Posted by Jim Michaels on 02/16/06 22:59

"johnny" <mr_one1999@yahoo.com> wrote in message
news:1137841194.100303.284830@g49g2000cwa.googlegroups.com...
> hi all,
>
> I have made a script to register contacts in a database with the double
> opt-in system.
>
> Anyway, when looking for some examples, I have found the following
> script which uses a md5 hash code to append on the confirm url sent by
> email to the registering user.
> I tried it but with no results. Don't you think is it missing anything
> ?
> How could it work without storing the hash code for the user in a
> database?
> To confirm a registration I think the script should look if the access
> key matches the one it already knows, shouldn't it ?
>
> Anyway I have no problem to insert into the database the hash code ,
> it's just I want to know if I am right to believe the following script
> was wrong .
>
> tia
>
> johnny
>
>
> here's the code
>
> <?
> /* Simple email validation by TDavid at http://www.tdscripts.com/
> for http://www.php-scripts.com/php_diary/011103.php3
> If you use this code then please do not remove this header
> */
>
> $from = $_REQUEST['e_addy'];
>
> // is the $from email address in valid format?
> if(eregi("([[:alnum:]\.\-]+)(\@[[:alnum:]\.\-]+\.+)", $from)) {


eregi will (because it's POSIX extended) not use the \ as escape but rather
treat them as a \ character. [:alnum:] will work though. \ in a POSIX
character class loses its significance (as I've recently learned). so strip
those out of the character classes. should be
if(eregi("([[:alnum:].-]+)(\@[[:alnum:].-]+\.+)", $from)) {

<?php if(eregi("[[:alnum:]]","z")) echo 1; else echo 0; ?>
1
<?php if(eregi("[\.\-]+","\\")) echo 1; else echo 0; ?>
1
maybe they were looking for preg_match instead.
<?php print preg_match("/[\.]/","\\") . "\n" . preg_match("/[.]/","z"); ?>
0
0
<?php print preg_match("/[\.]/","."); ?>
1

I dunno - loks like the validation thing might work.might need an <a
href=""></a> in the link and send the mail as html email though.

>
> // create the MD5 hash
> $secret_code = 'secret';
> $formatted_email = preg_replace("/(-|\@|\.)/", "", $from);
> $hashed = md5("$secret_code $formatted_email");
>
> // wait, are we verifying the email?
> if($_REQUEST['m'] != "") {
> // this is validation routine
> if($hashed == $_REQUEST['m']) {
> print("Congrats, you have successfully validated your email
> address. This is just a test and your email address has <b>not</b> been
> saved.");
> // add the email to your double opt-in list here
> exit;
> } else {
> print("Sorry, this email does not validate");
> }
> } else {
> // since we aren't validating then it is time to send out
> validation mail
>
> $mail_body = "To validate this email click the following
> link:\nhttp://www.php-scripts.com/php_diary/example37.php?e_addy=$from&m=$hashed";
>
> mail($from, "Validation Email", $mail_body, "From:
> example37@php-scripts.com\n");
> print("Please check your email <b>$from</b> for the test validation
> message");
> }
> } else {
> print("Sorry, this email address: <b>$from</b> doesn't seem to be in
> the right format.");
> }
> ?>
>

[Back to original message]