Registration

[Slashmore]

Not sure if this is the correct topic..

Recently I got a bunch of people over msn to sign up for my site they all do within 10 mins but only like 60% of them logged in.

A week after that, I removed all their accounts then asked them to do it again and then 2nd time almost all but one sign in abut 90% signed in..


The only difference was, first time they had to go to their email to grab their password and activate the account and the 2nd time they just logged straight in.

Only problem with this is that its a free holiday for spammers.. To stop this, they must add and activate an email account once in game to send messages or use chat or forums..

[gnoh]

Nice to see some figures on this topic! 
Forced validation is one of my pet hates as well and I would have been counted amongst the people that never logged in after registration.

[Slashmore]

I never used to think about little things such as this, I used to be like they can register end of, they WILL play now..

But it don't work like that once my site is in beta there will be some kinda daily/weekly log system to get some figures and i'll post them on here for people to look at if they wish to.

[CygnusX]

Is it possible your email validation was getting caught by spam filters?  That happened to me once.

For my next design, I plan on logging people in right away after they register.  I will then offer them an incentive on the welcome page to verify their email (such as being able to chat, post on the forum, get a special unique item (1 red herb that heals a whole 100 HP), etc).

The only reason email validation is necessary is to provide a mechanism to make it difficult to troll.  If you ban someone, and they have to resort to using another email, it helps reduce trolling behavior.  Same if you implement a captcha during registration and an IP timer for switching accounts.  If you eliminate access to in game features that allow people to troll (messaging, forum, etc) until they verify their email, then you can have the best of both worlds. 

[siefate]

Actually a great point...

Had me take a look at my game..which I previously setup to send out a email with the users randomly created password. Then looked at my membership...

Out of 498 players 71 had never logged in. Thats 14% of people who joined but never got to do anything further. So today I adjusted it. Too bad, I may have lost out on those players who could of been the mouth of the game to the rest of the world.

[Chris]

Get rid of email validation, it won't deter cheaters much (only lazy and unskilled ones who you could catch easily anyway).

Note: I notice that some people will never login after registering even if there is no validation of any kind (speak of extremely short attention span ).

[CygnusX]

How do you cut back on cheaters if there is no email validation? 

PS.  I block @mailinator, @mailexpire, and about 30 other temporary email accounts

[Chris]

How do you cut back on cheaters if there is no email validation? 

Moderators + anti cheat scripts.

[saljutin]

CygnusX - u have list of those temp email sites? 

[Chris]

Google?
http://www.sizlopedia.com/2007/05/27/top-20-temporary-and-disposable-email-services/
http://cyberhackers.org/thread-3603.html

[saljutin]

Was hoping for some array of @.... to easily add it...fuck it I'm lazy

[CygnusX]

Code: [Select]

function valid_email($Address)
{
//just makes sure email address is valid

if (ereg('^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$', $Address) &&
!ereg('anonymously', $Address) && !ereg('regbypass', $Address) &&
!ereg('dodgelt', $Address) && !ereg('dontreg', $Address) &&
!ereg('e4ward', $Address) && !ereg('gishpuppy', $Address) &&
!ereg('guerillamail', $Address) && !ereg('haltospam', $Address) &&
!ereg('jetable', $Address) && !ereg('kasmail', $Address) &&
!ereg('mailexpire', $Address && !ereg('maileater', $Address) &&
!ereg('mailinator', $Address) && !ereg('mailnull', $Address) &&
!ereg('mytrashmail', $Address) && !ereg('nobulk', $Address) &&
!ereg('nospam', $Address) && !ereg('nospamfor', $Address) &&
!ereg('pookmail', $Address) && !ereg('shortmail', $Address) &&
!ereg('sneakmail', $Address) && !ereg('spam', $Address) &&
!ereg('spambob', $Address) && !ereg('spambox', $Address) &&
!ereg('spamday', $Address) && !ereg('spamfree24', $Address) &&
!ereg('spamh0le', $Address) && !ereg('spaml', $Address) &&
!ereg('spamgourmet', $Address) && !ereg('tempemail', $Address) &&
!ereg('tempinbox', $Address) && !ereg('temporaryinbox', $Address) &&
!ereg('willhackforfood', $Address) && !ereg('willselfdestruct', $Address) &&
!ereg('wuzupmail', $Address))
)
{ return true; }
else
{ return false; }
}
This is what I use.  It was some of the first code I wrote when learning PHP, so I'm sure it has some flaws.  The list also probably needs an update.  Also, I believe ereg is deprecated by now.  So, do what you will with it.

