexing properly.
My question is, what is the proper way to search to see if the table "phpbb_emails" contains an entry with the value of the column "email_extension" matching the string "website.ext"? And, if possible, where should I go to figure out the proper way to set up the phpbb_emails table for the previously mentioned goal?