Continues From Part 4.
Our next assigned task is to check email field for correctness of its format. It is advantageous to check if the domain claimed by visitor exists at all to reduce spams. But it is not possible to check if the email name is also a valid existing email user's name.
PHP has a facility for the correctness of the format of the email.
Boolean filter_var($Email, FILTER_VALIDATE_EMAIL);
I add that to my demoPoster.php (download PHP code in Zip format here or open the code in text format here).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | <?php $Name = Trim(stripslashes($_POST['Name'])); $City = Trim(stripslashes($_POST['City'])); $Email = Trim(stripslashes($_POST['Email'])); $Subject = Trim(stripslashes($_POST['Subject'])); $Message = Trim(stripslashes($_POST['Message'])); if ((empty($Name))||(empty($Email ))||(empty($Message))) { print "<meta http-equiv=\"refresh\" content=\"0;URL=demoError2.html\">"; exit(); } else{ if(!filter_var($Email, FILTER_VALIDATE_EMAIL)){ print "<meta http-equiv=\"refresh\" content=\"0;URL=demoError2.html\">"; exit(); } //Next send contact to website admin. $EmailToAdmin = "carlo.dj@messiahpsychoanalyst.org"; //Put your website admin email here. Don't forget quotes. // body of the email your own admin receives $Body = "RE: Contact from visitors"; $Body .= "\n"; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "City: "; $Body .= $City; $Body .= "\n"; $Body .= "Subject: "; $Body .= $Subject; $Body .= "\n"; $Body .= "Email: "; $Body .= $Email; $Body .= "\n"; $Body .= "Message: "; $Body .= "\n"; $Body .= $Message; $Body .= "\n"; // send email to admin $posted = mail($EmailToAdmin, $Subject, $Body, "From: <$Email>"); // redirect to thanks page if ($posted){ print "<meta http-equiv=\"refresh\" content=\"0;URL=demoThanks.php\">"; //After thank you send an email containing his message to the visitor // prepare email body text $Body = " Madam/Sir,\n Thank you for your message.\n Dysprosium.\n"; $Body .= " ======================================================\n\n"; $Body .= "Name: "; $Body .= $Name; $Body .= ", Esq."; $Body .= "\n"; $Body .= "From: "; $Body .= $City; $Body .= "\n"; $Body .= "Email: "; $Body .= $Email; $Body .= "\n"; $Body .= "Subject: "; $Body .= $Subject; $Body .= "\n"; $Body .= "Message: "; $Body .= "\n"; $Body .= $Message; $Body .= "\n"; // send email mail($Email, $Subject, $Body, "From: <$EmailToAdmin>"); } else{ //do nothing for now } } ?> |
You can create and put a separate demoError.html, say, demoError2.html page, only for bad formatted emails; that is, emails which are not in form of someone@somewhere.com or .org and so on.
If some spammer uses xyz@rxzjq.com, then you cannot check if such a domain as rxzjq.com exists at all. There is few lines you can add. It is by your own risk to be assured if these lines always work correctly. I have checked them dozen of times with the expected correct result.
Please add the following PHP function as a separate piece of PHP to the tail of your demoPoster.php.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | <?Php /** * http://www.electrictoolbox.com/php-get-mail-server-ip-address/ * Get a mail server's IP address with PHP * Posted November 9th, 2012 in PHP by Chris Hope * Returns an IP address that mail can be delivered to for the passed in domain. * **/ function MailIPAddress($domain) { $ip = false; $records = dns_get_record($domain, DNS_MX); $priority = null; foreach ($records as $record) { if ($priority == null || $record['pri'] < $priority) { $myip = gethostbyname($record['target']); // if the value returned is the same, then the lookup failed if ($myip != $record['target']) { $ip = $myip; $priority = $record['pri']; } } } if (!$ip) { $ip = gethostbyname($domain); // if the value returned is the same, then the lookup failed if ($ip == $domain) { $ip = false; } } return $ip; } ?> |
Then use this function as a Boolean together with PHP string explode. PHP explode separates domain part of the email from its name part into a two elements list.
