Message info
 
To:aur-dev@archlinux.org From:Lukas Fleischer Subject:Re: [aur-dev] [PATCH] valid_email :: check if domain part is real Date:Wed, 21 Mar 2012 10:21:23 +0100
 

On Wed, Mar 21, 2012 at 08:42:54AM +0100, BlackEagle wrote:
> this can be used as an intermediate 'patch' util there is a validation
> system in place.
>
> the extra check is to verify that the domain part of a correctly
> formatted email address is existing and in use. this will not at all
> stop spammers since they can use bogus emails with valid domain parts
> ---
> web/lib/aur.inc.php | 13 ++++++++++++-
> 1 files changed, 12 insertions(+), 1 deletions(-)
>

Applied, thanks!

> diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
> index c662b80..001f23f 100644
> --- a/web/lib/aur.inc.php
> +++ b/web/lib/aur.inc.php
> @@ -80,7 +80,18 @@ function check_sid($dbh=NULL) {
> # verify that an email address looks like it is legitimate
> #
> function valid_email($addy) {
> - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false);
> + // check against RFC 3696
> + if(filter_var($addy, FILTER_VALIDATE_EMAIL) === false) {
> + return false;
> + }
> +
> + // check dns for mx, a, aaaa records
> + list($local, $domain) = explode('@', $addy);
> + if(! (checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) {
> + return false;
> + }
> +
> + return true;
> }
>
> # a new seed value for mt_srand()
> --
> 1.7.9.1