PHP DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


PHP Networking
Pages: 1, 2, 3

Verifying e-mail addresses

Although accumulating an e-mail-based newsletter subscriber base is a great way to keep in contact with your site community, it is also important to always keep in perspective one of the age-old adages of security: Never trust the user. This particularly applies to any situation in which you're forcing users to input e-mail addresses at some point within your web site. To illustrate, a common requirement for downloading software is the mandatory input of an e-mail address. Well, if you're anything like me, you probably enter something like "blah@blah.com." Of course, this is not my e-mail address, and it's likely that it's not even a valid one. While this is convenient for me since I typically don't want to be spammed by annoying organizations, it does not bode well for the organization that is storing thousands of potentially invalid e-mail addresses. Regardless of why you're storing e-mails, you may find it interesting to learn that PHP offers a rather trivial method for checking that e-mail addresses actually exist. Listing 1-2 illustrates just such a script.



Listing 1-2: Validating an e-mail's syntax and domain existence

<?

$email = "wjgilmore@hotmail.com";

function validate_email($email) {

// verify that $email meets requirements specified
// by regular expression. Store various parts in $pieces array.
if (eregi("^[a-zA-Z0-9._-]+
@
([a-zA-Z0-9._-]+)
\.
([a-zA-Z0-9_-]){2,3}$",
$email, $pieces)) :

// strstr() returns all of first parameter
// found after second parameter.
// substr() returns all of the string found
// between the first and second parameters.
// getmxrr() verifies that domain MX record exists.

if (getmxrr(substr(strstr($pieces[0], '@'), 1),
$mx_hosts) ) :
return TRUE;
endif;

endif;

return FALSE;

} // end validate_email()

// validate the email and output message accordingly.

if (validate_email($email)) :

print "email is valid!";

else :

print "bad email! baaaaad email!";

endif;

?>

Of course, instead of outputting a message at the end of the script, chances are you will want to perform some function such as adding the e-mail to a database table if it's valid, otherwise informing the user that the e-mail is invalid and reprompting for input.

The only PHP function used in this example that is directly related to networking per se is the function getmxrr(). This function searches for the mail exchanger record that specifies a domain's mail route. All MX records that are found are placed into the second input parameter: in the case of Listing 1-2, the variable $mx_hosts.

Keep in mind that this "foolproof" verification system is unlikely to deter those users who insist on not providing their real e-mail address. While the upside is that you are likely to store only "correct" e-mail addresses, this will not stop users from entering addresses that are not really theirs.

PHP's network functions

Of course, working with e-mail is just a small part of PHP's network-related functionality. PHP also offers several rather useful functions for retrieving information regarding servers and domains, a few of which I'll introduce here.

Let's assume for example that you wanted to write a script that translates the IP addresses found within Apache's server log into corresponding host names. Although I won't delve into the entire script, you may find it interesting to know that PHP offers a function that can readily perform these IP-to-host name translations. The function name is gethostbyaddr(). I'll illustrate its usage in Listing 1-3.

Listing 1-3: Translating an IP to its corresponding host name.

<?
$ip = "208.201.239.36";

$host = gethostbyaddr($ip);

print "The host name for $ip is $host.";
?>

The above example would yield the following output:

The host name for 208.201.239.36 is www.oreillynet.com.

Incidentally, you can use Apache's REMOTE_ADDR variable and the gethostbyaddr() function to obtain the current client's host name, as is shown in Listing 1-4:

Listing 1-4: Obtaining the client's host name

<?
$host = gethostbyaddr($REMOTE_ADDR);

print "Your host name is $host ($REMOTE_ADDR).";
?>

Listing 1-4 would output:

Your host name is www.oreillynet.com (208.201.239.36).

As is the case with many PHP functions, there is a procedure that performs the opposite translation, that is, host name to IP. This is accomplished with the function gethostbyname(). I'll illustrate its usage in Listing 1-5:

Listing 1-5: Obtaining a host name's corresponding IP address

<?
$host = www.oreillynet.com;

$ip = gethostbyname($host);

print "The IP address for the host name $host is $ip.";
?>

This would return the following output:

The IP address for the host name www.oreillynet.com is 208.201.239.36.

Pages: 1, 2, 3

Next Pagearrow




Valuable Online Certification Training

Online Certification for Your Career
Earn a Certificate for Professional Development from the University of Illinois Office of Continuing Education upon completion of each online certificate program.

PHP/SQL Programming Certificate — The PHP/SQL Programming Certificate series is comprised of four courses covering beginning to advanced PHP programming, beginning to advanced database programming using the SQL language, database theory, and integrated Web 2.0 programming using PHP and SQL on the Unix/Linux mySQL platform.

Enroll today!


Sponsored by: