Email Validation PHP Script with JavaScript and User Verification

There is a need to have an email validation system using JavaScript and PHP that will comply with RFC standards. There are lots of email validation scripts on the Internet, but many of them reject valid email addresses, or they are otherwise not accurate enough. This tutorial will cover the most recent email validation technology available in late 2010 that will comply with RFC email standards.

RFC standards can be found here: (http://www.imc.org/rfcs.html).

Additional controls, such as those for verifying the ownership of email, have also been added to the script. This will ensure that all users of your web application are human.

This system works by asking for the user’s email address twice in the web form (as most registration forms do) and then using Recaptcha to prevent automated submissions.

Before the form is submitted to the server, it will perform client validation of the email format. Once the form is submitted, the server will perform another validation.

If the validation is successful, it will generate an activation code and insert the email address into the MySQL database. However, the “active” status is still set to 0, since the user’s email address is still inactive (ownership is not confirmed).

Once the user activates the email by clicking the link, it will update the “active” status from 0 to 1 in the database. The link to the complete scripts and working example is available at the end of this tutorial.

Let’s get started.

Index.php file (The email web form and Client Validation)

<?php

//Check if the web form has been submitted
if (!isset($_POST['email'])) {
?>
<html>
<head>
<title>Complete RFC-Compliant Email Validator using PHP and JavaScript</title>

The original source of the JavaScript client validation code is here: http://www.siliconglen.com/software/e-mail-validation.html

Note that the original JavaScript code has been modified in this application script to:

1. Check the user’s originally entered email vs the email confirmation in the form’s two email textboxes.

This is mostly a standard in registration forms wherein a user is asked to enter his/her email address twice for confirmation purposes, to decrease chances of email typographical error.

2. Add additional JavaScript variables to be processed during the on click event form submission.

<script src="rfccompliant.js"></script>
</head>
<body>
<h2>RFC-Compliant Email Address validation script</h2>

This email address validation script basically uses client side validation done by JavaScript and server side validation with PHP to complete validation.

The user is required to validate the email by logging into his/her email account and then clicking on the verification link.

This email validation script consists of three stages.

First stage validation: Client-side validation using JavaScript (email format checking).

Second stage validation: Server side validation in PHP (email format checking).

Third stage validation: User existence validation by sending verification mail in PHP. The user needs to click that link to complete the validation process.

This is a very useful application if you need to verify the email address completely in PHP and JavaScript as well as prevent automated submissions and ensure that all signups/registrations are done by a human (not a bot). This can be interfaced to newsletter signups, digital downloads, website membership systems, etc.

A successful validation (completing the first through third stages) proves that there is a real working email address, that is correct in format and owned by a real user.

A 100% detection (using the is_email() function) of all possible email format combinations, according to RFC specifications, ensures that all email address combinations are NOT unnecessarily rejected by the email system validation script.

A 100% accuracy means 0% rejection of all valid RFC email address formats. This will maximize the number of successful signups, since some users might use email addresses that are often rejected by other non-standard email validators.

The form’s HTML code

<form id="form_id" action="<?php $_SERVER['PHP_SELF']; ?>" method="POST" name=emailform onSubmit="javascript:return emailCheck(‘form_id’,'email1′,’email2′);">
Enter your email address: <input id="email1" type="text" size="35" name="email"><br>
Enter your email address again: <input id="email2" type="text" size="35" name="emailconfirm"><br><br>
Type the captcha below(will prevent automated bot submissions to your system):
<br>
<?php

//For details about the use of recaptcha in PHP, go here: http://code.google.com/apis/recaptcha/docs/php.html

require_once(‘recaptchalib.php’);
$publickey = "**ENTER YOUR OWN RECAPTCHA PUBLIC KEY HERE**";
echo recaptcha_get_html($publickey);
?>
<br /><br /><input type="submit" value="Submit"></form>

 

Index.php file (Continued…Server side validation)

<?php
}
else {

Validate recaptcha

require_once(‘recaptchalib.php’);
$errors=array();
$privatekey = "**ENTER YOUR OWN RECAPTCHA PRIVATE KEY HERE**";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {

Display error back to the client is the recaptcha entered is incorrect.
die(‘ERROR: The recaptcha code was not entered correctly or expired.Press the back button.’);

End of recaptcha validation
}
else {
Successful Recaptcha validation, get posted values from the web form

$emailaddress=trim($_POST['email']);
$emailaddressverify=trim($_POST['emailconfirm']);

SECOND STAGE OF EMAIL ADDRESS VALIDATION: AT THE SERVER SIDE: Check email according to RFC specifications

require_once(‘is_email.php’);

Dominic Sayers ‘is_email’ php function is verified to detect 100% of email sample formats according to RFC specifications.

More details and test results here: http://www.dominicsayers.com/isemail/


if (!(is_email($emailaddress))) {
die(‘Server side email address validation failed’);
}
else
{
if (($emailaddress==$emailaddressverify) && (!(empty($emailaddress))) && (!(empty($emailaddress)))) {

User entered correct email address in both text boxes, and not empty during PHP validation, and the email address is valid according to RFC specifications.

