Email check during registration

Development-related discussion, including bundled plugins
anthony
Bear Rating Trainee
Bear Rating Trainee
Posts: 12
Joined: 18 Mar 2013, 14:10
Location: Hosted tt-rss : yanobs.com/reader
Contact:

Email check during registration

Postby anthony » 20 Mar 2013, 16:05

Hi,
when someone registers in multiple users mode, no check is done on the email address, which leads to registrations with bogus addresses (@gmail;com for example). Could this be added to the code ?

Code: Select all

diff --git a/register.php b/register.php
index 12b1aa0..3c24ae2 100644
--- a/register.php
+++ b/register.php
@@ -254,6 +254,14 @@
                        return;
                }
 
+               if (!preg_match("/^[_a-zA-Z0-9-]+[_a-zA-Z0-9-+\.]*@[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$/i", $_REQUEST["email"])) {
+                       print_error(__("Please provide a valid email address."));
+                       print "<p><form method=\"GET\" action=\"index.php\">
+                               <input type=\"submit\" value=\"".sprintf(__("Return to %s"), TITLE)."\">
+                               </form>";
+                       return;
+               }
+
                if ($test == "four" || $test == "4") {
 
                        $result = db_query($link, "SELECT id FROM ttrss_users WHERE
@@ -365,7 +373,7 @@
 
                                        $rc = $mail->Send();
 
-                                       print_notice(__("Account created successfully."));
+                                       print_notice(__("Account created successfully. Please check your emails to get your password."));
 
                                        print "<p><form method=\"GET\" action=\"index.php\">
                                        <input type=\"submit\" value=\"".sprintf(__("Return to %s"), TITLE)."\">

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Email check during registration

Postby fox » 20 Mar 2013, 18:31

Pull request?

craywolf
Mr. Awesome
Posts: 97
Joined: 19 Mar 2013, 18:07

Re: Email check during registration

Postby craywolf » 20 Mar 2013, 18:34

Validating email addresses with regular expressions is complicated. For example, your regular expression won't match [email protected]. It also won't match john.o'[email protected], which is syntactically valid (though I'll admit it's unlikely).

In theory, this will match 99% of email addresses in use (taken from here):

Code: Select all

[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?


But it still doesn't guarantee the address will be valid, because it doesn't check that the TLD is valid. It will accept [email protected] and also [email protected]. Though it will work if you just want to stop at enforcing valid syntax.

Good luck.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Email check during registration

Postby fox » 20 Mar 2013, 18:39

I think it would be better to check for host validity or something, don't even bother checking anything to the left of @. No idea how to check for MX records in php, but eh.

Edit: it's not like it's needed anyway, person with an invalid email address won't receive the activation ticket and that would be it.

phz
Bear Rating Disaster
Bear Rating Disaster
Posts: 77
Joined: 18 Mar 2013, 18:32

Re: Email check during registration

Postby phz » 20 Mar 2013, 19:03

craywolf wrote:Validating email addresses with regular expressions is complicated. For example, your regular expression won't match [email protected]. It also won't match john.o'[email protected], which is syntactically valid (though I'll admit it's unlikely).

In theory, this will match 99% of email addresses in use (taken from here):

Code: Select all

[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?


But it still doesn't guarantee the address will be valid, because it doesn't check that the TLD is valid. It will accept [email protected] and also [email protected]. Though it will work if you just want to stop at enforcing valid syntax.

Good luck.

Using HTML5, the client side check for valid email syntax can be simplified to:

Code: Select all

<input type="email" required id="email">

Ah, the serenity :-) .

It is more or less impossible to go on a strong hunt after valid domains and servers and usernames, etc. That part more or less solves itself via emails bouncing if the service does not exist.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Email check during registration

Postby fox » 20 Mar 2013, 19:04

That. I like that.

punipuni
Bear Rating Trainee
Bear Rating Trainee
Posts: 1
Joined: 20 Mar 2013, 21:02

Re: Email check during registration

Postby punipuni » 20 Mar 2013, 21:03


User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Email check during registration

Postby fox » 20 Mar 2013, 21:06

This really is an overkill. Also, I don't think tt-rss will ever run on a browser not supporting the input type email.

anthony
Bear Rating Trainee
Bear Rating Trainee
Posts: 12
Joined: 18 Mar 2013, 14:10
Location: Hosted tt-rss : yanobs.com/reader
Contact:

Re: Email check during registration

Postby anthony » 21 Mar 2013, 13:55

Right, the email input is really better!

What about this small change? I think it makes it clearer what the user has to do to proceed.

Code: Select all

@@ -365,7 +373,7 @@
 
                                        $rc = $mail->Send();
 
-                                       print_notice(__("Account created successfully."));
+                                       print_notice(__("Account created successfully. Please check your emails to get your password."));
 
                                        print "<p><form method=\"GET\" action=\"index.php\">
                                        <input type=\"submit\" value=\"".sprintf(__("Return to %s"), TITLE)."\">

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Email check during registration

Postby fox » 21 Mar 2013, 14:06

Isn't that obvious? :evil:

shabble
Bear Rating Trainee
Bear Rating Trainee
Posts: 33
Joined: 18 Mar 2013, 23:40

Re: Email check during registration

Postby shabble » 21 Mar 2013, 18:11

fox wrote:No idea how to check for MX records in php, but eh.

Should you ever need it in future: http://php.net/manual/en/function.checkdnsrr.php

From the code on my site (don't bother with the URL in the comments - it doesn't appear to be live any more):

Code: Select all

class email_address_handler{
   function localhost(){
      if ($_SERVER['SERVER_ADDR'] == '127.0.0.1' and $_SERVER['REMOTE_ADDR'] == '127.0.0.1'){
         return true;
      }else{
         return false;
      }
   }
   function valid_host($email_address){
      if (!$this->localhost()){
         //http://www.sitepoint.com/article/users-email-address-php
         // take a given email address and split it into the  username and domain.
         list($userName, $mailDomain) = split("@", $email_address);
         if (!checkdnsrr($mailDomain, "MX")) {
         // this is an invalid email domain
            return false;
         }
      }
      return true;
   }
[rest is site specific functionality not relevant to this]
}

anthony
Bear Rating Trainee
Bear Rating Trainee
Posts: 12
Joined: 18 Mar 2013, 14:10
Location: Hosted tt-rss : yanobs.com/reader
Contact:

Re: Email check during registration

Postby anthony » 22 Mar 2013, 12:18

fox wrote:Isn't that obvious? :evil:


OK I'll add it on my side :)


Return to “Development”

Who is online

Users browsing this forum: No registered users and 3 guests