Posted By

mladoux on 09/21/10


Tagged

email php validation security


Versions (?)

Email validation (IPv4 Version)


 / Published in: PHP
 

URL: http://mark.haktstudios.com/

Quick & dirty email address validation function… enjoy. It’s actually a modification of Douglas Lovell’s ( link at bottom of post ) email validation script, except, unlike his, this one actually passes the compliance test that he wrote for it. I essentially just reformatted it to fit my style, moved a couple things around, and fixed an error by adding an additional test that he forgot. This version is safe for PHP4 or higher, and works on servers that do not yet support IPv6

  1. /******************************************************************************
  2. Is email valid??
  3.  
  4. This function verifies that the email address complies with the following
  5. standards:
  6.  
  7. RFC 822
  8. RFC 1035
  9. RFC 2821
  10. RFC 2822
  11.  
  12. It also ensures that the domain actually resolves.
  13. /******************************************************************************/
  14.  
  15. function e_valid($email)
  16. {
  17. // get position of the final @ symbol
  18. $index = strrpos($email, "@");
  19. if (is_bool($index) && !$index) return false;
  20.  
  21. // split up the email address into domain and local parts
  22. $domain = substr($email, $index+1);
  23. $local = substr($email, 0, $index);
  24.  
  25. // determine string length
  26. $l_len = strlen($local);
  27. $d_len = strlen($domain);
  28.  
  29. // verify strings aren't too short or too long
  30. if ($l_len < 1 || $l_len > 64) return false;
  31. if ($d_len < 1 || $d_len > 255) return false;
  32.  
  33. // verify that we don't start or end with a .
  34. if ($local[0] == '.' || $local[$l_len-1] == '.') return false;
  35. if ($domain[0] == '.' || $domain[$d_len-1] == '.') return false;
  36.  
  37. // verify we don't have two .'s in succession
  38. if (preg_match('/\\.\\./', $local)) return false;
  39. if (preg_match('/\\.\\./', $domain)) return false;
  40.  
  41. // check for disallowed characters
  42. if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) return false;
  43. if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
  44. str_replace("\\\\","",$local)))
  45. {
  46. // check for invalid escape sequences
  47. if ( ! preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local)))
  48. return false;
  49. // check for valid DNS entries
  50. if ( ! (checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
  51. return false;
  52. }
  53.  
  54. // return true, the email is valid.
  55. return true;
  56. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: AskoJr on October 7, 2010

But what if a user has an email like [email protected]? I'm not a pro, but i think you count dots as invalid characters there?!?

Posted By: mladoux on February 8, 2011

no I don't, dots are evaluated. Anyway, this snippet is obsolete as of PHP 5.2.x.

filtervar($email, FILTERVALIDATE_EMAIL)

Posted By: mladoux on February 8, 2011

also, I'd like to note that my email address passes validation with this, and it has dots in the first part as well.

Posted By: mladoux on February 8, 2011

Oh, looked at what you might be looking at, it just ensures the email doesn't look like .[email protected] or name..[email protected] because those would be invalid. In other words, it only marks them invalid if they begin with, end with, or have two dots in succession of each other.

You need to login to post a comment.