 |
Account Login
|
 |
|
Latest Articles
|
|
|
IRC Channel
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
12-30-2007, 10:32 PM
|
#1 (permalink)
|
|
The Frequenter
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
|
Checking valid Email Addresses using RegExp (and?)
Hey guys,
For my CMS, I am using the Revised RegEx function from Matt83. Thanks a bunch Matt! Love the work, also thanks to Salathe for the creds and Adam for the sharp eye noticing the {3,3} - {3}. Notice that I am -NOT- a RegEx specialist. To be honest, I suck at it.
Since it's for my CMS, it's gotta be pretty fool-fail proof. I am going to link it to a dns record database using the functions supplied by PHP itself. (defined in the installation to use it. IF it takes too long, you can't use it)
Now the hard part. The RegEx. I want to use it everywhere, so it has to be 100% (or at least top notch) perfect.
Currently I use this RegEx
PHP Code:
preg_match('/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/', $string)
Next to that, I am, ofcourse, going to split it with explode() on the @ and then check the subdomain. (example;
info@markernst.com » markernst.com)
Do you guys think this is pretty safe?
__________________
"Life is a bitch, take that bitch on a ride"
|
|
|
|
12-30-2007, 11:18 PM
|
#2 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
To start us off, you probably want {2,6} at the end because of the .org.uk and .museum extensions. It seems to function pretty well for me, though.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
12-31-2007, 12:22 AM
|
#3 (permalink)
|
|
The Frequenter
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
|
Out of interest, why would you need such a stringent e-mail address check? Assuming that you want it to be a correct e-mail address so that you can e-mail your users, it might be worth implementing an e-mail confirmation system where you e-mail your new registrations and they then click the link to confirm their e-mail. This would catch the people who just enter junk but regex valid email addresses (ie, bill@microsoft.com) when registering.
Unfortunately, a problem I ran across recently was users using sites like MintEmail - Disposable/Temporary Email Address (temporary 4hour throwaway e-mail addresses) when registering - short of banning all these domains I have yet to find a solution to this.
Alan |
|
|
|
|
12-31-2007, 03:00 AM
|
#4 (permalink)
|
|
The Frequenter
Join Date: Dec 2007
Location: In my basement
Posts: 386
Thanks: 47
|
Why go so far to check to make sure the e-mail is correct?
There is only so far you can go until it is just a bother to users.
I suggest reading some articles people have made on image protection, you would find them interesting, and valid to this subject.
If you want to be a wise ass, check to make sure the domain they are registering is actually a domain. This can go farther than regex.
|
|
|
|
|
12-31-2007, 10:06 AM
|
#5 (permalink)
|
|
The Frequenter
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
|
The main reason for ensuring a correct / working e-mail address is for marketing. A valid e-mail address is like gold nowadays whether you plan on selling the addresses, sending out adverts in your usual newsletter or just as a future resource.
One effective way of acheiving this and one I plan on using more in the future is to scrap login names completely and have users login using their e-mail address / password. If you want to take this one further, you can send a randomly generated password to the e-mail account on registration rather than let the user choose their own. This way your mailing list is going to be about as accurate as it can be.
But... as usual - those lovely users of ours have solved this problem already: :)
Bugmenot.com - login with these free web passwords to bypass compulsory registration
Alan |
|
|
|
|
01-01-2008, 01:22 AM
|
#6 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Quote:
Originally Posted by Alan @ CIT
|
That was on Digg's front-page the other day, wasn't it? As part of a bigger article. I remember! I don't mind signing up too much so as long as it's actually worth it. Making me sign up for some trivial and pathetic reason just doesn't cut it with me, and I am often very cautious as to giving them my e-mail address.
Talking of which though, concerning the code, I only check for the basic email structure. I'm not so particular as to craft an extensive regex string because at the end of the day, it could still be a false email address. There is a function called checkdnsrr but I remember having some problems with that. You'll really need to check both MX and A records, as relying on the MX record being present is not a good idea, I found. For whatever reason, I am not sure on the specifics.
