2009/4/28 Jan G.B. <ro0ot.w00t@xxxxxxxxxxxxxx> > 2009/4/28 Luke <luke@xxxxxxxxxxxxxx>: > > > > > > 2009/4/28 Jan G.B. <ro0ot.w00t@xxxxxxxxxxxxxx> > >> > >> 2009/4/28 Jay Blanchard <jblanchard@xxxxxxxxxx>: > >> > Our company wants to do e-mail verification and does not want to use > the > >> > requests / response method (clicking a link in the e-mail to verify > the > >> > address), which as we all know is the only way you can be truly sure. > I > >> > found this; > >> > > >> > http://verify-email.org/ > >> > > >> > Which seems to be the next best deal and it is written in PHP. Has > >> > anyone used this? Is anyone doing something similar? How do you handle > >> > errors? I know that some domains will not accept these requests. > >> > > >> > >> They don't even detect greylisting! > >> > >> > >> > >> > I think that this method would really work for us and cut down on the > >> > bogus e-mail addresses we're receiving though. Thoughts? > >> > > >> > >> There's just one way: let the users confirm with an activation link. > >> People often insert their addresses wrong without noticing it.. > >> example: www.myalias@xxxxxxxxxxxx instead of myalias@xxxxxxxxxxxx, > >> aol.<DE|UK|NL|FR|etc> instead of aol.com and so on. > >> > >> So ... nothing like "insert your mail twice" or "re-check your address > >> please" actually works. ;) > >> > >> On the other hand: Douple-opt-In is quite like an industry standard - > >> why wouldn't your firm use it? It makes customers happy as well as > >> "not-customers" because people can't use their addressess to sign-up. > >> I hate getting other peoples email. > >> > >> > >> byebye > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > /** > > Validate an email address. > > Provide email address (raw input) > > Returns true if the email address has the email > > address format and the domain exists. > > > > Modified: 06/06/2003 > > **/ > > function validEmail($email) > > { > > $isValid = true; > > $atIndex = strrpos($email, "@"); > > if (is_bool($atIndex) && !$atIndex) > > { > > $isValid = false; > > } > > else > > { > > $domain = substr($email, $atIndex+1); > > $local = substr($email, 0, $atIndex); > > $localLen = strlen($local); > > $domainLen = strlen($domain); > > if ($localLen < 1 || $localLen > 64) > > { > > // local part length exceeded > > $isValid = false; > > } > > else if ($domainLen < 1 || $domainLen > 255) > > { > > // domain part length exceeded > > $isValid = false; > > } > > else if ($local[0] == '.' || $local[$localLen-1] == > '.') > > { > > // local part starts or ends with '.' > > $isValid = false; > > } > > else if (preg_match('/\\.\\./', $local)) > > { > > // local part has two consecutive dots > > $isValid = false; > > } > > else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', > $domain)) > > { > > // character not valid in domain part > > $isValid = false; > > } > > else if (preg_match('/\\.\\./', $domain)) > > { > > // domain part has two consecutive dots > > $isValid = false; > > } > > else if > > (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', > > str_replace("\\\\","",$local))) > > { > > // character not valid in local part unless > > // local part is quoted > > if (!preg_match('/^"(\\\\"|[^"])+"$/', > > str_replace("\\\\","",$local))) > > { > > $isValid = false; > > } > > } > > > > if ($isValid && !(checkdnsrr($domain,"MX") || > > checkdnsrr($domain,"A"))) > > { > > // domain not found in DNS > > $isValid = false; > > } > > } > > > > return $isValid; > > } > > > > > > -- > > Luke Slater > > I Like the approach of checking the DNS. > > But all that regexp matching could be skipped when using > filter_input() or filter_var() with the Filter FILTER_VALIDATE_EMAIL - > or am I wrong? > > I'm using the filter in combination with a domain checker which > basically checks for a valid TLD on a high traffic website with great > success - so far. > > > byebye > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > That's very possible, the reason for that not being in there I think is down to the fact that the code is so old. It would certainly simplify the code using filter_input(); Anyway, I think this kind of approach is probably the most reliable and safe given you're not then having to deal with blacklists and such. -- Luke Slater http://dinosaur-os.com/ :O)
