envexlabs Posted January 7, 2009 Share Posted January 7, 2009 Hello, I developed a cart for a client that has recently had a few fraud orders from people using real credit card numbers but fake emails. Right now the cart just checks to see if the user inputed an email that contains an @ symbol and a .domain I would like to be able to check and see if the domain included is an actual domain and if the email is active. Any idea how i would go about doing this? Is it even possible? Thanks, envex Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 This will only verify that the domain is real. There isn't a good way to verify the account. Most well secured e-mail servers will stop mass spammers by explicitly *NOT* giving that information out. <?php /** * Email verification function * EXAMPLE: * if (verifyEmail("user@example.com"){ * //process request * } * else{ * //don't process request * } * * @param unknown_type $email_address * @return unknown */ function verifyEmail($email_address){ list($user, $domain) = split("@", $email_address); if (checkdnsrr($domain, "MX")){ return true; } else{ return false; } } Quote Link to comment Share on other sites More sharing options...
envexlabs Posted January 7, 2009 Author Share Posted January 7, 2009 Wow, Didn't expect a chunk of code Thanks for the quick reply, envex Quote Link to comment Share on other sites More sharing options...
envexlabs Posted January 7, 2009 Author Share Posted January 7, 2009 Update: the server the client is running does not support checkdnsrr() because it's a windows environment. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 7, 2009 Share Posted January 7, 2009 And checking if the email address is real would only provide a small increase in security. You should be doing an email verified op-in registration where a unique link is sent to the email address and it must be clicked on to activate the account. This will as least insure that the email address is real and under the control of the person who registered. Quote Link to comment Share on other sites More sharing options...
envexlabs Posted January 7, 2009 Author Share Posted January 7, 2009 Thanks, I guess that does make alot of sense. Hopefully the client has the budget to implement a system like this. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 Update: the server the client is running does not support checkdnsrr() because it's a windows environment. A little help from PHP.net: <?php if(!function_exists('checkdnsrr')){ function checkdnsrr($host, $type=''){ if(!empty($host)){ $type = (empty($type)) ? 'MX' : $type; exec('nslookup -type='.$type.' '.escapeshellcmd($host), $result); $it = new ArrayIterator($result); foreach(new RegexIterator($it, '~^'.$host.'~', RegexIterator::GET_MATCH) as $result){ if($result){ return true; } } } return false; } } /** * Email verification function * EXAMPLE: * if (verifyEmail("user@example.com"){ * //process request * } * else{ * //don't process request * } * * @param unknown_type $email_address * @return unknown */ function verifyEmail($email_address){ list($user, $domain) = split("@", $email_address); $domain = str_ireplace("*", "", $domain); $domain = str_ireplace(";", "", $domain); $domain = str_ireplace("c:\;", "", $domain); $domain = str_ireplace("deltree", "", $domain); if (checkdnsrr($domain, "MX")){ return true; } else{ return false; } } if (verifyEmail("jonsjava@gmail.com")){ print "valid domain"; } Quote Link to comment Share on other sites More sharing options...
jmsst44 Posted January 13, 2009 Share Posted January 13, 2009 Can not verify that the account is real. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.