Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Email validation bug

Hi,
I want to allow only email ID's from domain.edu and domain.in for new account registration in osTicket. For email address field I used custom regular expression like "/[a-zA-Z0-9\.-_]+@(domain\.edu|domain\.in)/iu" to validate. But it is not working and accepts email addresses from any domain. I tested the regular expression from regex101.com website and seems the expression is correct. Another bug I found from the account registration page is just by entering data for 'Create a Password' and 'Confirm New Password' fields and leaving blank 'Email Address', 'Full Name', 'Phone Number' fields the account registration completes successfully without any warning. Actually it should not allow account registration if the mandatory fields like 'Email Address', 'Full Name', 'Phone Number' left blank.

Comments

  • I am using osTicket v1.10
  • I tried using your regex, then rewrote it to be clearer: /[\w\d.-_]+@domain\.(?:edu|in)/iu
    But that doesn't work either, so don't feel bad, it wasn't you. 

    Trying to trigger failure, I used the regex of simply the word "regex", so, theoretically, only entering the word "regex" would be an acceptable email. It handily wrapped it as /regex/iu, then didn't work.

    It accepted anything. Putting failme@thisiswrong.com and it worked. Putting "anything" worked.. wtf?

    I don't think a regex validator is working for that form. :-(

    I managed to hack up a solution though, for you I mean, if you open /include/class.user.php, around line 203 edit like the following:

        static function fromVars($vars, $create=true, $update=false) {
    // Try and lookup by email address
    $user = static::lookupByEmail($vars['email']);
    if (!$user && $create) {
    if(!preg_match('/[\w\d.-_]+@domain\.(?:edu|in)/iu',$vars['email'])){
    return false;
    }
    That seems to trigger the validation error message when you input an invalid message, and allows it through if you put in a correct address.

    I left the admin configured regex for the form input to 'regex'  as it seems to ignore it, I think it might only use it for admin-created users.. or something. Hmm.
    I then configured the Validation Error message to something useful, and the placeholder/help-text etc, then tried it. :-)


    Regex changes explained:
    The flags /iu use case-insensitivity anyway, so no need to specify a-z & A-Z, however it's also easier to use \w instead, which allows the unicode flag to do something.. (a-z is ascii only, so, no unicode).
    Why use 0-9 when you can use \d.. 
    In a character class, "." is already a ".", you don't need the slash.
    (something) is a capturing group, using (?:something) is a non-capturing group
    putting the domain\. part outside the group makes the group more obvious, in this case, just the tld part is variable.
  • I should clarify that you'd only be adding the last three lines of that code, the rest is for placement.
  • Hmm, now I'm thinking I might be wrong about the dot in a character class.. escape it with a slash. My bad
Sign In or Register to comment.