Restricting MediaWiki accounts by email domain

| | TrackBacks (0)

I have a MediaWiki wiki (the same software as Wikipedia) running on polacksbacken.net. I want other people in the University to be able to create accounts on the wiki and use it, but not those outside.

So, I enabled email confirmation in MediaWiki, but after a while, I found that spammers had created accounts but, because they never confirmed them via email, never spammed any pages. Still, it was irritating and MediaWiki provides no way of stopping it, so I resolved to ensure that an email address in a particular domain is specified at signup-time.

A Quick Hack

The solution is quite easy once you know how, but the code is a pain to hack. I made changes in three files:

  • includes/User.php,
  • includes/SpecialUserLogin.php, and
  • language/messages/MessagesEn.php.

In User.php, I altered the function isValidEmailAddr() so that it checks for the domain-name that I want to restrict accounts to.

    public static function isValidEmailAddr( $addr ) {
        return preg_match( '/\@([A-Za-z0-9-]+\.)*uu\.se$/', $addr ) == 1;
    }

Then, in SpecialUserLogin.php, right at the top of addNewAccountInternal() just after the variable declarations, I added a short stanza to make sure that the email address supplied by the user is valid:

    // Don't allow accounts with invalid email addresses:
    if( ! User::isValidEmailAddr( $this->mEmail ) ) {
        $this->mainLoginForm( wfMsg( 'invalid_email' ) );
        return false;
    }

Finally in MessagesEn.php, around line 855, just below the entry for wrongpasswordempty, I added a new error message:

    'invalid_email' => 'Email address was not valid. Please try again.',

Verdict

It works. It does what I want. It's not a general solution, but it's easy and effective. YMMV.

0 TrackBacks

Listed below are links to blogs that reference this entry: Restricting MediaWiki accounts by email domain.

TrackBack URL for this entry: http://caulfield.info/mt/tb.cgi/10