The best way is to really enforce users to activate their account. That way at least the email address has to be a valid email address. Whether that's a spam address (such as the notorious mail.ru spam), is immaterial because that's the responsibility for another part of the system, though predominantly that responsibility lies at the fingers of the users and the administrators.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
01-01-2008, 05:31 PM
|
#7 (permalink)
|
|
The Frequenter
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
|
Long one, so here we go.
Quote:
Originally Posted by Alan @ CIT
Out of interest, why would you need such a stringent e-mail address check? Assuming that you want it to be a correct e-mail address so that you can e-mail your users, it might be worth implementing an e-mail confirmation system where you e-mail your new registrations and they then click the link to confirm their e-mail. This would catch the people who just enter junk but regex valid email addresses (ie, bill@microsoft.com) when registering.
Unfortunately, a problem I ran across recently was users using sites like MintEmail - Disposable/Temporary Email Address (temporary 4hour throwaway e-mail addresses) when registering - short of banning all these domains I have yet to find a solution to this.
Alan |
I've indeed heard of it. Honestly, I couldn't care less if the program was used. My site / CMS and others will be used to gain more free roam over the personal page. Thus confirming your account with an activation key. Second, if programs like MintEmail are used, I can also filter those out.
People who use my CMS want HONEST customers/people. If you don't like it, don't register.
Quote:
Originally Posted by Wildhoney
To start us off, you probably want {2,6} at the end because of the .org.uk and .museum extensions. It seems to function pretty well for me, though.
|
Thanks, I ran across it a few days ago and I've already implemented it.
Quote:
Originally Posted by Aaron
Why go so far to check to make sure the e-mail is correct?
There is only so far you can go until it is just a bother to users.
I suggest reading some articles people have made on image protection, you would find them interesting, and valid to this subject.
If you want to be a wise ass, check to make sure the domain they are registering is actually a domain. This can go farther than regex.
|
Because I need to send activation keys? Else there is NO point in registering. Image protection has already been implemented. I am a wiseass. I am using the checkdnsrr function on a A and MX basis. For the administrator, this might slow the CMS, so he can either choose to use it uppon installation, or not. It can also be turned on/off in the admin as well.
Quote:
Originally Posted by TlcAndres
Here I've compiled a list of the most popular dispoable emails it's already in an array for easy use...it'll be easy enough to check the email's domain against the array.
PHP Code:
$bannedEmails = array(
'cosmorph.com',
'10minutemail.com',
'dodgeit.com',
'dontreg.com',
'e4ward.com',
'gishpuppy.com',
'haltospam.com',
'jetable.org',
'kasmail.com',
'mailexpire.com',
'maileater.com',
'mailinator.com',
'mailnull.com',
'mintemail.com',
'mintmail.com',
'mytrashmail.com',
'nobulk.com',
'nospamfor.us',
'pookmail.com',
'shortmail.net',
'sneakemail.com',
'spam.la',
'spambob.com',
'spambox.us',
'spamday.com',
'spamfree24.org',
'spamhole.com',
'spaml.com',
'spmagourmet.com',
'tempemail.net',
'tempinbox.com',
'temporaryinbox.com',
'willhackforfood.biz',
'willselfdestruct.com',
'wuzupmail.net',
'6url.com',
'greensloth.com',
'mailmoat.com',
'spammotel.com',
'emailias.com',
'zoemails.com',
'netmails.com',
'xents.com',
'mailshell.com',
'4warding.com',
'walala.org',
'ipoo.org',
'2prong.com',
'spamex.com',
'bugmenot.com',
'despam.it',
'wh4f.org',
'emailwarden.com',
'blockfilter.com',
'yopmail.com',
'litepost.us',
'pourri.fr',
'disposeaMail.com',
'slaskpost.de',
'sofort-mail.de',
'mailexpire.com',
'spamfree24.org',
'spamfree24.eu',
'spamfree24.net',
'spamfree24.info',
'spamfree24.de',
'disposable-email.com',
'footard.com',
'theanonymousemail.com',
'oneoffemail.com',
'notyetemail.com',
);
|
Pretty solid! Thanks for the advise.
Quote:
Originally Posted by Alan @ CIT
The main reason for ensuring a correct / working e-mail address is for marketing. A valid e-mail address is like gold nowadays whether you plan on selling the addresses, sending out adverts in your usual newsletter or just as a future resource.
One effective way of achieving this and one I plan on using more in the future is to scrap login names completely and have users login using their e-mail address / password. If you want to take this one further, you can send a randomly generated password to the e-mail account on registration rather than let the user choose their own. This way your mailing list is going to be about as accurate as it can be.
But... as usual - those lovely users of ours have solved this problem already: :)
Bugmenot.com - login with these free web passwords to bypass compulsory registration
Alan |
On the first paragraph, Alan knows EXACTLY what I am talking about. The second paragraph goes on about using an email address as a login feature. I like it, but it's not solid as well. More safe, yes, but it directly displays the email address to the system and can be used for any number of hacks.
BugMeNot.com is a fair site, for sure. I've heard about it but never tended to use it. It's English and most Dutchmen are really against registering on foreign sites. I on the other hand, am not.
Quote:
Originally Posted by Wildhoney
That was on Digg's front-page the other day, wasn't it? As part of a bigger article. I remember! I don't mind signing up too much so as long as it's actually worth it. Making me sign up for some trivial and pathetic reason just doesn't cut it with me, and I am often very cautious as to giving them my e-mail address.
Talking of which though, concerning the code, I only check for the basic email structure. I'm not so particular as to craft an extensive regex string because at the end of the day, it could still be a false email address. There is a function called checkdnsrr but I remember having some problems with that. You'll really need to check both MX and A records, as relying on the MX record being present is not a good idea, I found. For whatever reason, I am not sure on the specifics.
The best way is to really enforce users to activate their account. That way at least the email address has to be a valid email address. Whether that's a spam address (such as the notorious mail.ru spam), is immaterial because that's the responsibility for another part of the system, though predominantly that responsibility lies at the fingers of the users and the administrators.
|
Actication and the checkdnsrr has been implemented. Once again thanks for the advice Adam.
Mark
__________________
"Life is a bitch, take that bitch on a ride"
|
|
|
|
|
The Following User Says Thank You to ReSpawN For This Useful Post:
|
|
|
12-31-2007, 03:35 PM
|
#8 (permalink)
|
|
The Addict
Join Date: Nov 2007
Posts: 264
Thanks: 2
|
Here I've compiled a list of the most popular dispoable emails it's already in an array for easy use...it'll be easy enough to check the email's domain against the array.
PHP Code:
$bannedEmails = array(
'cosmorph.com',
'10minutemail.com',
'dodgeit.com',
'dontreg.com',
'e4ward.com',
'gishpuppy.com',
'haltospam.com',
'jetable.org',
'kasmail.com',
'mailexpire.com',
'maileater.com',
'mailinator.com',
'mailnull.com',
'mintemail.com',
'mintmail.com',
'mytrashmail.com',
'nobulk.com',
'nospamfor.us',
'pookmail.com',
'shortmail.net',
'sneakemail.com',
'spam.la',
'spambob.com',
'spambox.us',
'spamday.com',
'spamfree24.org',
'spamhole.com',
'spaml.com',
'spmagourmet.com',
'tempemail.net',
'tempinbox.com',
'temporaryinbox.com',
'willhackforfood.biz',
'willselfdestruct.com',
'wuzupmail.net',
'6url.com',
'greensloth.com',
'mailmoat.com',
'spammotel.com',
'emailias.com',
'zoemails.com',
'netmails.com',
'xents.com',
'mailshell.com',
'4warding.com',
'walala.org',
'ipoo.org',
'2prong.com',
'spamex.com',
'bugmenot.com',
'despam.it',
'wh4f.org',
'emailwarden.com',
'blockfilter.com',
'yopmail.com',
'litepost.us',
'pourri.fr',
'disposeaMail.com',
'slaskpost.de',
'sofort-mail.de',
'mailexpire.com',
'spamfree24.org',
'spamfree24.eu',
'spamfree24.net',
'spamfree24.info',
'spamfree24.de',
'disposable-email.com',
'footard.com',
'theanonymousemail.com',
'oneoffemail.com',
'notyetemail.com',
);
|
|
|
|
|
12-31-2007, 03:50 PM
|
#9 (permalink)
|
|
The Frequenter
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
|
Thanks for that Andres, I'll be making use of your list in future :)
Alan.
|
|
|
|
|
01-01-2008, 05:35 PM
|
#10 (permalink)
|
|
The Addict
Join Date: Nov 2007
Posts: 264
Thanks: 2
|
On a note so relevant note..
