E mail address input with validation?

Tim Dobson · 02-17-2010, 10:42 AM

Hi guys! im new to php and only ever successfully made 1 php page. Thats because iv only ever done 1 lol. Anyway... i recently found a upload script in php that works perfect... specific files can be uploaded to the site no problem. I have 2 pages that control this bit of work, Upload.shtml... this contains the find file on systemp button and the form and i have upload.php whch contains the actual script for uploading the file. Anyway what i need help with is this... i want to add on upload.shtml a new form where users have to input their e mail address, ok so i know how to add this but now i want it so they can only press the upload button if they have a valid e mail... has anyone got a tidy working e mail validation script? can you give me a guide on how to put this together? and tell me what goes where? thanks in advance.

Village Idiot · 02-17-2010, 04:57 PM

Theres no simple way to do this, if you've only ever done one PHP script it is beyond you. There is weak email validation (that checks if the email is valid, but doesn't confirm it exists oasreon@ai0a0eg.net would work even though it does not exist). This requires regular expressions. The other option would be to actually send an email to them to validate. This requires a database to work.

delayedinsanity · 02-17-2010, 10:08 PM

You don't necessarily need to send them an email, though that would be the 110% guarantee test - a lot of sites have incorporated this method in favor of doing nearly any validation of their own. The process is simple; when a user signs up, an email is sent to the address they entered. If the validation code within is received and given back to a verification page on the site, the account is activated. Otherwise that's as far as you ever get.

If your process is too 'simple' to require a complete authentication process of every user, then you would want to look into regular expressions as Village mentioned to attempt validation of the address - one of the best was started by Dave of ilovejackdaniels.com fame (now addedbytes.com thanks to some idiots working in the JD trademark department). The code is now a google project and can be found here: http://code.google.com/p/php-email-address-validation/ (note you will need svn to check this out, as there are no downloadable packages).

After basic validation you can step up the heat a little and start checking DNS records. You'll find PHP has two built in functions for this, checkdnsrr() and/or getmxrr() ... in fact, google is your friend, like you'll see in Village's sig, and I turned up a tutorial that covers all of these aspects quite well: http://www.linuxjournal.com/article/9585

Enjoy!

adamdecaf · 02-18-2010, 02:50 AM

The easiest way will be to check that the email is not blank, (if ($email == '')) [Use two equals to allow php to trap a lot of exceptions since you're still new.], and then to send an email with a validation link (feel free to ask about it) in it.

delayedinsanity · 02-18-2010, 02:55 AM

What? Now we're not accepting invisible email addresses?

I see nowhere in RFC 5322 that says email addresses can't be invisible. Geez Adam.

adamdecaf · 02-18-2010, 03:05 AM

So long as you submit the form via the "brew" method, it should work fine. Otherwise the message is improperly dissolved.

Tim Dobson · 02-18-2010, 12:00 PM

I think im probably going a bit to far with the E mail validation. This is no kind of registration to the site it is just basicaly so i know who uploaded the file. I think from what i have read the best way is to skip the validation? there is no need to send them an e mail for them to confirm anything to be honest. So now how would i get the email they put in the form to be contained in the e mail that is sent to me? obviously this would be in the e mail script.

On upload.shtml i have the following.

PHP Code:


			
<form action="Scripts/upload.php" method="post" enctype="multipart/form-data">
   <p>
      <label for="file">Select a file:</label> <input type="file" name="userfile" id="file"> <br />
      <button>Upload File</button>
   <p>
</form>

so now i have added a new form under the location one.

PHP Code:


			
         <label for="addemail">enter E-mail:</label><input type="text" name="email" id="addemail" /><BR />

and in upload php the e mail script is

PHP Code:


			
$to = "e mail@hotmail.com";
$subject = "New template!";
$filename = str_replace(" ", "%20", $filename);
$body = 'New template has been uploaded! ' . $urlloc . $filename . '';
$headers = "From: email.com\r\n" .
    "X-Mailer: php";
if (mail($to, $subject, $body, $headers)) {
  echo("<p>A notification has been sent to the site and your template will be added ASAP!</p>");
 } else {
  echo("<p>Message delivery failed...</p>");
 }

What do i need to put in here? and do i need anything else in upload.shtml? Thanks for the help most appriciated

adamdecaf · 02-18-2010, 10:06 PM

Your upload.php should look something like this.

php Code:

$to = "e [email]mail@hotmail.com[/email]";
$subject = "New template!";
$filename = str_replace(" ", "%20", $filename);
$email = $_POST['email'];

// Run a simple check on the email.
if ($email == '') {
   // Throw some sort of error, either a die() or don't upload the file.
}

// Just do simple check for one "@" sign.
if (!preg_match("/[@]{1}/", $email)) {
   // It's debatable if you should throw a visible error here.
   // Validating emails with a regex is very difficult, and you/we/whoever
   // might miss something that would throw out perfectly good emails.
}

$body = 'New template has been uploaded! ' . $urlloc . $filename . "\n";
$body .= 'The file was uploaded by: ' . $email;

$headers = "From: email.com\r\nX-Mailer: php";

// This is just my preference here, I like to have the main() call
// on its own line.
$sent_mail = mail($to, $subject, $body, $headers);

if ($sent_mail) {

  echo("<p>A notification has been sent to the site and your template will be added ASAP!</p>");

 } else {

  echo("<p>Message delivery failed...</p>");

 }

If you do decide to throw visible errors then make sure to encapsulate the mail() in an if statement which would stop it from sending the message (and possibly the file upload, depending on how you set it all up).