list($emailPart, $domainPart) = explode('@', $Email);
Now use the Boolean function
Boolean MailIPAddress($domainPart);
together with email format check. We have,
1 2 3 4 5 6 7 | list($emailPart, $domainPart) = explode('@', $Email); $one=filter_var($Email, FILTER_VALIDATE_EMAIL); $two=MailIPAddress($domainPart); if (!(($one) && ($two))) { print "<meta http-equiv=\"refresh\" content=\"0;URL=demoError.html\">"; exit(); } |
That makes our demoPoster a bit longer and more robust. Again, you can create separate HTML pages in response of different errors. The overall result is the new demoPoster.php, as follows (download PHP code in Zip format here or open the code in text format here).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | <?php $Name = Trim(stripslashes($_POST['Name'])); $City = Trim(stripslashes($_POST['City'])); $Email = Trim(stripslashes($_POST['Email'])); $Subject = Trim(stripslashes($_POST['Subject'])); $Message = Trim(stripslashes($_POST['Message'])); if ((empty($Name))||(empty($Email ))||(empty($Message))) { print "<meta http-equiv=\"refresh\" content=\"0;URL=demoError2.html\">"; exit(); } else{ list($emailPart, $domainPart) = explode('@', $Email); $one=filter_var($Email, FILTER_VALIDATE_EMAIL); $two=MailIPAddress($domainPart); if (!(($one) && ($two))) { print "<meta http-equiv=\"refresh\" content=\"0;URL=demoError2.html\">"; exit(); } //Next send contact to website admin. $EmailToAdmin = "carlo.dj@messiahpsychoanalyst.org"; //Put your website admin email here. Don't forget quotes. // body of the email your own admin receives $Body = "RE: Contact from visitors"; $Body .= "\n"; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "City: "; $Body .= $City; $Body .= "\n"; $Body .= "Subject: "; $Body .= $Subject; $Body .= "\n"; $Body .= "Email: "; $Body .= $Email; $Body .= "\n"; $Body .= "Message: "; $Body .= "\n"; $Body .= $Message; $Body .= "\n"; // send email to admin $posted = mail($EmailToAdmin, $Subject, $Body, "From: <$Email>"); // redirect to thanks page if ($posted){ print "<meta http-equiv=\"refresh\" content=\"0;URL=demoThanks.php\">"; //After thank you send an email containing his message to the visitor // prepare email body text $Body = " Madam/Sir,\n Thank you for your message.\n Dysprosium.\n"; $Body .= " ======================================================\n\n"; $Body .= "Name: "; $Body .= $Name; $Body .= ", Esq."; $Body .= "\n"; $Body .= "From: "; $Body .= $City; $Body .= "\n"; $Body .= "Email: "; $Body .= $Email; $Body .= "\n"; $Body .= "Subject: "; $Body .= $Subject; $Body .= "\n"; $Body .= "Message: "; $Body .= "\n"; $Body .= $Message; $Body .= "\n"; // send email mail($Email, $Subject, $Body, "From: <$EmailToAdmin>"); } else{ //do nothing for now } } ?> <?Php /** * http://www.electrictoolbox.com/php-get-mail-server-ip-address/ * Get a mail server's IP address with PHP * Posted November 9th, 2012 in PHP by Chris Hope * Returns an IP address that mail can be delivered to for the passed in domain. * **/ function MailIPAddress($domain) { $ip = false; $records = dns_get_record($domain, DNS_MX); $priority = null; foreach ($records as $record) { if ($priority == null || $record['pri'] < $priority) { $myip = gethostbyname($record['target']); // if the value returned is the same, then the lookup failed if ($myip != $record['target']) { $ip = $myip; $priority = $record['pri']; } } } if (!$ip) { $ip = gethostbyname($domain); // if the value returned is the same, then the lookup failed if ($ip == $domain) { $ip = false; } } return $ip; } ?> |
Quote from the author of the mentioned function,
"Note that an IP address being returned is no guarantee that there is a mail
server listening at that IP address, or that it will accept mail for the domain
server listening at that IP address, or that it will accept mail for the domain
being queried. It simply returns values based on the DNS records."
Next we should retain values of the fields after return of the user if they made an error and left the page. We continue in the next post. Please, click here.
Download this tutorial as PDF format here
Download part 1 to part 5 as PDF format here
No comments:
Post a Comment