SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Accepting Only Valid Email Formats

    Hi,

    I am trying to complete a membership registration script however the email part allows for any email address to be entered such as "emailmehere" instead of "emailme@here.com"

    Can anyone advise how can ensure only a correct format email address is entered


    Code:
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    if (!$email)
    {
      $error = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';
    }


    Code:
     <?php
        $_SESSION['userLoggedIn'] = 0;
        $_SESSION['userEmail'] = '';
        $_SESSION['userID'] = '';
        
        // Reset errors and success messages
        $errors = array();
        $success = array();
        
        // Login attempt
        if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
        {
            $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
            $loginPassword    = trim($_POST['password']);
    
    
    		
            if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
            {
                $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
            }
    
            if(count($errors) === 0)
            {
    $query    = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1';  
                $result = mysql_query($query);
                if (!$result)
                {
                    die('Invalid query: ' . mysql_error());
                }
                
                if(mysql_num_rows($result) === 1)
                {
                    $row = mysql_fetch_assoc($result);
                    $_SESSION['userLoggedIn'] = 1;
                    $_SESSION['userEmail'] = $loginEmail;
                    $_SESSION['userID'] = $row['id'];
                    
                    header('Location: index.php');
                    exit;
                } else {
                    $errors['login'] = 'No user was found with the details provided.';
                }
            }
        }
        /*
          The rest of your login page code
        */ 
    
      // Reset errors and success messages  
        $errors = array();  
        $success = array();  
        // Login attempt  
        if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){  
            $loginEmail = trim($_POST['email']);  
            $loginPassword  = trim($_POST['password']);  
              
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    if (!$email)
    {
      $error = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';
    } 
              
            if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)  
                $errors['loginPassword'] = 'Your password must be between 6-12 characters.';  
              
            if(!$errors){  
                $query  = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1';  
                $result = mysql_query($query);  
                if(mysql_num_rows($result) == 1){  
                    $user = mysql_fetch_assoc($result);  
                    $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1';  
                    mysql_query($query);  
                    header('Location: index.php');  
                    exit;  
                }else{  
                    $errors['login'] = 'No user was found with the details provided.';  
                }  
            }  
        }  
          
        // Register attempt  
        if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
        $firstname = mysql_real_escape_string(trim($_POST['firstname']));
        $surname = mysql_real_escape_string(trim($_POST['surname']));
            $registerEmail = trim($_POST['email']);  
            $registerPassword = trim($_POST['password']);  
            $registerConfirmPassword    = trim($_POST['confirmPassword']);  
                      
        if(!isset($firstname) || empty($firstname)) {
            $errors['firstname'] = "Please enter your First Name.";
        }
    	
    	if(!isset($surname) || empty($surname)) {
            $errors['surname'] = "Please enter your Surname.";
        }
    		
    		 if ($loginEmail === false)
            {
              $errors['loginEmail'] = 'Please enter your email address in a valid format.    Example: bobsmith@companyname.com';
            }
    
    		
            if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)     
                $errors['registerPassword'] = 'Your password must be between 6-12 characters.';  
              
    		      if($password != $confirmPassword && !$error) {
            $error = "The passwords you entered did not match.";
        }
    	
    $Email = filter_var($_POST['registerEmail'], FILTER_VALIDATE_EMAIL);
    if (!registerEmail)
    {
    $errors['registerEmail'] = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';
    } 
    	
            if($registerPassword != $registerConfirmPassword)  
                $errors['registerConfirmPassword'] = 'Your passwords did not match.';  
              
            // Check to see if we have a user registered with this email address already  
    		
    		
    if(!$errors){
          $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())";
                             
         $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error
         if($result){
              $success['register'] = 'Thank you for registering. You can now log in on the left.';
          }else{
              $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
         }
    }  
                   }
    				
    				
    
    	
        $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
        if(mysql_num_rows($query) > 0 && !$error) {
            $error = "Sorry, that email is already in use!";
        }
    	 
        if(!$error) {
            $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
            if($query) {
                $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with .com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com";
                $headers = "From: ".$website['name']." <".$website['email'].">\r\n";
                mail($_POST['email'], "Welcome", $message, $headers);
                setcookie("user", mysql_insert_id(), $time);
                setcookie("pass", mysql_real_escape_string(md5($password)), $time);
                header("Location: users.php");
            } else {
                $error = "There was a problem with the registration. Please try again.";
            }
        }
    
    		
    
        
        ?>

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,150
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Your first code sample looks right to me, but when you get into your second code sample, you are not comparing the filter_var() return in your IF statement, you are comparing the trim() call... This is true for both $loginEmail and $registerEmail during the registration process.

    Code in question:
    PHP Code:
             if ($loginEmail === false)
            {
              
    $errors['loginEmail'] = 'Please enter your email address in a valid format.    Example: bobsmith@companyname.com';
            } 
    And
    PHP Code:
    $Email filter_var($_POST['registerEmail'], FILTER_VALIDATE_EMAIL);
    if (!
    registerEmail// you should be checking the result of $Email
    {
    $errors['registerEmail'] = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';


  3. #3
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,150
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Also $loginEmail is never declared/assigned during your registration process.

  4. #4
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thanks, quite confused by all this.

    I have been working on this for around 3 months and everything else seems to work fine. Just need to complete this.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •