Avatar

".email" email address error on sign up (General)

by Auge ⌂ @, Wednesday, August 16, 2017, 09:33 (95 days ago) @ Magma
edited by Auge, Monday, August 28, 2017, 07:11

I have a user trying to register with a

.email

domain email address and a error keeps coming up "The e-mail address is invalid"


Is there a list of forbidden email domains in the script or why is this error coming up?

No, there isn't. The register-an-user-script checks for the string length of the given e-mail-address, if the e-mail-address is always present in the database, if the e-mail-address is valid or not, and if it's part of the Stop-Forum-Spam-list.

The check for validity is the point of your problem. It calls the function is_valid_email, where the given address is checked against a regular expression.

The following explanation is more for me and the audience at all than explicitely for you. Check my comments for part 3 for the solution.

The regular expression:

^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$

Part 1:

^([\w-\.]+)@

Starting the string (^), allow alphanumerical chars including the underscore (w = a-z, A-Z, 0-9, _), hyphens (-) and dots (.) in the local part of the address and end the local part with the @.

Part 2:

((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))

Either (\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.) three groups of ciphers ([0-9]) with a length between one and three chars ({1,3}) separated by dots (.), ending the block with a dot (.).

These are the first three blocks of an IPv4-address. But that allows illegal blocks (i.e. 489). Allowed is the range from 0 to 255.

Or (|) (([\w-]+\.)+) allow alphanumerical chars including the underscore (w = a-z, A-Z, 0-9, _) and hyphens (-), ending the block with a dot (.).

This are the allowed chars in a domain name.

Part 3:

([a-zA-Z]{2,4}|[0-9]{1,3})

Either [a-zA-Z]{2,4} allow alphabetical chars (a-z, A-Z) with a length of two to four chars ({2,4}).

These chars are allowed in top level domains. And this is also the block that causes your problem because the limitation of two to four chars ({2,4}) is invalid. Correct is a length limitation of two or more chars ({2,} without an explicit maximum limit)

I'll fix it for the next release but you can edit the file includes/functions.inc.php line #380 and change the line from ...

  if(!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/", $email))

... to ...

  if(!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email))

Please be aware of the several other places, where similar checks are provided and where the regular expression has also to be checked for the case that the check is performed without this function! On the other hand PHP provides with filter_var a much more proper function that can amongst other check for the validity of an e-mail-address (first example).

Back to topic:

Second option for the block that completes the address [0-9]{1,3} is a group of ciphers ([0-9]) with a length between one and three chars ({1,3}).

This is the last block of an IPv4-address.

Part 4:

(\]?)$

None ore one char "]" ((\]?)) and the definitive end of the given address string ($).

@Milo: I suggest to change from regex to filter_var with the next main version, which is 2.5.

Tschö, Auge

--
further development of mlf1


Complete thread:

 RSS Feed of thread

powered by my little forum