TalkPHP - Checking valid Email Addresses using RegExp (and?)

TalkPHP (http://www.talkphp.com/forums.php)

- Advanced PHP Programming (http://www.talkphp.com/advanced-php-programming/)

- - Checking valid Email Addresses using RegExp (and?) (http://www.talkphp.com/advanced-php-programming/1824-checking-valid-email-addresses-using-regexp.html)

Checking valid Email Addresses using RegExp (and?)

Hey guys,

For my CMS, I am using the Revised RegEx function from Matt83. Thanks a bunch Matt! Love the work, also thanks to Salathe for the creds and Adam for the sharp eye noticing the {3,3} - {3}. Notice that I am -NOT- a RegEx specialist. To be honest, I suck at it.

Since it's for my CMS, it's gotta be pretty fool-fail proof. I am going to link it to a dns record database using the functions supplied by PHP itself. (defined in the installation to use it. IF it takes too long, you can't use it)

Now the hard part. The RegEx. I want to use it everywhere, so it has to be 100% (or at least top notch) perfect.

Currently I use this RegEx

PHP Code:


		
			
preg_match('/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/', $string)

Next to that, I am, ofcourse, going to split it with explode() on the @ and then check the subdomain. (example;
info@markernst.com » markernst.com)

Do you guys think this is pretty safe?

To start us off, you probably want {2,6} at the end because of the .org.uk and .museum extensions. It seems to function pretty well for me, though.

Out of interest, why would you need such a stringent e-mail address check? Assuming that you want it to be a correct e-mail address so that you can e-mail your users, it might be worth implementing an e-mail confirmation system where you e-mail your new registrations and they then click the link to confirm their e-mail. This would catch the people who just enter junk but regex valid email addresses (ie, bill@microsoft.com) when registering.

Unfortunately, a problem I ran across recently was users using sites like MintEmail - Disposable/Temporary Email Address (temporary 4hour throwaway e-mail addresses) when registering - short of banning all these domains I have yet to find a solution to this.

Alan

Why go so far to check to make sure the e-mail is correct?

There is only so far you can go until it is just a bother to users.

I suggest reading some articles people have made on image protection, you would find them interesting, and valid to this subject.

If you want to be a wise ass, check to make sure the domain they are registering is actually a domain. This can go farther than regex.

The main reason for ensuring a correct / working e-mail address is for marketing. A valid e-mail address is like gold nowadays whether you plan on selling the addresses, sending out adverts in your usual newsletter or just as a future resource.

One effective way of acheiving this and one I plan on using more in the future is to scrap login names completely and have users login using their e-mail address / password. If you want to take this one further, you can send a randomly generated password to the e-mail account on registration rather than let the user choose their own. This way your mailing list is going to be about as accurate as it can be.

But... as usual - those lovely users of ours have solved this problem already: :)

Bugmenot.com - login with these free web passwords to bypass compulsory registration

Alan

Here I've compiled a list of the most popular dispoable emails it's already in an array for easy use...it'll be easy enough to check the email's domain against the array.

PHP Code:


		
			
$bannedEmails = array(

                    'cosmorph.com',

                    '10minutemail.com',

                    'dodgeit.com',

                    'dontreg.com',

                    'e4ward.com',

                    'gishpuppy.com',

                    'haltospam.com',

                    'jetable.org',

                    'kasmail.com',

                    'mailexpire.com',

                    'maileater.com',

                    'mailinator.com',

                    'mailnull.com',

                    'mintemail.com',

                    'mintmail.com',

                    'mytrashmail.com',

                    'nobulk.com',

                    'nospamfor.us',

                    'pookmail.com',

                    'shortmail.net',

                    'sneakemail.com',

                    'spam.la',

                    'spambob.com',

                    'spambox.us',

                    'spamday.com',

                    'spamfree24.org',

                    'spamhole.com',

                    'spaml.com',

                    'spmagourmet.com',

                    'tempemail.net',

                    'tempinbox.com',

                    'temporaryinbox.com',

                    'willhackforfood.biz',

                    'willselfdestruct.com',

                    'wuzupmail.net',

                    '6url.com',

                    'greensloth.com',

                    'mailmoat.com',

                    'spammotel.com',

                    'emailias.com',

                    'zoemails.com',

                    'netmails.com',

                    'xents.com',

                    'mailshell.com',

                    '4warding.com',

                    'walala.org',

                    'ipoo.org',

                    '2prong.com',

                    'spamex.com',

                    'bugmenot.com',

                    'despam.it',

                    'wh4f.org',

                    'emailwarden.com',

                    'blockfilter.com',

                    'yopmail.com',

                    'litepost.us',

                    'pourri.fr',

                    'disposeaMail.com',

                    'slaskpost.de',

                    'sofort-mail.de',

                    'mailexpire.com',

                    'spamfree24.org',

                    'spamfree24.eu',

                    'spamfree24.net',

                    'spamfree24.info',

                    'spamfree24.de',

                    'disposable-email.com',

                    'footard.com',

                    'theanonymousemail.com',

                    'oneoffemail.com',

                    'notyetemail.com',

                );

Thanks for that Andres, I'll be making use of your list in future :)

Alan.

