For those who develop modules and contact form, there is a need to verify the immisione an e-mail. Today more than ever, ready to run with demons SPAM everywhere, it is good to protect themselves from "crafty" ready to use HTML forms to send mail or perform illegal hacks to spam and so on.
The first protection may come from JavaScript, checking - for example - the email field of a form before proceeding with submission. Let us say right away that this is a mere pagliativo, with respect to systems of SPAM (or hackers) evolved. However, it is always best to insert some simple control - preliminary - at least to avoid distractions from the user - correct.
First, a simple advice: if you ask the name, as well as the mail, limit the length in characters and check that is not present inside the at sign (@). This is often used to send - even in the bcc - junk mail. A striking example is the use of the mail () function in PHP. The first parameter of this function is the address of the recipient, in the simple form:
1 |
or in expanded form
1 |
Some developers just use the long form, by entering the recipient's name and then asked for the form, getting a syntax like this:
1 |
Some wise guys then posting $ name in a string like this: ind1@dom1.com, ind2@dom2.com, ... This causes the mail () function is forced to send mail to all those addresses, causing many problems (see code on the server). Morality, the name should NOT be an e-mail!
Check the correctness instead of an email is pretty easy, at least at the syntactic level:
1 2 3 4 5 | /^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([az]{2,6}(?:\.[az]{2})?)$/i ; var r = / ^ ([\ w-]+(?: \. [\ w-]+)*)@((?:[ \ w-] + \.) * \ w [\ w-] {0 , 66}) \. ([az] {2.6} (?: \. [az] {2 })?)$/ i; r. test ( email ) ) if (r test (e)) "e-mail corretta!" ) ; alert ("e-mail correctly!"); else "e-mail NON corretta!" ) ; alert ("e-mail address is incorrect!"); |
You can then add a range of additional custom controls such as lists of exclusion or inclusion of domains, lists of exclusions username, etc. ...
A far more effective control, however, can be performed from PHP. In addition to performing a syntax check, always using regular expressions, you can use the function checkdnsrr () to perform a check on and verify DNS records, then, if the specified domain really exists!
This type of control - of course - does not provide a 100% certainty about the authenticity of the mail, but at least skims across a number of domains can not be used solely to clog up your - our - network!
In short, with control over a JavaScript PHP and a little 'attention, we can at least limit the damage of merry men who could code something else - a little bit more subtle and fun - instead of the usual SPAM (which now, frankly, are tired and are really obsolete).
[...] The post Validate email in Javascript and PHP, here is a nice JavaScript class able to verify and check e-mail [...]
[...] Run a series of checks on email and password fields (see also Validate email in Javascript and PHP) [...]