Jump to content

[SOLVED] Fake Emails in a form


envexlabs

Recommended Posts

Hello,

 

I developed a cart for a client that has recently had a few fraud orders from people using real credit card numbers but fake emails.

 

Right now the cart just checks to see if the user inputed an email that contains an @ symbol and a .domain

 

I would like to be able to check and see if the domain included is an actual domain and if the email is active.

 

Any idea how i would go about doing this? Is it even possible?

 

Thanks,

 

envex

Link to comment
https://forums.phpfreaks.com/topic/139862-solved-fake-emails-in-a-form/
Share on other sites

This will only verify that the domain is real.  There isn't a good way to verify the account.  Most well secured e-mail servers will stop mass spammers by explicitly *NOT* giving that information out.

<?php
/**
* Email verification function
* EXAMPLE: 
* if (verifyEmail("[email protected]"){
* //process request
* }
* else{
* //don't process request
* }
*
* @param unknown_type $email_address
* @return unknown
*/
function verifyEmail($email_address){
list($user, $domain) = split("@", $email_address);
if (checkdnsrr($domain, "MX")){
	return true;
}
else{
	return false;
}
}

 

 

And checking if the email address is real would only provide a small increase in security. You should be doing an email verified op-in registration where a unique link is sent to the email address and it must be clicked on to activate the account. This will as least insure that the email address is real and under the control of the person who registered.

Update:

 

the server the client is running does not support checkdnsrr() because it's a windows environment.

 

 

A little help from PHP.net:

<?php
if(!function_exists('checkdnsrr')){
    function checkdnsrr($host, $type=''){
        if(!empty($host)){
            $type = (empty($type)) ? 'MX' :  $type;
            exec('nslookup -type='.$type.' '.escapeshellcmd($host), $result);
            $it = new ArrayIterator($result);
            foreach(new RegexIterator($it, '~^'.$host.'~', RegexIterator::GET_MATCH) as $result){
                if($result){
                    return true;
                }               
            }
        }
        return false;
    }
}
/**
* Email verification function
* EXAMPLE: 
* if (verifyEmail("[email protected]"){
* //process request
* }
* else{
* //don't process request
* }
*
* @param unknown_type $email_address
* @return unknown
*/
function verifyEmail($email_address){
list($user, $domain) = split("@", $email_address);
$domain = str_ireplace("*", "", $domain);
$domain = str_ireplace(";", "", $domain);
$domain = str_ireplace("c:\;", "", $domain);
$domain = str_ireplace("deltree", "", $domain);
if (checkdnsrr($domain, "MX")){
	return true;
}
else{
	return false;
}
}
if (verifyEmail("[email protected]")){
print "valid domain";
}

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.