[SOLVED] Fake Emails in a form

[envexlabs]

Hello,

 

I developed a cart for a client that has recently had a few fraud orders from people using real credit card numbers but fake emails.

 

Right now the cart just checks to see if the user inputed an email that contains an @ symbol and a .domain

 

I would like to be able to check and see if the domain included is an actual domain and if the email is active.

 

Any idea how i would go about doing this? Is it even possible?

 

Thanks,

 

envex

[jonsjava]

This will only verify that the domain is real.  There isn't a good way to verify the account.  Most well secured e-mail servers will stop mass spammers by explicitly *NOT* giving that information out.

<?php
/**
* Email verification function
* EXAMPLE: 
* if (verifyEmail("[email protected]"){
* //process request
* }
* else{
* //don't process request
* }
*
* @param unknown_type $email_address
* @return unknown
*/
function verifyEmail($email_address){
list($user, $domain) = split("@", $email_address);
if (checkdnsrr($domain, "MX")){
	return true;
}
else{
	return false;
}
}

[envexlabs]

Wow,

 

Didn't expect a chunk of code

 

Thanks for the quick reply,

 

envex

[envexlabs]

Update:

 

the server the client is running does not support checkdnsrr() because it's a windows environment.

 

 

[PFMaBiSmAd]

 

 

And checking if the email address is real would only provide a small increase in security. You should be doing an email verified op-in registration where a unique link is sent to the email address and it must be clicked on to activate the account. This will as least insure that the email address is real and under the control of the person who registered.

[envexlabs]

Thanks,

 

I guess that does make alot of sense. Hopefully the client has the budget to implement a system like this.

[jonsjava]

Update:

 

the server the client is running does not support checkdnsrr() because it's a windows environment.

 

 

A little help from PHP.net:

<?php
if(!function_exists('checkdnsrr')){
    function checkdnsrr($host, $type=''){
        if(!empty($host)){
            $type = (empty($type)) ? 'MX' :  $type;
            exec('nslookup -type='.$type.' '.escapeshellcmd($host), $result);
            $it = new ArrayIterator($result);
            foreach(new RegexIterator($it, '~^'.$host.'~', RegexIterator::GET_MATCH) as $result){
                if($result){
                    return true;
                }               
            }
        }
        return false;
    }
}
/**
* Email verification function
* EXAMPLE: 
* if (verifyEmail("[email protected]"){
* //process request
* }
* else{
* //don't process request
* }
*
* @param unknown_type $email_address
* @return unknown
*/
function verifyEmail($email_address){
list($user, $domain) = split("@", $email_address);
$domain = str_ireplace("*", "", $domain);
$domain = str_ireplace(";", "", $domain);
$domain = str_ireplace("c:\;", "", $domain);
$domain = str_ireplace("deltree", "", $domain);
if (checkdnsrr($domain, "MX")){
	return true;
}
else{
	return false;
}
}
if (verifyEmail("[email protected]")){
print "valid domain";
}

[jmsst44]

Can not verify that the account is real.