The following code snippet should validate that the e-mail matches the
criteria for a correct e-mail address. It will then take the domain
(everything past the @) and have your server determine if that domain
accepts e-mail addresses. Beyond that you can not guarantee that an
address is properly setup at that domain.
The relavent changes are the additional of the
check_email_address function and the myCheckDNSRR function.
The check_email_address function is called immediately before your
code sends the e-mail. If it fails the user page is sent to the same
error page you specify.
Here is the code
<!--begin php script-->
<?
/*
CHFEEDBACK.PHP Feedback Form PHP Script Ver 2.07
Generated by thesitewizard.com's Feedback Form Wizard.
Copyright 2000-2006 by Christopher Heng. All rights reserved.
thesitewizard and thefreecountry are trademarks of Christopher Heng.
$Id: phpscript.txt,v 1.8 2006/02/28 13:07:11 developer Exp $
Get the latest version, free, from:
http://www.thesitewizard.com/wizards/feedbackform.shtml
You can read the Frequently Asked Questions (FAQ) at:
http://www.thesitewizard.com/wizards/faq.shtml
I can be contacted at:
http://www.thesitewizard.com/feedback.php
Note that I do not normally respond to questions that have
already been answered in the FAQ, so *please* read the FAQ.
LICENCE TERMS
1. You may use this script on your website, with or
without modifications, free of charge.
2. You may NOT distribute or republish this script,
whether modified or not. The script can only be
distributed by the author, Christopher Heng.
3. THE SCRIPT AND ITS DOCUMENTATION ARE PROVIDED
"AS IS", WITHOUT WARRANTY OF ANY KIND, NOT EVEN THE
IMPLIED WARRANTY OF MECHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. YOU AGREE TO BEAR ALL RISKS AND
LIABILITIES ARISING FROM THE USE OF THE SCRIPT,
ITS DOCUMENTATION AND THE INFORMATION PROVIDED BY THE
SCRIPTS AND THE DOCUMENTATION.
If you cannot agree to any of the above conditions, you
may not use the script.
Although it is NOT required, I would be most grateful
if you could also link to thesitewizard.com at:
http://www.thesitewizard.com/
*/
// ------------- CONFIGURABLE SECTION ------------------------
// $mailto - set to the email address you want the form
// sent to, eg
//$mailto = "youremailaddress@example.com" ;
$mailto = 'pictureframe@pictureframe.com.au' ;
// $subject - set to the Subject line of the email, eg
//$subject = "Feedback Form" ;
$subject = "Picture Framing Feedback Form" ;
// the pages to be displayed, eg
//$formurl = "http://www.example.com/feedback.html" ;
//$errorurl = "http://www.example.com/error.html" ;
//$thankyouurl = "http://www.example.com/thankyou.html" ;
$formurl = "http://www.pictureframe.com.au/picture_frame_contact.html" ;
$errorurl = "http://www.pictureframe.com.au/picture_frame_error.html" ;
$thankyouurl = "http://www.pictureframe.com.au/picture_frame_thanks.html" ;
$uself = 0;
// -------------------- END OF CONFIGURABLE SECTION ---------------
$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$http_referrer = getenv( "HTTP_REFERER" );
if (!isset($_POST['email'])) {
header( "Location: $formurl" );
exit ;
}
if (empty($name) || empty($email) || empty($comments)) {
header( "Location: $errorurl" );
exit ;
}
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
header( "Location: $errorurl" );
exit ;
}
if (get_magic_quotes_gpc()) {
$comments = stripslashes( $comments );
}
$messageproper =
"This message comes from:\n" .
"$http_referrer\n" .
"------------------------------------------------------------\n" .
"Sender's Name: $name\n" .
"Sender's Email: $email\n" .
"Sender's Message:\n\n" .
$comments .
"\n\n------------------------------------------------------------\n" ;
if(check_email_address($mailto)){
mail($mailto, $subject, $messageproper,
"From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\"
<$email>" . $headersep . "X-Mailer: chfeedback.php 2.07" );
header( "Location: $thankyouurl" );
}
else{
header( "Location: $errorurl" );
}
exit ;
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one
section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
$local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain
is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$",
$domain_array[$i])) {
return false;
}
}
}
$emailInfo = split('@', $email);
return myCheckDNSRR($emailInfo[1], 'MX');
}
function myCheckDNSRR($hostName, $recType = '')
{
if(!empty($hostName)) {
if( $recType == '' ) $recType = "MX";
exec("nslookup -type=$recType $hostName", $result);
// check each line to find the one that starts with the host
// name. If it exists then the function succeeded.
foreach ($result as $line) {
if(eregi("^$hostName",$line)) {
return true;
}
}
// otherwise there was no mail handler for the domain
return false;
}
return false;
}
?>
<!--end php script-->
<!--begin php script-->
<?
