This is an article discussion thread for discussing the SitePoint article, "Verify a User's Email Address Using PHP"
| SitePoint Sponsor |
This is an article discussion thread for discussing the SitePoint article, "Verify a User's Email Address Using PHP"
so sad that windows doesnt support anything good though id assume that the people who would use this would not likely be on windows only possibly for testing or if their project is deployed. although i must admit i do find this nslookup for nix machines interesting maybe a follow up article doing more with it?
Hmm. Interesting comments in the checkdnsrr() php manual page... Including this one:
There could be some use for that + email piping. Your own little free spamchecker.maybe usefull, a blacklist (DNSBL) check function:
PHP Code:<?php
function is_blacklisted($ip) {
$dnsbl_check=array("bl.spamcop.net",
"relays.osirusoft.com",
"list.dsbl.org",
"sbl.spamhaus.org");
if ($ip) {
$quads=explode(".",$ip);
$rip=$quads[3].".".$quads[2].".".$quads[1].".".$quads[0];
for ($i=0; $i<count($dnsbl_check); $i++) {
if (checkdnsrr($rip.".".$dnsbl_check[$i],"A")) {
$listed.=$dnsbl_check[$i]." ";
}
}
if ($listed) { return $listed; } else { return FALSE; }
}
}
?>
This myCheckDNSRR function doesn't appear to work on our server. We use Win2K Server, IIS 5.0, w/ PHP 4.38. The function returns false no matter what I enter as the domain to check.
Does the php.ini file need to have a setting changed in order for this to work? And any word on when php for windows will support the checkdnsrr function?
I wish the user name could be checked too but then the mail servers enforce restrictions that won't allow you to run the user verification commands on them. Its probably an anti-spam policy.
Wish this article had been written earlier, i wouldn't have had to scratch my head finding an easy non-user-reply-dependent way to verify email addresses.
I don't like it.
Check:
http://ubertr0tt.com/checkdnform.html
I think the code can be improved upon greatly, by check it contains an '@' before splitting, etc. The following didnt get picked up by the code:
- @msn.com, @hotmail.com, etc on thier own. I know the code doesnt check for a username but still..
- iam@smelly.com
- sitepoint@rules.com
- coca@cola.com
The list goes on
Regards,
1337
If knowledge is power - Why isn't our army librarians?!
Statistics show that 63% of all statistics are fake.
When i was little i broke my neck, and i havent looked back since.
I completed the internet in 1 week. The end boss was pretty easy though
[color=#f1f1f1]
Function:
Then in the code, this is the check:PHP Code:function validate_email($email)
{
// Create the syntactical validation regular expression
$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
// Presume that the email is invalid
$valid = 0;
// Validate the syntax
if (eregi($regexp, $email))
{
list($username,25/08/2004omaintld) = split("@",$email);
// Validate the domain
if (getmxrr(25/08/2004omaintld,$mxrecords))
$valid = 1;
} else {
$valid = 0;
}
return $valid;
}
PHP Code:if validate_email($email)
{
echo 'email is valid';
}
else
{
echo'email is not valid';
}
[color=#f1f1f1][/color]
Regards,
1337
If knowledge is power - Why isn't our army librarians?!
Statistics show that 63% of all statistics are fake.
When i was little i broke my neck, and i havent looked back since
I completed the internet in 1 week. The end boss was pretty easy though
plz verify my E-mail address
Hallo friends! Really nice place here. I found a lot of interesting stuff all around. Just what I was looking for. Great joy!
Great article! Hope it'll be working as written :)
Yep it is slightly better than using regex on its own - but the dns approach can slow down a bit whilst it does its checking. I say only use it if you really think it is likely that a user will deliberately input a misleading email address... if you just want to help the user out (typo mistakes) then regex's are still top in my book. Some reports say sometimes 30 to 60 seconds to dns check but I think it's usually between about 5 and 15 seconds. Well that's my 2 pence.
