Burts AIS, osCommerce & More Blog
New URL: www.osworld.biz

Friday, August 12, 2005

Fake Email Addresses

Someone was wondering about how to stop people inputting fake email addresses when buying from an osCommerce Store. There is no way to do it, at present; There is a banned emails contribution that I coded up, which can help to weed out fraudsters and fakers. There is an option in Admin to turn on DNS checking for email addresses, but this won't help as it checks DNS on the hostname, not on the actual email address - thus made_up_bit@hotmail.com would pass DNS check... The only option was as I explained:

1/ The site creates a random password for them. 2/ The site logs them out with a "check your email address" message. 3/ The email contains their password. 4/ When they get their password they can log back into their cart and complete the checkout procedure.
This would be very easy to accomplish as I already have a "random passwords to email" piece of code that I use. I think that all that would need to be done is add a few lines of code to the create_account page (after the welcome email is sent) like this: tep_session_unregister('customer_id'); tep_session_unregister('customer_default_address_id'); tep_session_unregister('customer_first_name'); tep_session_unregister('customer_country_id'); tep_session_unregister('customer_zone_id'); tep_session_unregister('comments'); Obviously a redirect would be needed, possibly to the Login Page, which includes a "check your email" message... And the whole thing would work well! I think. The customer would be able to log in, his cart would be ready for him to check out. The only problem is that this may be enough to put buyers off of using your store - so you'd need to weight up the advantages and disadvantages of this idea before implementing.

New URL: www.osworld.biz - thanks!


Post a Comment

<< Home

View Latest Posts

To View Newer Posts - Click Here!