Email Validation PHP Script with JavaScript and User Verification

RFC standards can be found here: (http://www.imc.org/rfcs.html).

Additional controls, such as those for verifying the ownership of email, have also been added to the script. This will ensure that all users of your web application are human.

This system works by asking for the user's email address twice in the web form (as most registration forms do) and then using Recaptcha to prevent automated submissions.

Before the form is submitted to the server, it will perform client validation of the email format. Once the form is submitted, the server will perform another validation.

If the validation is successful, it will generate an activation code and insert the email address into the MySQL database. However, the "active" status is still set to 0, since the user's email address is still inactive (ownership is not confirmed).

Once the user activates the email by clicking the link, it will update the "active" status from 0 to 1 in the database. The link to the complete scripts and working example is available at the end of this tutorial.

Let's get started.

Index.php file (The email web form and Client Validation)

<?php

//Check if the web form has been submitted
if (!isset($_POST['email'])) {
?>
<html>
<head>
<title>Complete RFC-Compliant Email Validator using PHP and JavaScript</title>

The original source of the JavaScript client validation code is here: http://www.siliconglen.com/software/e-mail-validation.html

Note that the original JavaScript code has been modified in this application script to:

1. Check the user's originally entered email vs the email confirmation in the form's two email textboxes.

This is mostly a standard in registration forms wherein a user is asked to enter his/her email address twice for confirmation purposes, to decrease chances of email typographical error.

2. Add additional JavaScript variables to be processed during the on click event form submission.

<script src="rfccompliant.js"></script>
</head>
<body>
<h2>RFC-Compliant Email Address validation script</h2>

This email address validation script basically uses client side validation done by JavaScript and server side validation with PHP to complete validation.

The user is required to validate the email by logging into his/her email account and then clicking on the verification link.

This email validation script consists of three stages.

First stage validation: Client-side validation using JavaScript (email format checking).

Second stage validation: Server side validation in PHP (email format checking).

Third stage validation: User existence validation by sending verification mail in PHP. The user needs to click that link to complete the validation process.

This is a very useful application if you need to verify the email address completely in PHP and JavaScript as well as prevent automated submissions and ensure that all signups/registrations are done by a human (not a bot). This can be interfaced to newsletter signups, digital downloads, website membership systems, etc.

A successful validation (completing the first through third stages) proves that there is a real working email address, that is correct in format and owned by a real user.

A 100% detection (using the is_email() function) of all possible email format combinations, according to RFC specifications, ensures that all email address combinations are NOT unnecessarily rejected by the email system validation script.

A 100% accuracy means 0% rejection of all valid RFC email address formats. This will maximize the number of successful signups, since some users might use email addresses that are often rejected by other non-standard email validators.

The form's HTML code

<form id="form_id" action="<?php $_SERVER['PHP_SELF']; ?>" method="POST" name=emailform onSubmit="javascript:return emailCheck('form_id','email1','email2');">
Enter your email address: <input id="email1" type="text" size="35" name="email"><br>
Enter your email address again: <input id="email2" type="text" size="35" name="emailconfirm"><br><br>
Type the captcha below(will prevent automated bot submissions to your system):
<br>
<?php

//For details about the use of recaptcha in PHP, go here: http://code.google.com/apis/recaptcha/docs/php.html

require_once('recaptchalib.php');
$publickey = "**ENTER YOUR OWN RECAPTCHA PUBLIC KEY HERE**";
echo recaptcha_get_html($publickey);
?>
<br /><br /><input type="submit" value="Submit"></form>

Index.php file (Continued...Server side validation)

<?php
}
else {

Validate recaptcha

require_once('recaptchalib.php');
$errors=array();
$privatekey = "**ENTER YOUR OWN RECAPTCHA PRIVATE KEY HERE**";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {

Display error back to the client is the recaptcha entered is incorrect.
die('ERROR: The recaptcha code was not entered correctly or expired.Press the back button.');

End of recaptcha validation
}
else {
Successful Recaptcha validation, get posted values from the web form

$emailaddress=trim($_POST['email']);
$emailaddressverify=trim($_POST['emailconfirm']);

SECOND STAGE OF EMAIL ADDRESS VALIDATION: AT THE SERVER SIDE: Check email according to RFC specifications

require_once('is_email.php');

Dominic Sayers 'is_email' php function is verified to detect 100% of email sample formats according to RFC specifications.

More details and test results here: http://www.dominicsayers.com/isemail/

if (!(is_email($emailaddress))) {
die('Server side email address validation failed');
}
else
{
if (($emailaddress==$emailaddressverify) && (!(empty($emailaddress))) && (!(empty($emailaddress)))) {

User entered correct email address in both text boxes, and not empty during PHP validation, and the email address is valid according to RFC specifications.