The PHP version does not correctly filter out domains from the "bademail" file (only specific emails).
Also, there is no check to see if there is a valid email entered before registering the account. Someone could for example enter "nonsense" as the email, and the account would be registered. This fix checks not only valid email syntax, but also if the domain has an MX record, so nobody can enter
[email protected].
This is a hack for adduser.php. Look for the comment "Let's see if the email is valid" and replace the following block:
// --------------------------------------
// Let's see if the email domain is valid
$bademails = file ("$config[path]/filters/bademail");
while (list($linenum,$line) = each($bademails)) {
$line = chop($line);
if ( (ereg("^\n",$line)) || (ereg("^\r",$line)) || (ereg("^#/",$line)) ) {
continue;
}
if (ereg($Email,$line)) {
$html -> not_right("$lang[BAD_EMAIL] $_.",$Cat);
}
}
With the following two blocks of code. The second part is kind of ugly, and I ended up getting rid of ereg function calls. I consider this "beta" code, so if you want to try it out at your own risk I'd appreciate any feedback.
// --------------------------------------
// Let's see if the email is valid (syntax/MX record)
$ValidEmailAddy = FALSE;
if (eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$", $Email, $check)) {
if ( getmxrr(substr(strstr($check[0], '@'), 1), $validate_email_temp) ) {
$ValidEmailAddy = TRUE;
}
}
if ($ValidEmailAddy == FALSE) {
$html -> not_right("<b>$Email</b> is not a valid email address.",$Cat);
}
// --------------------------------------
// Let's see if the email address/domain is valid (not filtered in "bademail")
$domain = strtolower(substr(strstr($Email,'@'),1));
$bademails = file ("$config[path]/filters/bademail");
while (list($linenum,$line) = each($bademails)) {
$line = strtolower(chop($line));
if ( (ereg("^\n",$line)) || (ereg("^\r",$line)) || (ereg("^#/",$line)) ) {
continue;
}
if ( (strcmp(strtolower($Email),$line))==0 || (strcmp($domain,$line))==0 ) {
$html -> not_right("$lang[BAD_EMAIL] <b>$Email</b>",$Cat);
}
}