[133794m3r]

First one is from:http://www.linuxjournal.com/article/9585?page=0,3
Second function is from.http://guildwarsholland.nl/phphulp/testspambot.php

That SHOULD help you with it all. I changed up the documentation to be more PHPDoc style friendly. The rest though is completely as it originally was.

Code: [Select]

/**
 *
 * Email Validator
 *
 * Validate an email address, Provide email address (raw input) Returns true if the email address has the email address format and the domain exists.
 *
 * @param   $email      string  Email Address
 * @return  $isValid    bool    The result false if it isn't valid
*/
function validemail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") ||checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
      if($domain=='example.com'||$domain=='crimsonstrife.net'||$domain=='transcendental.org'||$domain=='transcendentalinc.net'){
          $isValid = false;
      }
   }
   return $isValid;
}

Code: [Select]

/**
 *
 * Spambot Checker
 *
 * This function checks to see if the person's IP Address of Email address are on the blacklist and thus shouldnot be allowed to enter the game world.
 *
 * @param   $mail       string  The email address to be checked
 * @param   $ip         integer The IP Address to be checked
 * @return  $spambot    bool    If they are on the list it returns true else it returns false.
 *
 */
function checkspambots($mail,$ip,$name){
    $spambot = false;
    //put the main domains in the array
    $main_domains = array('mail.ru','bigmir.net');
    //check the e-mail adress
    $xml_string = file_get_contents('http://www.stopforumspam.com/api?email='.$mail);
    $xml = new SimpleXMLElement($xml_string);
    if($xml->appears == 'yes'){
        $spambot = true;
    }elseif($spambot != true){
        //e-mail not found in the database, now check the ip
        $xml_string = file_get_contents('http://www.stopforumspam.com/api?ip='.$ip);
        $xml = new SimpleXMLElement($xml_string);
        if($xml->appears == 'yes'){
            $spambot = true;
        }
    }
    //check the main domains if there is still no spammer found, you can add more if you want in the $main_domains array
    if($spambot != true){
        for($i = 0; $i < count($main_domains); $i++){
            if(ereg($main_domains[$i],$mail) == 1){
                $spambot = true;
            }
        }
    }
    // create an .txt file with the info of the spambot, if this one already exists, increase its amount of try's
    if($spambot == true){
        if(file_exists('spambots/'.$mail.'.txt')){
            $spambot_old_info = file_get_contents('spambots/'.$mail.'.txt');
            $spambot_old_info = explode(',',$spambot_old_info);
            $spambot_old_info[2] = $spambot_old_info[2]+1;
            $spambot_old_info = implode(',',$spambot_old_info);
            file_put_contents('spambots/'.$mail.'.txt',$spambot_old_info);
        }else{
            $spambot_info = $ip.','.$name.',1';
            file_put_contents('spambots/'.$mail.'.txt',$spambot_info);
        }
    }
    return $spambot;
}
Also i plan on having people have to validate their accounts once they are trying to play the game and get out of the starter instanced area. The reason for this is very simple and it also adds some small bit of anti-spamness. They can leave it but they will be deleted within one week if they don't validate their account.

Also of course i do give an option to try without signing up but those are deleted after one week also, and it is also just the first starter part ~10 traditional mmo levels before tehy're forced to sign up and validate their account before continuing.

[Nox]

If you have PHP5.2+ there's a native library http://cz.php.net/manual/en/ref.filter.php, most importantly http://cz.php.net/manual/en/function.filter-var.php function with list of attributes here http://cz.php.net/manual/en/filter.filters.validate.php - providing native email validation/sanitization

[Chris]

Was hoping for some array of @.... to easily add it...**** it I'm lazy

Yeah... Silly me

BTW, they say laziness is the driving force of the invention If our ancestors weren't lazy we wouldn't have things like "automated mammoth skining machine" nowadays