3 replies to this topic

[John]

The first thing we are going to do is create a new php file and starte a new function that accepts an email parameter.

<?php

function EmailValidation($email) { 

	

}

?>

Next thing we want to do is remove any unnecessary characters from the email address to prevent any melicious attacks. We do that by using the htmlspecialchars(), stripslashes(), and strip_tags() functions.

<?php

function EmailValidation($email) { 

	$email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

	

}

?>

Next we are going to use regex in conjunction with the eregi (which is the same thing as the ereg function except eregi ignores case) to verify that the email address is in proper format. For example: name@domain.extention

<?php

function EmailValidation($email) { 

	$email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

	

	if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

	

        }

}

?>

Now we are going to explode the email address at the "@" sign so the parts of the email address are seperated into an array. That way we can use the domain name to make a connection to the server to test if the doman name is valid. To connect to the server we are going to use the fsockopen() function, and if the connection is established we are going to return true.

<?php

function EmailValidation($email) { 

	$email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

	

	if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

	$domain = explode( "@", $email ); //get the domain name

		

		if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

			//if the connection can be established, the email address is probabley valid

			return true;

		}

}

?>

Now all we need to do is write the code for the even that the email address is not in a valid format or the connection cannot be established. We will set the return types to be false in these cases.

<?php

function EmailValidation($email) { 

	$email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

	

	if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

	$domain = explode( "@", $email ); //get the domain name

		

		if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

			//if the connection can be established, the email address is probabley valid

			return true;

			/*

			

			GENERATE A VERIFICATION EMAIL

			

			*/

			

		} else {

			return false; //if a connection cannot be established return false

		}

	

	} else {

		return false; //if email address is an invalid format return false

	}

}

?>

Now that we have a function to verify the email address all you need to do is make a simple form like this

<?php

function EmailForm(){

	if(empty($_POST['email'])){

		echo "<form action=".$_SERVER['PHP_SELF']." method='post'>

		<table border='0'>

		<tr>

		<td>Email</td>

		<td><input name='email' type='text' id='email' /></td>

		</tr>

		<tr>

		<td> </td>

		<td><input type='submit' name='Submit' value='Validate' /></td>

		</tr>

		</table>

		</form>";	

	} elseif(isset($_POST['email'])) {

	

		if(EmailValidation($_POST['email'])) {

			echo "An email has been sent to you. Please follow the instructions to activate your account.";

		} else {

			echo "Your email address appears to be invalid. Please try again.";

		}

	

	} else {

		

		echo "An error has occured, please contact the administrator.";

	

	}

}

?>

Now add these two functions to the same file and call the EmailForm function and your good to go.

<?php


function EmailValidation($email) { 

	$email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits

	

	if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format

	$domain = explode( "@", $email ); //get the domain name

		

		if ( @fsockopen ($domain[1],80,$errno,$errstr,3)) {

			//if the connection can be established, the email address is probabley valid

			return true;

			/*

			

			GENERATE A VERIFICATION EMAIL

			

			*/

			

		} else {

			return false; //if a connection cannot be established return false

		}

	

	} else {

		return false; //if email address is an invalid format return false

	}

}


function EmailForm(){

	if(empty($_POST['email'])){

		echo "<form action=".$_SERVER['PHP_SELF']." method='post'>

		<table border='0'>

		<tr>

		<td>Email</td>

		<td><input name='email' type='text' id='email' /></td>

		</tr>

		<tr>

		<td> </td>

		<td><input type='submit' name='Submit' value='Validate' /></td>

		</tr>

		</table>

		</form>";	

	} elseif(isset($_POST['email'])) {

	

		if(EmailValidation($_POST['email'])) {

			echo "An email has been sent to you. Please follow the instructions to activate your account.";

		} else {

			echo "Your email address appears to be invalid. Please try again.";

		}

	

	} else {

		

		echo "An error has occured, please contact the administrator.";

	

	}

}


EmailForm();


?>

[xtraze]

wow, not a simple for I say, but I may just copy/paste and I will Edit thing to suit my needs.

[matthewk]

I think preg_match is quicker from what I've read. Also, what exploits could occur which require the necessity of htmlspecialchars?