Hacks: Check user emails on registration

Posted by: chippyashOn 2006/11/3 16:11:50 6881 reads
A simple hack to add extra security to your site and prevent malicious users from entering false email addresses. This checks with the mail server entered by the user to see if the mail address exists.

1) download the checkmail.zip file from HERE and extract its contents and put them into the class/ directory of your xoops installation

2) backup the /include/functions.php file

3) edit the /include/functions.php file and replace the current function declaration:

function checkEmail($email,$antispam false)


with the following:

include_once(XOOPS_ROOT_PATH."/class/class.xbschmail.inc");
function 
checkEmail($email,$antispam false)
{
    if (!
$email || !preg_match("/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+([.][a-z0-9-]+)+$/i",$email)){
        return 
false;
    }
    global 
$xoopsConfig;
    
$mailname split('@',$xoopsConfig['adminmail']);
    
$emval = new email_validation(5,0,$mailname[0],$mailname[1],0);
    
$test $emval->ValidateEmailBox($email);
    if (!
$test) {
        return 
false;
    }
    if (
$antispam) {
        
$email str_replace("@"" at "$email);
        
$email str_replace("."" dot "$email);
    }
    return 
$email;
}



That's it. Now try to register using a dummy email. It will be refused. It will also check if you allow users to change their email addresses.

This works on Linux servers. The code includes functionality for Windows servers but I haven't tested it on them.