Page 1 of 1

Checking for a bad email for registering...

Posted: Sat Dec 09, 2006 6:50 am
by Mightywayne
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


What happens is, I enter the info, yeah it's great, whatever. But then I go to the next page (after hitting my register button) and it says... well, nothing, but it's supposed to. However, it won't add anything, it's like it's being blocked by the filter for emails, but it just... won't work... for real emails. Basically, I've set up a guard to stop entries without "." or "@" to stop from bad emails. Or, typo's. 

Here's what I've got altogether.

Code: Select all

<?php

$con = mysql_connect("localhost","burnttoa_umonbre","*****");

if (!$con)
{
die('Could not connect: ' . mysql_error());
}

$username = $_POST["username"];
$password = $_POST["password"];
$cpassword = $_POST["cpassword"];
$email = $_POST["email"];



if ($password == $cpassword)
;
else
die("It seems you've typo'd your password, please go back and enter it again!");


$findmail = strpos($email, "@");
$finddot = strpos($email, ".");

if ($findmail === false)
{
 echo "You did not enter a valid email address; <a href=\"javascript:history.back\">Go back</a> and enter\n
 a valid email adress";
 $continue = false;
 if ($finddot === false)
  {
   $continue = false;
  }
}

else
{
if ($continue != false)
 {
mysql_select_db("burnttoa_monbre", $con);

mysql_query("INSERT INTO user (ID, name, pword, email, money, ranch, barn, happy, tlevel)
VALUES ('', '$username', '$password', '$email', '3000', '1', '1', '70', '1')")
or die(mysql_error());

mysql_query("INSERT INTO items (userbagID)
VALUES ('')")
or die(mysql_error());
    }
}

?>
Any ideas?


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Dec 09, 2006 9:43 am
by thiscatis
you can use this function:

Code: Select all

function isValidEmail($email){
   $pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$";
     
   if (eregi($pattern, $email)){
      return true;
   }
   else {
      return false;
   }   
}

Posted: Sat Dec 09, 2006 9:47 am
by feyd
That's not an RFC compliant match, just to let that be known.

I've posted links to a RFC compliant implementation several times however.

Posted: Sat Dec 09, 2006 12:14 pm
by kaisellgren
Yes, but RFC compliant match would allow very 'stupid' structures... for example characters like %!" are allowed, etc...

I would just use this

Code: Select all

if preg_match("/^[\w\.\-+]+@[\w\.\-]{2,}\.[a-z]{2,4}$/i",$email)
 // valid email

Posted: Sat Dec 09, 2006 12:19 pm
by feyd
It doesn't matter if they/it allows "stupid" structures, they are perfectly valid and should be allowed.

Posted: Sat Dec 09, 2006 12:30 pm
by kaisellgren
feyd wrote:It doesn't matter if they/it allows "stupid" structures, they are perfectly valid and should be allowed.
Yeah they are valid, but who will have email addresses like %%%@sdfsdf.cc.

Posted: Sat Dec 09, 2006 12:49 pm
by feyd
It doesn't matter if the probability of someone having an "odd" email address is small, it's still possible and completely correct, therefore you should accept it. Disallowing a perfectly valid email address is a bad user experience that is EASILY avoided. So avoid it.

Posted: Sat Dec 09, 2006 3:20 pm
by Chris Corbyn
Can tell you with 100% certainty that we (my work project) have at least one user out of about 3000 who has an address with a "'" in it:

someone.o'reilly@domain.tld

Posted: Sat Dec 09, 2006 3:23 pm
by kaisellgren
Okay. Maybe just using "~.+@.+\..{2,4}~" is the best way to do this unless using complete RFC check that would be slower.

Posted: Sat Dec 09, 2006 3:28 pm
by Chris Corbyn
kaisellgren wrote:Okay. Maybe just using "~.+@.+\..{2,4}~" is the best way to do this unless using complete RFC check that would be slower.
Not massively slower. This regex here is valid for the local part of the address but the bit after the @ hasn't been checked for RFC compliancy. It could be updated I guess. I stuck with my version (this one) since it's still only in one regex and considering the length of an email address is usually really short it's not going be very expensive anyway.

Code: Select all

/**
	 * A regular expression which matches valid e-mail addresses (including some unlikely ones)
	 */
	const CHEAP_ADDRESS_RE = '(?#Start of dot-atom
		)[-!#\$%&\'\*\+\/=\?\^_`{}\|~0-9A-Za-z]+(?:\.[-!#\$%&\'\*\+\/=\?\^_`{}\|~0-9A-Za-z]+)*(?#
		End of dot-atom)(?:@(?#Start of domain)[-0-9A-Za-z]+(?:\.[-0-9A-Za-z]+)*(?#End of domain))?';

Posted: Sat Dec 09, 2006 4:21 pm
by Mightywayne
Wow, err... thank you... for so much help! :P I was at work today and couldn't get to reply as fast as I'd have wanted to.

Thanks a lot, both of you, I'll take both views into consideration. :mrgreen: