Recent Topics

1 Mar 31, 2006 04:48    

I've recently seen an anonymous visitor using a fake email address (a@a.com) when leaving an offending comment on my blog. To prevent obviously fake email addresses to be used, I've just updated the is_email function to perform some better checks.

Here is the new function:



/*
 * is_email(-)
 *
 * Check that email address looks valid
 */
function is_email( $user_email ) {
	// Quick check for '@' and '.'
	if( !strstr( $user_email, '@' ) || !strstr( $user_email, '.' ) ) {
		// The given address does not even contain an '@' and/or a '.'
		// This is clearly not an email address
		echo( ' bad1 ' );
		return false;
	}

	// Full check for full email pattern
	static $pattern = '/^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([a-zA-Z0-9])+(([\-])+([a-zA-Z0-9])+)*\.)+([a-zA-Z])+(([\-])+([a-zA-Z0-9])+)*))$/';
	$result = (bool)( preg_match( $pattern, $user_email, $matches ) );
	if( $result == false ) {
		// The email pattern is wrong
		// This is not a well formed email address
		//echo( ' bad2 ' );
		//print_r( $matches );
		return false;
	}

	// Is the email address given with an IP instead of domain?
	if( !empty( $matches[ 5 ] ) ) {
		// Email address using an IP address instead of domain
		// Consider it as a valid email address
		return true;
	}

	// Check the domain name
	static $prefixes = array( '', 'www.' );
	reset( $prefixes );
	$found = false;
	while( !$found && $prefix = each( $prefixes ) )
	{
		$prefix = $prefix[ 'value' ];
		//echo( '"'.$prefix.'", ' );
		$full_dns = $prefix . $matches[ 34 ];
		$ip = gethostbyname( $full_dns );
		if( $ip != $full_dns )
		{
			// IP found!
			//echo( ' found ' );
			$found = true;
		}
	}
	if( !$found ) {
		// The given domain does not exist
		// Bad address
		//echo( ' bad2 ' );
		//print_r( $matches );
		return false;
	}

	// All tests have been successfully passed
	// This is a valid email address
	return true;
} // is_email()


In order to use it:
[list]

  • make a backup copy of your b2evocore/_functions.php file;

  • edit your b2evocore/_functions.php file;

  • replace the is_email function you're going to find about lines 480-500 with the above PHP code.[/list:u]To check your function works fine:[list][*]make a backup copy of your blog's current skin's _main.php file;

  • add the following lines at the very bottom of the _main.php file:

  • <!-- <?php
    echo ( is_email( 'foo@gmail.com' ) ? 'OK' : 'BAD' ) . ' ';
    echo ( is_email( 'a@[127.0.0.1]' ) ? 'OK' : 'BAD' ) . ' ';
    echo ( is_email( 'a@a.com' ) ? 'OK' : 'BAD' ) . ' ';
    ?> -->

  • Display your blog using the edited skin.

  • Display the source code of the currently displayed page.

  • At the very bottom of the displayed source code, you should see something like:

  • <!-- OK OK BAD  -->


    meaning that:[list]

  • foo@gmail.com has been identified as a valid email address, since the gmail.com domain exists;

  • a@[127.0.0.1] has been identified as a valid email address, since it's a (very rare but) perfectly well formed email address;

  • [*]a@a.com has been identified as a bad email address, since the a.com domain does not exist.[/list:u][/list:u]Now everything works fine, you can restore your backup _main.php file.

    2 Mar 31, 2006 05:31

    This is why we can't have you leaving b2evolution for wordpress. Nice work! :D

    3 Apr 03, 2006 19:16

    After a complaint of a visitor, I checked the code on all the emails contained into my blog's database (there are about 450 emails right now). It appeared the gethostbyname function may consider to not return the IP address attached to a domain name on 'domainname.tld', but returns the server IP address on 'www.domainname.tld'.

    I've encountered the issue on the following domain names:

    • eau-gazeuse.com[*]ens.fr[*]globecast.com[*]hautetfort.com[*]hotmail.fr[*]plouf.fr[*]skynet.be[/list:u]

    • Using gethostbyname on those domains with the 'www.' prefix helps to find the right IP and validate the domain name. (With hautetfort.com, you can even use any prefix.) Anyway, once I'll have finish my tests, I'm going to update the above code. BTW, please notice a call to gethostbyname may last a while (up to several seconds when a domain name is not found), so don't use this new email validation function on tens or hundreds of potentially bad mails at once.

    4 Apr 03, 2006 19:45

    The above is_email function is updated now, so it accepts all the valid emails of my blog's database (about 450 registered emails in my blog's comments).


    Form is loading...