/*
CHFEEDBACK.PHP Feedback Form PHP Script Ver 2.07
Generated by thesitewizard.com's Feedback Form Wizard.
Copyright 2000-2006 by Christopher Heng. All rights reserved.
thesitewizard and thefreecountry are trademarks of Christopher Heng.
$Id: phpscript.txt,v 1.8 2006/02/28 13:07:11 developer Exp $
Get the latest version, free, from:
http://www.thesitewizard.com/wizards/feedbackform.shtml
You can read the Frequently Asked Questions (FAQ) at:
http://www.thesitewizard.com/wizards/faq.shtml
I can be contacted at:
http://www.thesitewizard.com/feedback.php
Note that I do not normally respond to questions that have
already been answered in the FAQ, so *please* read the FAQ.
LICENCE TERMS
1. You may use this script on your website, with or
without modifications, free of charge.
2. You may NOT distribute or republish this script,
whether modified or not. The script can only be
distributed by the author, Christopher Heng.
3. THE SCRIPT AND ITS DOCUMENTATION ARE PROVIDED
"AS IS", WITHOUT WARRANTY OF ANY KIND, NOT EVEN THE
IMPLIED WARRANTY OF MECHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. YOU AGREE TO BEAR ALL RISKS AND
LIABILITIES ARISING FROM THE USE OF THE SCRIPT,
ITS DOCUMENTATION AND THE INFORMATION PROVIDED BY THE
SCRIPTS AND THE DOCUMENTATION.
If you cannot agree to any of the above conditions, you
may not use the script.
Although it is NOT required, I would be most grateful
if you could also link to thesitewizard.com at:
http://www.thesitewizard.com/
*/
// ------------- CONFIGURABLE SECTION ------------------------
// $mailto - set to the email address you want the form
// sent to, eg
//$mailto = "youremailaddress@example.com" ;
$mailto = 'pictureframe@pictureframe.com.au' ;
// $subject - set to the Subject line of the email, eg
//$subject = "Feedback Form" ;
$subject = "Picture Framing Feedback Form" ;
// the pages to be displayed, eg
//$formurl = "http://www.example.com/feedback.html" ;
//$errorurl = "http://www.example.com/error.html" ;
//$thankyouurl = "http://www.example.com/thankyou.html" ;
$formurl = "http://www.pictureframe.com.au/picture_frame_contact.html" ;
$errorurl = "http://www.pictureframe.com.au/picture_frame_error.html" ;
$thankyouurl = "http://www.pictureframe.com.au/picture_frame_thanks.html" ;
$uself = 0;
// -------------------- END OF CONFIGURABLE SECTION ---------------
$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$http_referrer = getenv( "HTTP_REFERER" );
if (!isset($_POST['email'])) {
header( "Location: $formurl" );
exit ;
}
if (empty($name) || empty($email) || empty($comments)) {
header( "Location: $errorurl" );
exit ;
}
if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
header( "Location: $errorurl" );
exit ;
}
if (get_magic_quotes_gpc()) {
$comments = stripslashes( $comments );
}
$messageproper =
"This message comes from:\n" .
"$http_referrer\n" .
"------------------------------------------------------------\n" .
"Sender's Name: $name\n" .
"Sender's Email: $email\n" .
"Sender's Message:\n\n" .
$comments .
"\n\n------------------------------------------------------------\n" ;
if(check_email_address($mailto)){
mail($mailto, $subject, $messageproper,
"From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\"
<$email>" . $headersep . "X-Mailer: chfeedback.php 2.07" );
header( "Location: $thankyouurl" );
}
else{
echo "Invalid E-mail Address";
}
exit ;
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one
section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
$local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain
is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$",
$domain_array[$i])) {
return false;
}
}
}
$emailInfo = split('@', $email);
return myCheckDNSRR($emailInfo[1], 'MX');
}
function myCheckDNSRR($hostName, $recType = '')
{
if(!empty($hostName)) {
if( $recType == '' ) $recType = "MX";
exec("nslookup -type=$recType $hostName", $result);
// check each line to find the one that starts with the host
// name. If it exists then the function succeeded.
foreach ($result as $line) {
if(eregi("^$hostName",$line)) {
return true;
}
}
// otherwise there was no mail handler for the domain
return false;
}
return false;
}
?>
<!--end php script--> |