This is a good script but what happens if the domain is currect but not the username? Is there a way of checking the whole email address is real?
I know that in Perl there is a module called Mail::VRFY [http://search.cpan.org/~jkister/Mail-VRFY-0.55/VRFY.pm] that can communicate with the SMTP server and check to see if it accepts the username.
I also know that there are many websites on the Internet that do verify usernames for you in this manner. I suppose they work similarly to the Perl module above, although these websites don't usually give out the source. Some of these websites are:
http://www.addresses.com/email_verify.php
http://gemal.dk/browserspy/mailcheck.cgi
http://www.mailtester.com/
and many more...
Maybe someone can figure out how to do it in PHP?
http://www.zend.com/zend/spotlight/ev12apr.php
gives instructions for doing just that. www.geomonsters also have a class that does the same. Howver, I have been warned that the operators of some mail servers regard this as hacking (and spammers used to use this technique to check randomly generated emails) so many servers block this form of checking.
Has anyone else encountered a spamming problem with this verification method?
Upon completion of this tutorial, I tested the verification function with fictional email addresses and a new email alias with my host domain name (big mistake!). The conditionals worked, but within a minute, I received 3 junk mails to the new, valid email address. I'm guessing that spammers found a loop hole in the checkdnsrr function so that anyone who enters a valid email address will get spammed by your site's PHP form.
This is a great idea, but like registering a new product (3Com Palm V) with your personal information, it seems to do more harm than good.
should be 2,6 since 6 letter tld is valid (.museum)Originally Posted by 1337-Dev
We are the Borg. Resistance is futile. Prepare to be assimilated.
I'm Pentium of Borg.Division is futile.Prepare to be approximated.
The foolproof way is to send a mail to that address?! I you don't get an error-report, the address exists...
sure and the user gets an email saying: "That's just checking the valadity of your address.
You can ignore this mail and you will get another one."
We are the Borg. Resistance is futile. Prepare to be assimilated.
I'm Pentium of Borg.Division is futile.Prepare to be approximated.
If you're asking an email and you're planning to never use it, why would you ask for an email in the first place?
And it would be more something like: "We like to thank you for registering" and even give them a password or something, which gives them the right to exclusive content...
I was thinking that myself, not the best of ideas!sure and the user gets an email saying: "That's just checking the valadity of your address.
You can ignore this mail and you will get another one."
Most places you register with ask for an email address and never use it.
So why do they need an email-address then?
to sell them to spammers >:)
momos, i think we have to dig a little deeper.
Books can be written on validation and on email validation in particular.
My very personal opinion is that all this validation mambo jumbo should be kept very simple.
You cannot proof everything a 100% anyway.
Too often i ran into the situation that a correct entry was refused because of some weired rules.
And that becomes true if you're dealing with different countries where names, zip codes telefon numbers etc vary from country to country substantually.
Back to email validation.
Why one need to provide an email address? To get a newsletter, a confirmation of the purchase at an online shop etc.
So, if i provide a wrong email address intentionally, what sense would that make?
Maybe there's a typo in the address. That may happen. Makes sense for a checking in this case. If the email address is a substantial part of whatever you provide, you can use a confirmation input of it, ie the user has to type it twice (as eg the password).
Anyway, i'm checking just the format of the email address and that's fine with me.
Other people may have other requirements (and of course opinions) and want a much stronger validation.
Just bear in mind: Nothing is bullet proof.
and i'd like to add: Therefore KISS
We are the Borg. Resistance is futile. Prepare to be assimilated.
I'm Pentium of Borg.Division is futile.Prepare to be approximated.
I concur...
That was exactly the point I was trying to make!
Anyway I do understand that you check the general form(or more) of the email-address; been there done that (http://www.sitepoint.com/forums/showthread.php?t=167372), but as you also said, there is still a possibility that the validation keeps you from entering your - possibly very strange albeit - perfectly valid email.
Posting Permissions
Bookmarks