I've recently seen an anonymous visitor using a fake email address (a@a.com) when leaving an offending comment on my blog. To prevent obviously fake email addresses to be used, I've just updated the is_email function to perform some better checks.
Here is the new function:
/*
* is_email(-)
*
* Check that email address looks valid
*/
function is_email( $user_email ) {
// Quick check for '@' and '.'
if( !strstr( $user_email, '@' ) || !strstr( $user_email, '.' ) ) {
// The given address does not even contain an '@' and/or a '.'
// This is clearly not an email address
echo( ' bad1 ' );
return false;
}
// Full check for full email pattern
static $pattern = '/^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([a-zA-Z0-9])+(([\-])+([a-zA-Z0-9])+)*\.)+([a-zA-Z])+(([\-])+([a-zA-Z0-9])+)*))$/';
$result = (bool)( preg_match( $pattern, $user_email, $matches ) );
if( $result == false ) {
// The email pattern is wrong
// This is not a well formed email address
//echo( ' bad2 ' );
//print_r( $matches );
return false;
}
// Is the email address given with an IP instead of domain?
if( !empty( $matches[ 5 ] ) ) {
// Email address using an IP address instead of domain
// Consider it as a valid email address
return true;
}
// Check the domain name
static $prefixes = array( '', 'www.' );
reset( $prefixes );
$found = false;
while( !$found && $prefix = each( $prefixes ) )
{
$prefix = $prefix[ 'value' ];
//echo( '"'.$prefix.'", ' );
$full_dns = $prefix . $matches[ 34 ];
$ip = gethostbyname( $full_dns );
if( $ip != $full_dns )
{
// IP found!
//echo( ' found ' );
$found = true;
}
}
if( !$found ) {
// The given domain does not exist
// Bad address
//echo( ' bad2 ' );
//print_r( $matches );
return false;
}
// All tests have been successfully passed
// This is a valid email address
return true;
} // is_email()
In order to use it:
[list]
make a backup copy of your b2evocore/_functions.php file;
edit your b2evocore/_functions.php file;
replace the is_email function you're going to find about lines 480-500 with the above PHP code.[/list:u]To check your function works fine:[list][*]make a backup copy of your blog's current skin's _main.php file;
add the following lines at the very bottom of the _main.php file:
<!-- <?php
echo ( is_email( 'foo@gmail.com' ) ? 'OK' : 'BAD' ) . ' ';
echo ( is_email( 'a@[127.0.0.1]' ) ? 'OK' : 'BAD' ) . ' ';
echo ( is_email( 'a@a.com' ) ? 'OK' : 'BAD' ) . ' ';
?> -->
Display your blog using the edited skin.
Display the source code of the currently displayed page.
At the very bottom of the displayed source code, you should see something like:
<!-- OK OK BAD -->
meaning that:[list]
foo@gmail.com has been identified as a valid email address, since the gmail.com domain exists;
a@[127.0.0.1] has been identified as a valid email address, since it's a (very rare but) perfectly well formed email address;
[*]a@a.com has been identified as a bad email address, since the a.com domain does not exist.[/list:u][/list:u]Now everything works fine, you can restore your backup _main.php file.
General Support
b2evolution CMS Support Forums
This is why we can't have you leaving b2evolution for wordpress. Nice work! :D