PHP:Tutorial - Email Verification

***John*** · #1 (**permalink**) 12-15-2006, 08:10 PM

The first thing we are going to do is create a new php file and starte a new function that accepts an email parameter.

PHP Code:


			
<?php

function EmailValidation($email) { 

    

}

?>

Next thing we want to do is remove any unnecessary characters from the email address to prevent any melicious attacks. We do that by using the htmlspecialchars(), stripslashes(), and strip_tags() functions.

PHP Code:


			
<?php

function EmailValidation($email) { 

    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

    

}

?>

Next we are going to use regex in conjunction with the eregi (which is the same thing as the ereg function except eregi ignores case) to verify that the email address is in proper format. For example: name@domain.extention

PHP Code:


			
<?php

function EmailValidation($email) { 

    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

    

    if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

    

        }

}

?>

Now we are going to explode the email address at the "@" sign so the parts of the email address are seperated into an array. That way we can use the domain name to make a connection to the server to test if the doman name is valid. To connect to the server we are going to use the fsockopen() function, and if the connection is established we are going to return true.

PHP Code:


			
<?php

function EmailValidation($email) { 

    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

    

    if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

    $domain = explode( "@", $email ); //get the domain name

        

        if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

            //if the connection can be established, the email address is probabley valid

            return true;

        }

}

?>

Now all we need to do is write the code for the even that the email address is not in a valid format or the connection cannot be established. We will set the return types to be false in these cases.

PHP Code:


			
<?php

function EmailValidation($email) { 

    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

    

    if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

    $domain = explode( "@", $email ); //get the domain name

        

        if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

            //if the connection can be established, the email address is probabley valid

            return true;

            /*

            

            GENERATE A VERIFICATION EMAIL

            

            */

            

        } else {

            return false; //if a connection cannot be established return false

        }

    

    } else {

        return false; //if email address is an invalid format return false

    }

}

?>

Now that we have a function to verify the email address all you need to do is make a simple form like this

PHP Code:


			
<?php

function EmailForm(){

    if(empty($_POST['email'])){

        echo "<form action=".$_SERVER['PHP_SELF']." method='post'>

        <table border='0'>

        <tr>

        <td>Email</td>

        <td><input name='email' type='text' id='email' /></td>

        </tr>

        <tr>

        <td>&nbsp;</td>

        <td><input type='submit' name='Submit' value='Validate' /></td>

        </tr>

        </table>

        </form>";    

    } elseif(isset($_POST['email'])) {

    

        if(EmailValidation($_POST['email'])) {

            echo "An email has been sent to you. Please follow the instructions to activate your account.";

        } else {

            echo "Your email address appears to be invalid. Please try again.";

        }

    

    } else {

        

        echo "An error has occured, please contact the administrator.";

    

    }

}

?>

Now add these two functions to the same file and call the EmailForm function and your good to go.

PHP Code:


			
<?php



function EmailValidation($email) { 

    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

    

    if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

    $domain = explode( "@", $email ); //get the domain name

        

        if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

            //if the connection can be established, the email address is probabley valid

            return true;

            /*

            

            GENERATE A VERIFICATION EMAIL

            

            */

            

        } else {

            return false; //if a connection cannot be established return false

        }

    

    } else {

        return false; //if email address is an invalid format return false

    }

}



function EmailForm(){

    if(empty($_POST['email'])){

        echo "<form action=".$_SERVER['PHP_SELF']." method='post'>

        <table border='0'>

        <tr>

        <td>Email</td>

        <td><input name='email' type='text' id='email' /></td>

        </tr>

        <tr>

        <td>&nbsp;</td>

        <td><input type='submit' name='Submit' value='Validate' /></td>

        </tr>

        </table>

        </form>";    

    } elseif(isset($_POST['email'])) {

    

        if(EmailValidation($_POST['email'])) {

            echo "An email has been sent to you. Please follow the instructions to activate your account.";

        } else {

            echo "Your email address appears to be invalid. Please try again.";

        }

    

    } else {

        

        echo "An error has occured, please contact the administrator.";

    

    }

}



EmailForm();



?>

**Jordan** · #2 (**permalink**) 12-15-2006, 08:57 PM

Very nice tutorial! Thank you!

xtraze · #3 (**permalink**) 12-30-2006, 02:25 AM

wow, not a simple for I say, but I may just copy/paste and I will Edit thing to suit my needs.

matthewk · #4 (**permalink**) 09-19-2007, 12:19 PM

I think preg_match is quicker from what I've read. Also, what exploits could occur which require the necessity of htmlspecialchars?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Email form v2	Jaan	PHP Tutorials	7	07-25-2008 12:44 PM
Dynamic Email insertion in HTML	Gibster	HTML Programming	5	07-17-2007 04:22 PM
WARNING: New e-gold phishing email	andrew	Business and Legal	3	04-27-2007 11:54 AM
Email Verification	Lop	PHP Forum	7	12-22-2006 10:32 PM
Catch All Email Account	Nightracer	Computer Software/OS	4	11-17-2006 05:56 PM

Xav	........	1318.93
MeTh0Dz\|Reb0rn	........	1053.7
morefood2001	........	879.43
John	........	877.37
marwex89	........	869.98
WingedPanther	........	814.88
Brandon W	........	712.1
chili5	........	300.72
Steve.L	........	232.06
dcs	........	194.72

Unregistered, Check out the Coder Battles in the Announcement and Game forums.

CodeCall

Contest Stats

CodeCall Goal

Sponsors

Ads

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)