differentiate email addresses

richei · May 16, 2014, 10:22pm

I’ve run into a little snag with a project. I’m doing a signup script right now and I thought I had a way to keep people from signing up with like addresses using LIKE in the query
[php]$email = mysql_real_escape_string($_POST[‘email’]);

$ck_email = mysql_query(“SELECT email FROM users WHERE email LIKE ‘%$email%’”);

if(mysql_num_rows($ck_email) != 0) {
//$json = array(“login”=>true);
$json = array(“inuse” => 1);
} else {
$json = array(“inuse” => 0);
}
echo json_encode($json);[/php]
but I think it works a little to well. I’m testing with my email and it does work, I can’t use compfnatic80 or compfnatic90 or other variations, but its also possible for those to be legit addresses. I’m asking because I’ve a lot of issues on another site with this same scenario. I had the same guy register 3 times using variations on his email addresses. I’m looking of for a way to prevent it if possible.

This is what its returning to:

$("#email").focusout(function() { $.post("inc/ck_details.php", $("#email").val(), function(data) { if(data.inuse == 1) { $("#email").attr("value", "Email In Use!"); $("#email").css("border-color", "#F00"); } else { $("#email").attr("value", $("#email").val()); $("#email").css("border-color", ""); } }, "json"); });

Strider64 · May 17, 2014, 12:21am

I really can’t see how you can prevent people fro using multiple email addresses and you really risk legit users from registering. Most of these people who sign-up with multiple accounts are probably spammers, I would think some sort of captcha (with a email verification) would be better? Or maybe even a blacklist? Other than that the users are always going to get the upper hand when it comes to scamming the system in my opinion.

richei · May 17, 2014, 3:12am

I did email verification on the other site and it does work, but now I have around 200 users with inactivated accounts. thise I just delete. I could come up with something like captha though. hadnt thought about that.

benanamen · May 17, 2014, 6:09pm

More importantly, you are using obsolete MySQL code. You need to use Pdo or mysqli.

richei · May 17, 2014, 7:18pm

Let me stop you right there, rewriting the code won’t fix the problem. Plus, I don’t need to, don’t know how to use either one and neither one is supported on the server. I’m not going to through a lot of changes on the server to enable 1 extension.

JimL · May 17, 2014, 10:11pm

You should change host.

On topic: you cant know if [email protected] and [email protected] are the same or different people. Even by cross checking real name and nationality you can still get lots of false duplicates.

richei · May 18, 2014, 1:59am

I can’t change the host. Its a pain in the rear transferring multiple domains, not really worth the effort just to enable an extension.

I’m not going to worry about it. I was hoping there was a simple solution that I was just overlooking. I’ll just have to keep an eye on who registers like I do on our other site.

ErnieAlex · May 19, 2014, 1:45pm

Richei, I am a little confused on why you would want to not allow “like” email addresses?

If I am a new user and was told about your site by someone who I work with, why would you not want me to register? I mean, if my buddy’s email was "[email protected]" and my email was "[email protected]" then I could not register. I think that is the wrong way to think this out.

I do think that multiple registrations from one domain can be an issue if it is a spammer. But, you can add a banning system or blacklist system where you can block domains if they are found to be spamming you. Another way is to add a field that can junk in it and the user must erase it before registering. That works to a good extent. For that process, you add a field named “BOT-check” or something. And, then for the data in the field it would say something like: “Remove this text to submit” or “Erase this text” . What happens is that the user must erase the text, but, robot or web-bots do not know to remove it, so it helps with mass spamming.

Not sure if that helps, but, it might… Good luck…

richei · May 19, 2014, 2:09pm

on the other site Im working in we have problems with the same person creating accounts with addresses that practically the same, he just changes a letter or adds a digit. I was trying to prevent that kind of thing.

ErnieAlex · May 19, 2014, 2:19pm

Well, in that case, ban his IP address. That would solve it. On one site I had helped with, they kept being spammed from China. So, we set up an IP banning system which just kept a log of banned IP’s and why we banned them. Took about a week to stop receiving spam from them. PHP pulls the IP addresses, so it was very easy to add in.

Also, you could ban just that domain name. Again, if there are valid people at that domain, then you do not want to do this. One letter difference in their email name means most likely they have their own domain and can keep adding letters, so ban the domain name.

The IP banning fixes this issue as it drops all registrations from their IP. You don’t have to give them that message, just ignore their registration. Seems to work well on the site that was spammed from China.