{mospagebreak title=HTML Form code, continued}

THIRD STAGE OF EMAIL ADDRESS VALIDATION: Confirming the reality and existence of email address and its user.

Generate activation code using MD5 for more random combinations.

$activationcode=md5(uniqid(rand()));

Assign $active=0 for unverified emails and user

$active=0;

MySQL real escape query for insert database variables for sanitization and security, but connect to database first.

include(‘databaseconnect.php’);
$emailaddress= mysql_real_escape_string($emailaddress);
$activationcode= mysql_real_escape_string($activationcode);
$active = mysql_real_escape_string($active);

Insert email,active status and activation code to MySQL database
Insert data into database table
If you have not create database table, you need to enter this query into your database:

CREATE TABLE `registered_email` (
`id` int(4) NOT NULL auto_increment,
`email` varchar(65) NOT NULL default ”,
`activationcode` varchar(65) NOT NULL default ”,
`active` int(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1
  
Your database table fields should look like the ones shown here, using phpMyAdmin: http://www.php-developer.org/screenshot/databasetablescreenshot.jpg

$sql="INSERT INTO registered_email(email, activationcode, active) VALUES(‘$emailaddress’, ‘$activationcode’, ‘$active’)";
$result=mysql_query($sql);

If successfully inserted data into database, send confirmation link to email.

More details about user email verification here: http://phpeasystep.com/phptu/24.html  

if ($result == TRUE){ 

 

Send mail form and configure the send e-mail “to” field …
$to=$emailaddress;

Your email subject:
$subject="Your confirmation link here";

Configure from:
$from = "From: Codex-m <codex_m@php-developer.org>";

Your message:
$message="Your Confirmation link rn";
$message.="Click on this link to activate your account rn";
$message.="http://www.php-developer.org/rfccompliantemailvalidator/confirmation.php?passkey=$activationcode";

Send email using php mail function
$sentmail = mail($to,$subject,$message,$from);
}

 

 

If your email sending has been successful

if($sentmail){

echo "Your Confirmation link Has Been Sent To Your Email Address. Please check your email and click the activation link to completely validate your email.";

}
else {
echo "Cannot send Confirmation link to your e-mail address";
}
}
else {

No posted values to PHP”

echo ‘No values posted to PHP.’;
}
}
}
}
?>
</body>
</html>

Confirmation.php file: Verifying user ownership of email address

<?php
This script will GET the passkey values from the URL and validate after the user clicks on the email verification link.Connect to MySQL database first:

include(‘databaseconnect.php’);

Get the passkey from email confirmation

$passkey=$_GET['passkey'];
if (!(empty($passkey))) {

Passkey is NOT empty, sanitize before MySQL query
$passkey= mysql_real_escape_string($passkey);

Query the email address verified using the passkey in the MySQL database

$sql1="SELECT email FROM registered_email WHERE activationcode =’$passkey’";
$result1=mysql_query($sql1);
$row = mysql_fetch_array($result1);
$emailaddressverified = $row['email'];

If successfully queried:

if (($result1 == TRUE) && (!(empty($emailaddressverified)))){

echo "Congratulations, the email address: $emailaddressverified has been successfully verified and it shows you are not a bot but a gentle human. Thank you for using this email validator.<br>";

Update active status from 0 to 1

$result2 = mysql_query("UPDATE registered_email SET active=’1′ WHERE activationcode =’$passkey’");
}
else {
Unsuccessful query
echo "Wrong activation code.";
}
}
else {
Empty passkey
echo "Empty activation code.";
}

More details about confirmation.php here: http://phpeasystep.com/phptu/24.html
Of course this script can be further improved to detect duplicate email entries in the database as well as other useful features.

?>

Databaseconnect.php file (Connection strings to MySQL database)

<?php

Protect direct file access

if (‘databaseconnect.php’ == basename($_SERVER['SCRIPT_FILENAME'])) {
     die (‘<h2>Unauthorized file access</h2>’);
}
else {
$host="Your MySQL database hostname"; // Host name
$username="Your MySQL database username"; // Mysql username
$password="Your MySQL database password"; // Mysql password
$db_name="Your MySQL database name"; // Database name

Connect to server and select database:

mysql_connect("$host", "$username", "$password")or die("cannot connect to server");

mysql_select_db("$db_name")or die("cannot select DB");

}

?>

Implementation Tips

You can see the fully working application here as well as a download link for complete working scripts: http://www.php-developer.org/rfccompliantemailvalidator/

To implement, at a minimum:

  1. Assign connection parameters for your MySQL database in databaseconnect.php.
  2.  Assign your own Recaptcha private and public key. If you do not have one, you can get your own key for free in http://www.google.com/recaptcha.
  3. Customize your email message in index.php (email TO and FROM, as well as your domain/website etc).
  4. Upload the folder rfccompliantemailvalidator to the root directory of your website.
  5. You should create a database table first, before testing your application. It should be defined in databaseconnect.php.

    The MySQL query to create the tables, fields, etc was discussed previously, along with related screen shots.
  6. Proceed with the testing and a little troubleshooting.
  7. Customize further to integrate the email validation scripts. Remove the default text  in the script and replace it with your own.

Google+ Comments

Google+ Comments