RFC standards can be found here: (http://www.imc.org/rfcs.html).
Additional controls, such as those for verifying the ownership of email, have also been added to the script. This will ensure that all users of your web application are human.
This system works by asking for the user's email address twice in the web form (as most registration forms do) and then using Recaptcha to prevent automated submissions.
Before the form is submitted to the server, it will perform client validation of the email format. Once the form is submitted, the server will perform another validation.
If the validation is successful, it will generate an activation code and insert the email address into the MySQL database. However, the "active" status is still set to 0, since the user's email address is still inactive (ownership is not confirmed).
Once the user activates the email by clicking the link, it will update the "active" status from 0 to 1 in the database. The link to the complete scripts and working example is available at the end of this tutorial.
Let's get started.
Index.php file (The email web form and Client Validation)
//Check if the web form has been submitted
1. Check the user's originally entered email vs the email confirmation in the form's two email textboxes.
This is mostly a standard in registration forms wherein a user is asked to enter his/her email address twice for confirmation purposes, to decrease chances of email typographical error.
The user is required to validate the email by logging into his/her email account and then clicking on the verification link.
This email validation script consists of three stages.
Second stage validation: Server side validation in PHP (email format checking).
Third stage validation: User existence validation by sending verification mail in PHP. The user needs to click that link to complete the validation process.
A successful validation (completing the first through third stages) proves that there is a real working email address, that is correct in format and owned by a real user.
A 100% detection (using the is_email() function) of all possible email format combinations, according to RFC specifications, ensures that all email address combinations are NOT unnecessarily rejected by the email system validation script.
A 100% accuracy means 0% rejection of all valid RFC email address formats. This will maximize the number of successful signups, since some users might use email addresses that are often rejected by other non-standard email validators.
The form's HTML code
//For details about the use of recaptcha in PHP, go here: http://code.google.com/apis/recaptcha/docs/php.html
Index.php file (Continued...Server side validation)
Display error back to the client is the recaptcha entered is incorrect.
End of recaptcha validation
SECOND STAGE OF EMAIL ADDRESS VALIDATION: AT THE SERVER SIDE: Check email according to RFC specifications
Dominic Sayers 'is_email' php function is verified to detect 100% of email sample formats according to RFC specifications.
More details and test results here: http://www.dominicsayers.com/isemail/
User entered correct email address in both text boxes, and not empty during PHP validation, and the email address is valid according to RFC specifications.
blog comments powered by Disqus