Quote:

Originally Posted by Alan @ CIT (Post 7362)

Bugmenot.com - login with these free web passwords to bypass compulsory registration

That was on Digg's front-page the other day, wasn't it? As part of a bigger article. I remember! I don't mind signing up too much so as long as it's actually worth it. Making me sign up for some trivial and pathetic reason just doesn't cut it with me, and I am often very cautious as to giving them my e-mail address.

Talking of which though, concerning the code, I only check for the basic email structure. I'm not so particular as to craft an extensive regex string because at the end of the day, it could still be a false email address. There is a function called checkdnsrr but I remember having some problems with that. You'll really need to check both MX and A records, as relying on the MX record being present is not a good idea, I found. For whatever reason, I am not sure on the specifics.

The best way is to really enforce users to activate their account. That way at least the email address has to be a valid email address. Whether that's a spam address (such as the notorious mail.ru spam), is immaterial because that's the responsibility for another part of the system, though predominantly that responsibility lies at the fingers of the users and the administrators.

Long one, so here we go.

Quote:

Originally Posted by Alan @ CIT (Post 7349)

I've indeed heard of it. Honestly, I couldn't care less if the program was used. My site / CMS and others will be used to gain more free roam over the personal page. Thus confirming your account with an activation key. Second, if programs like MintEmail are used, I can also filter those out.

People who use my CMS want HONEST customers/people. If you don't like it, don't register.

Quote:

Originally Posted by Wildhoney (Post 7348)

To start us off, you probably want {2,6} at the end because of the .org.uk and .museum extensions. It seems to function pretty well for me, though.

Thanks, I ran across it a few days ago and I've already implemented it.

Quote:

Originally Posted by Aaron (Post 7353)

Why go so far to check to make sure the e-mail is correct?
There is only so far you can go until it is just a bother to users.
I suggest reading some articles people have made on image protection, you would find them interesting, and valid to this subject.
If you want to be a wise ass, check to make sure the domain they are registering is actually a domain. This can go farther than regex.

Because I need to send activation keys? Else there is NO point in registering. Image protection has already been implemented. I am a wiseass. I am using the checkdnsrr function on a A and MX basis. For the administrator, this might slow the CMS, so he can either choose to use it uppon installation, or not. It can also be turned on/off in the admin as well.

Quote:

Originally Posted by TlcAndres (Post 7366)

Here I've compiled a list of the most popular dispoable emails it's already in an array for easy use...it'll be easy enough to check the email's domain against the array.

PHP Code:


		
			
$bannedEmails = array(
                    'cosmorph.com',
                    '10minutemail.com',
                    'dodgeit.com',
                    'dontreg.com',
                    'e4ward.com',
                    'gishpuppy.com',
                    'haltospam.com',
                    'jetable.org',
                    'kasmail.com',
                    'mailexpire.com',
                    'maileater.com',
                    'mailinator.com',
                    'mailnull.com',
                    'mintemail.com',
                    'mintmail.com',
                    'mytrashmail.com',
                    'nobulk.com',
                    'nospamfor.us',
                    'pookmail.com',
                    'shortmail.net',
                    'sneakemail.com',
                    'spam.la',
                    'spambob.com',
                    'spambox.us',
                    'spamday.com',
                    'spamfree24.org',
                    'spamhole.com',
                    'spaml.com',
                    'spmagourmet.com',
                    'tempemail.net',
                    'tempinbox.com',
                    'temporaryinbox.com',
                    'willhackforfood.biz',
                    'willselfdestruct.com',
                    'wuzupmail.net',
                    '6url.com',
                    'greensloth.com',
                    'mailmoat.com',
                    'spammotel.com',
                    'emailias.com',
                    'zoemails.com',
                    'netmails.com',
                    'xents.com',
                    'mailshell.com',
                    '4warding.com',
                    'walala.org',
                    'ipoo.org',
                    '2prong.com',
                    'spamex.com',
                    'bugmenot.com',
                    'despam.it',
                    'wh4f.org',
                    'emailwarden.com',
                    'blockfilter.com',
                    'yopmail.com',
                    'litepost.us',
                    'pourri.fr',
                    'disposeaMail.com',
                    'slaskpost.de',
                    'sofort-mail.de',
                    'mailexpire.com',
                    'spamfree24.org',
                    'spamfree24.eu',
                    'spamfree24.net',
                    'spamfree24.info',
                    'spamfree24.de',
                    'disposable-email.com',
                    'footard.com',
                    'theanonymousemail.com',
                    'oneoffemail.com',
                    'notyetemail.com',
                );

Pretty solid! Thanks for the advise.

