Not signed in (Sign In)

SkillShare - A place to discuss Web Standards and Web Design topics

Categories

Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.

Server Side Scripting / Coding: php email validation

Bottom of Page

1 to 7 of 7

  1.  
    • CommentAuthorkaiman
    • CommentTimeSep 9th 2006
     permalink
    Hello,

    I am looking for some help with a newsletter form on my website (code below). I want to add regular expressions to the form below to validate the email address and keep spammers out. Is this possible? Can someone help me with the correct code? Any help or suggestions would be appreciated.

    Thanks,

    kaiman

    <?php

    if ($_POST[recipient] && $_POST[subject] && $_POST[redirect]) {

    if ($_POST[required]) {
    $rfields = explode (",",$_POST[required]);
    foreach ($rfields as $check) {
    if (!$_POST[$check]) {
    header("Location: ".$_POST[errorpage]);
    exit();
    }
    }
    }

    if ($_POST[autoresponse] && $_POST[email]) {
    $html = file_get_contents($_POST[autoresponse]) or die("<b><font>Not a valid autoresponse page...</font><b>");
    if ($html) {
    $tit_start = strpos($html,"<title>")+7;
    $tit_end = strpos($html,"</title>")-$tit_start;
    $mailsubject = $html;
    $mailsubject = substr($mailsubject, $tit_start, $tit_end);
    mail($_POST[email], $mailsubject, $html, "From: $_POST[autoresponsefrom]<_POST>\r\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=iso-8859-1");
    }
    }
    else if (!$_POST[email]) {
    echo "<b><font>Email field required when using autoresponse mail...</font></b>";
    exit();
    }

    $ndata = array("recipient","subject","required","errorpage","redirect","autoresponse","autoresponsefrom");

    while (current($_REQUEST)) {
    if (!in_array(key($_REQUEST),$ndata)) $msg .= key($_REQUEST).": ".current($_REQUEST)."\n";
    next($_REQUEST);
    }

    mail($_POST[recipient],$_POST[subject],$msg,"From: $_POST[email]\r\n"."Reply-To: $_POST[email]\r\n");
    header("Location: ".$_POST[redirect]);
    }
    else echo "<b><font>Recipient, subject or redirect field is missing...</font></b>";

    ?>
    • CommentAuthordhayes
    • CommentTimeSep 9th 2006
     permalink
    you can use regex (search google: preg_match email) or use the getmxrr(); function.

    btw, i can have any file on your server sent to myself using that script.

    good luck..
  3.  permalink
    I found this one on zend forum:
    [code]
    function ValidateMail($Email) {
    global $HTTP_HOST;
    $result = array();
    if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $Email)) {
    $result[0]=false;
    $result[1]="$Email is not properly formatted";
    return $result;
    }
    list ( $Username, $Domain ) = split ("@",$Email);
    if (getmxrr($Domain, $MXHost)){
    $ConnectAddress = $MXHost[0];
    } else {
    $ConnectAddress = $Domain;
    }
    $Connect = fsockopen ( $ConnectAddress, 25 );
    if ($Connect) {
    if (ereg("^220", $Out = fgets($Connect, 1024))) {
    fputs ($Connect, "HELO $HTTP_HOST\r\n");
    $Out = fgets ( $Connect, 1024 );
    fputs ($Connect, "MAIL FROM: <{$Email}>\r\n");
    $From = fgets ( $Connect, 1024 );
    fputs ($Connect, "RCPT TO: <{$Email}>\r\n");
    $To = fgets ($Connect, 1024);
    fputs ($Connect, "QUIT\r\n");
    fclose($Connect);
    if (!ereg ("^250", $From) || !ereg ( "^250", $To )) {
    $result[0]=false;
    $result[1]="Server rejected address";
    return $result;
    }
    } else {
    $result[0] = false;
    $result[1] = "No response from server";
    return $result;
    }
    } else {
    $result[0]=false;
    $result[1]="Can not connect E-Mail server.";
    return $result;
    }
    $result[0]=true;
    $result[1]="$Email appears to be valid.";
    return $result;
    }
    [/code]
    • CommentAuthoreasement
    • CommentTimeOct 16th 2006
     permalink
    I just posted this in another topic, but it is even more relavant here:

    While we are on the topic of email forms and not putting e-mail directly in the code, I would like to bring up the important fact of e-mail header injection attacks. I got burned so I am giving you a heads up.

    Here's a huge page describing the attacks:
    http://www.securephpwiki.com/index.php/Email_Injection

    The solution is that you should check the fields the users are allowed to fill in before you send the email. The fix they list [you would put this before the mail() function call ]is:

    <?php
    $from = $_POST["sender"];
    $from = urldecode($from);
    if (eregi("\r",$from) || eregi("\n",$from)){
    die("Why ?? :(");
    }
    ?>
    •  
      CommentAuthorramm
    • CommentTimeOct 17th 2006
     permalink
    I'm using this:

    		if($_POST['email']=="") {
    		         $error = "no email error message.";
    		} else if(!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$",$_POST['email'])) {
    			$error = "wrong email error message.";
    			}


    But, this doesn't block spammers, you may want to try captcha or something like.
    • CommentAuthorjustjack
    • CommentTimeDec 5th 2006
     permalink
    A little confusing for someone looking for help.

    dhayes, what can you offer, knowing that we don't wish to share our files with others.

    Let's say I have a simple form. How do I validate what is submitted and protect at the same time. I already have my form, but sure it's not bullet proof

    First Name
    Last Name
    Phone
    Email
    Comments
    • CommentAuthorDrylouvre
    • CommentTimeDec 6th 2006
     permalink

    You may wanna have a look at Forms To Go from Bebosoft. This does most of the hard work for you.

    P.S. Not affiliated with them in any way!

1 to 7 of 7

  1.  
Add your comments
    Username Password
  • Format comments as (Help)
 
Back to Discussions Top of Page