I'm personally annoyed by BugMeNot and am writing a function to scan for my site on bugmenot and take the users their and ban them.
|
|
|
|
|
01-01-2008, 05:44 PM
|
#11 (permalink)
|
|
The Frequenter
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
|
When you finish up that one, post it! 
__________________
"Life is a bitch, take that bitch on a ride"
|
|
|
|
|
01-01-2008, 09:53 PM
|
#12 (permalink)
|
|
The Addict
Join Date: Nov 2007
Posts: 264
Thanks: 2
|
PHP Code:
function getCURL($address)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $address);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
function strip_data($data)
{
$srcArr = array('$\<(.*?)>$','$\<\\/(.*?)>$','/(Username)/ ');
$repArr = array('','','');
return preg_replace($srcArr,$repArr,$data);
}
function scanBug($address)
{
$data = getCURL('www.bugmenot.com/view/' . $address);
if(!empty($data))
{
$regex = '/\<th>Username <\\/th><td>(.*?)<\\/td>/';
if(preg_match_all($regex,$data,$matches))
{
$matches = array_map('strip_data',$matches);
return $matches[1];
}
else
{
return false;
}
}
else
{
return false;
}
}
That should work nicely for retrieving the bugmenot.com username and passwords. you can decide what to do with the data from there.
Notes
-Bugmenot.com generates different pages for yeah.com - Only the best links ... and foo.com
-I haven't actually tested the getCURL function because I don't have the extension installed, I was using file_get_contents from a test file.
-it returns an array containing all the usernames
Last edited by TlcAndres : 01-02-2008 at 04:17 AM.
|
|
|
|
|
01-02-2008, 12:06 AM
|
#13 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
I've had a stab at it as well. Call it the official TalkPHP Bug Me Not Killer! With added cyanide  !
php Code:
<?php class TalkPHP_BugMeNotKiller { private $m_szAddress; private $m_aUsernames; private $m_aPasswords; public function __construct($szAddress) { $this-> m_aUsernames = array(); $this-> m_aPasswords = array(); $this-> m_szAddress = sprintf('http://www.bugmenot.com/view/%s', $szAddress); } public function execute () { $pCurl = curl_init ($this-> m_szAddress); curl_setopt ($pCurl, CURLOPT_FOLLOWLOCATION, true); curl_setopt ($pCurl, CURLOPT_RETURNTRANSFER, true); curl_setopt ($pCurl, CURLOPT_USERAGENT, 'TalkPHP.com BugMeNot Killer'); $aData = curl_exec ($pCurl); preg_match_all('~<tr><th>.+?\s?</th><td>(?P<username>.+?)</td></tr>\n\s*<tr><th>.+?\s?</th><td>(?P<password>.+?)</td></tr>~im', $aData, $aMatches); foreach($aMatches[ 'username'] as $szUsername) { $this-> m_aUsernames[] = $szUsername; } foreach($aMatches[ 'password'] as $szPassword) { $this-> m_aPasswords[] = $szPassword; } return $this; } public function hasAccounts () { if(empty($this-> m_aUsernames)) { return false; } return true; } public function getUsernames () { return $this-> m_aUsernames; } public function getPasswords () { return $this-> m_aPasswords; } } $pBug = new TalkPHP_BugMeNotKiller ('sitepoint.com'); $pBug-> execute(); if($pBug-> hasAccounts()) { echo 'Usernames: ' . implode(', ', $pBug-> getUsernames()); echo '<br />'; echo 'Passwords: ' . implode(', ', $pBug-> getPasswords()); }?>
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Join the friendly bunch on IRC...