Quote:

Originally Posted by Alan @ CIT (Post 7362)

The main reason for ensuring a correct / working e-mail address is for marketing. A valid e-mail address is like gold nowadays whether you plan on selling the addresses, sending out adverts in your usual newsletter or just as a future resource.

One effective way of achieving this and one I plan on using more in the future is to scrap login names completely and have users login using their e-mail address / password. If you want to take this one further, you can send a randomly generated password to the e-mail account on registration rather than let the user choose their own. This way your mailing list is going to be about as accurate as it can be.

But... as usual - those lovely users of ours have solved this problem already: :)

Bugmenot.com - login with these free web passwords to bypass compulsory registration

Alan

On the first paragraph, Alan knows EXACTLY what I am talking about. The second paragraph goes on about using an email address as a login feature. I like it, but it's not solid as well. More safe, yes, but it directly displays the email address to the system and can be used for any number of hacks.

BugMeNot.com is a fair site, for sure. I've heard about it but never tended to use it. It's English and most Dutchmen are really against registering on foreign sites. I on the other hand, am not.

Quote:

Originally Posted by Wildhoney (Post 7413)

Actication and the checkdnsrr has been implemented. Once again thanks for the advice Adam.

Mark

On a note so relevant note..

I'm personally annoyed by BugMeNot and am writing a function to scan for my site on bugmenot and take the users their and ban them.

When you finish up that one, post it! :-D

PHP Code:


		
			

function getCURL($address)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $address);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $output = curl_exec($ch);
    curl_close($ch);
    return $output;
}

function strip_data($data)
{
    $srcArr = array('$\<(.*?)>$','$\<\\/(.*?)>$','/(Username)/ ');
    $repArr = array('','','');
    return preg_replace($srcArr,$repArr,$data);
}    

function scanBug($address)
{
    $data = getCURL('www.bugmenot.com/view/' . $address);
    if(!empty($data))
    {
        $regex = '/\<th>Username <\\/th><td>(.*?)<\\/td>/';
        if(preg_match_all($regex,$data,$matches))
        {
            $matches = array_map('strip_data',$matches);
            return $matches[1];
        }
        else
        {
            return false;
        }
    }
    else
    {
        return false;
    }
}

That should work nicely for retrieving the bugmenot.com username and passwords. you can decide what to do with the data from there.

Notes
-Bugmenot.com generates different pages for yeah.com - Only the best links ... and foo.com
-I haven't actually tested the getCURL function because I don't have the extension installed, I was using file_get_contents from a test file.
-it returns an array containing all the usernames

I've had a stab at it as well. Call it the official TalkPHP Bug Me Not Killer! With added cyanide :-) !

php Code:

<?php

    class TalkPHP_BugMeNotKiller
    {
        private $m_szAddress;
        
        private $m_aUsernames;
        private $m_aPasswords;
        
        public function __construct($szAddress)
        {
            $this->m_aUsernames = array();
            $this->m_aPasswords = array();
            
            $this->m_szAddress = sprintf('http://www.bugmenot.com/view/%s', $szAddress);
        }
        
        public function execute()
        {
            $pCurl = curl_init($this->m_szAddress);
            
            curl_setopt($pCurl, CURLOPT_FOLLOWLOCATION, true);
            curl_setopt($pCurl, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($pCurl, CURLOPT_USERAGENT, 'TalkPHP.com BugMeNot Killer');
            
            $aData = curl_exec($pCurl);
            
            preg_match_all('~<tr><th>.+?\s?</th><td>(?P<username>.+?)</td></tr>\n\s*<tr><th>.+?\s?</th><td>(?P<password>.+?)</td></tr>~im', $aData, $aMatches);
            
            foreach($aMatches['username'] as $szUsername)
            {
                $this->m_aUsernames[] = $szUsername;
            }
                
            foreach($aMatches['password'] as $szPassword)
            {
                $this->m_aPasswords[] = $szPassword;
            }
            
            return $this;
        }
        
        public function hasAccounts()
        {
            if(empty($this->m_aUsernames))
            {
                return false;
            }
            
            return true;
        }
        
        public function getUsernames()
        {
            return $this->m_aUsernames;
        }
        
        public function getPasswords()
        {
            return $this->m_aPasswords;
        }
    }
    
    $pBug = new TalkPHP_BugMeNotKiller('sitepoint.com');
    $pBug->execute();
    
    if($pBug->hasAccounts())
    {
        echo 'Usernames: ' . implode(', ', $pBug->getUsernames());
        echo '<br />';
        echo 'Passwords: ' . implode(', ', $pBug->getPasswords());
    }

?>