Hi all -

Was wondering if anyone has come across a script that verifies if an email address exists or not? Beyond verifying that the data entered has an @ symbol, I'd like to make sure that I'm not getting bogus email addresses.

Would be any way to do this rather than having the user sign up > receive an email w/a code or link > click link or enter code... ?

If not, what is the best practice to go about this? If the best way is to have the user go through a process like the one I mentioned above, the first question that comes to my mind is how to generate a unique string for *that* user.

Thanks in advance as always. Cheers - Drew

Member Avatar for Zagga

Hi ddellostritto,

It seems common practice is to send a verification code.

When a member signs up, you send a unique random code to them (using rand_str for example).
You store this code and all the users registration information in a temporary users database.
When the user clicks on the link in the email, you check that the unique verification code matches the one stored in the database. If there is a match, move the users details to the permanent users database.


Hope this helps.
Zagga

I do share the same thoughts as Zagga.

However, you may want to try the getmxrr() function. I'm not sure if it can help but it will detect the MX records for the domain.

A better practice would be to first send a test mail to the mail server directly from the PHP script with an SMTP protocol emulation. So you can check if the entered address is valid and known. Otherwise you might lose visitors who erroneously enter a wrong email address and never receive their confirmation link.
If the address is valid, you will still need the confirmation mechanism to protect yourself against spammers.

Thank you all for your valuable feedback. I think I'll have to follow smantscheff's advice and combine the ideas.

Member Avatar for diafol

Firstly have a regex validation (js) on form fill. You could have an ajax validation here instead with a getmxrr(), but this can take some time to complete the round trip. Also if js not enabled, ajax will fail.

I would suggest js regex validation, then server-side validation (regex again) followed by a ping or getmxrr. That should tell you if the address is a valid and exists.

If so, add the user details to your DB. You could have a status field (tinyint) set to 0 initially (not activated).

Send an email to the address with an activation code. This can include a hash of various data items for the record in the DB.

Once activated, the user can log in as the status field has now been changed to 1 (activated). This is a very trivial usage. You probably need something a little more robust.

Be careful with the getmxrr function, only since 5.3.0 has it been available on windows. If you know the environment you're writing the script for this won't be a problem, but if you're writing a script for others to deploy this is a limitation you will want to work around.

There is a good thread here: http://www.daniweb.com/forums/thread141944.html about this very topic. The solution could probably benefit from a little updating but its a solid concept.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.