Subj : emailval.js accepts incomplete email addresses
To   : Codefenix
From : Keyop
Date : Thu Aug 29 2024 11:01 pm

  Re: emailval.js accepts incomplete email addresses
  By: Codefenix to All on Thu Aug 29 2024 08:30:51

 > A new user stopped by early this morning. When validating the email address, they entered an incomplete one (e.g.: user-name@gmail).
 >
 > The emailval.js script accepted this and logged the error:
 >
 >   8/29  03:27:06a  Node 1 <user> !JavaScript  C:\sbbs\mods\emailval.js line 130: Error: Unroutable QWKnet "to_net_addr" (gmail) in recipient object
 >
 > This allowed the user to bypass the email validation process and proceed to the main menu. Granted, they didn't have their default access level adjusted either.
 >
 > I assume the system must be treating user.netmail values without a "." to the right of the "@" symbol as QWKnet addresses?
 >
 > In any case, I copied emailval.js script to /sbbs/mods, and added a check to the SendValidationEmail function to ensure that user.netmail values contain both a "@" and a ".":
 >
 > if (user.netmail.indexOf(".") < 0 && user.netmail.indexOf("@") < 0) {
 >   console.print("\r\n'" + user.netmail + "' is not a valid email address!");
 >   console.pause();
 >   return;
 > }
 >
 > This should screen out incomplete values, and prevent unwanted validation bypass attempts.

I've had a similar problem with someone using @domain

I will look to use your code, but I think it would be great if DigitalMan could add a fix to master.

---
 þ Synchronet þ >>> Magnum BBS <<< - bbs.magnum.uk.net

.