diff options
author | BlackEagle <ike.devolder@gmail.com> | 2012-03-21 08:42:54 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-03-21 10:16:38 +0100 |
commit | 0a1e1729d970049ade6ebc84558500e23bc10ed7 (patch) | |
tree | 32467f26cf95046d97623c66d88f80f9336537f9 | |
parent | 1f36664e9f55b175472436973a238aa36bd58bb2 (diff) | |
download | aurweb-0a1e1729d970049ade6ebc84558500e23bc10ed7.tar.xz |
valid_email :: check if domain part is real
this can be used as an intermediate 'patch' util there is a validation
system in place.
the extra check is to verify that the domain part of a correctly
formatted email address is existing and in use. this will not at all
stop spammers since they can use bogus emails with valid domain parts
Lukas: Minor formatting changes.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/lib/aur.inc.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index c662b80..7c92bb6 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -80,7 +80,18 @@ function check_sid($dbh=NULL) { # verify that an email address looks like it is legitimate # function valid_email($addy) { - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false); + // check against RFC 3696 + if (filter_var($addy, FILTER_VALIDATE_EMAIL) === false) { + return false; + } + + // check dns for mx, a, aaaa records + list($local, $domain) = explode('@', $addy); + if (!(checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) { + return false; + } + + return true; } # a new seed value for mt_srand() |