Avatar

".email" email address error on sign up (General)

by Magma, Tuesday, August 15, 2017, 19:24 (2417 days ago)

I have a user trying to register with a

.email

domain email address and a error keeps coming up "The e-mail address is invalid"


Is there a list of forbidden email domains in the script or why is this error coming up?

Thanks

Avatar

".email" email address error on sign up

by Auge ⌂, Wednesday, August 16, 2017, 09:33 (2416 days ago) @ Magma
edited by Auge, Monday, August 28, 2017, 07:11

I have a user trying to register with a

.email

domain email address and a error keeps coming up "The e-mail address is invalid"


Is there a list of forbidden email domains in the script or why is this error coming up?

No, there isn't. The register-an-user-script checks for the string length of the given e-mail-address, if the e-mail-address is always present in the database, if the e-mail-address is valid or not, and if it's part of the Stop-Forum-Spam-list.

The check for validity is the point of your problem. It calls the function is_valid_email, where the given address is checked against a regular expression.

The following explanation is more for me and the audience at all than explicitely for you. Check my comments for part 3 for the solution.

The regular expression:

^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$

Part 1:

^([\w-\.]+)@

Starting the string (^), allow alphanumerical chars including the underscore (w = a-z, A-Z, 0-9, _), hyphens (-) and dots (.) in the local part of the address and end the local part with the @.

Part 2:

((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))

Either (\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.) three groups of ciphers ([0-9]) with a length between one and three chars ({1,3}) separated by dots (.), ending the block with a dot (.).

These are the first three blocks of an IPv4-address. But that allows illegal blocks (i.e. 489). Allowed is the range from 0 to 255.

Or (|) (([\w-]+\.)+) allow alphanumerical chars including the underscore (w = a-z, A-Z, 0-9, _) and hyphens (-), ending the block with a dot (.).

This are the allowed chars in a domain name.

Part 3:

([a-zA-Z]{2,4}|[0-9]{1,3})

Either [a-zA-Z]{2,4} allow alphabetical chars (a-z, A-Z) with a length of two to four chars ({2,4}).

These chars are allowed in top level domains. And this is also the block that causes your problem because the limitation of two to four chars ({2,4}) is invalid. Correct is a length limitation of two or more chars ({2,} without an explicit maximum limit)

I'll fix it for the next release but you can edit the file includes/functions.inc.php line #380 and change the line from ...

  if(!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/", $email))

... to ...

  if(!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email))

Please be aware of the several other places, where similar checks are provided and where the regular expression has also to be checked for the case that the check is performed without this function! On the other hand PHP provides with filter_var a much more proper function that can amongst other check for the validity of an e-mail-address (first example).

Back to topic:

Second option for the block that completes the address [0-9]{1,3} is a group of ciphers ([0-9]) with a length between one and three chars ({1,3}).

This is the last block of an IPv4-address.

Part 4:

(\]?)$

None ore one char "]" ((\]?)) and the definitive end of the given address string ($).

@Milo: I suggest to change from regex to filter_var with the next main version, which is 2.5.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

".email" email address error on sign up

by Magma, Wednesday, August 16, 2017, 11:17 (2416 days ago) @ Auge

Thanks for your reply, I will wait until 2.5 is released. He seems to be the only person ever since using MLF to try to sign up with .email address.

Avatar

".email" email address error on sign up

by Auge ⌂, Wednesday, August 16, 2017, 11:55 (2416 days ago) @ Magma

Hello

Thanks for your reply, I will wait until 2.5 is released. He seems to be the only person ever since using MLF to try to sign up with .email address.

Err, you misunderstood me. I'll fix the issue in the old manner in 2.4.4 as I described and as you could do it yourself (if you want to do it). For version 2.5 I propose a change to a different function to perform the check. We didn't define a deadline for version 2.5, so you would wait without a time horizon for the change in 2.5.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

".email" email address error on sign up

by Micha ⌂, Friday, August 25, 2017, 09:32 (2407 days ago) @ Auge

Hello,

@Milo: I suggest to change from regex to filter_vars with the next main version, which is 2.5.

Why waiting for a simple modification? Just do it. ;-)

function is_valid_email($email) {
  $email = filter_var($email, FILTER_SANITIZE_EMAIL);
  return (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) && !contains_invalid_string($email);
}


/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

".email" email address error on sign up

by Auge ⌂, Friday, August 25, 2017, 09:47 (2407 days ago) @ Micha

Hello,

@Milo: I suggest to change from regex to filter_vars with the next main version, which is 2.5.


Why waiting for a simple modification? Just do it. ;-)

:-) Will do it on WE.

function is_valid_email($email) {
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
return (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) && !contains_invalid_string($email);
}


Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

".email" email address error on sign up

by Auge ⌂, Monday, August 28, 2017, 08:31 (2404 days ago) @ Micha

Hello

I've questions about your code example.

function is_valid_email($email) {
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

So far, so good.

  return (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) && !contains_invalid_string($email);
}

I might be wrong or not awakened enough, but this construct is IMHO a bit weird. The function filter_var returns the filtered variable content or false. The function contains_invalid_string returns true or false. But …

1. … this function can't find invalid chars, when filter_var sanitized the input string before in it's first call.
2. What should be returned? The two functions can return three possible states (the functions (in this combination) returns one of the following states: true, false or a string).

It's a bit perplexing for me. Either the check for invalid chars checks the original string and rejects invalid input (then without sanitizing it before) or the string will be sanitized (what can change the input) but then checking for invalid chars afterwards is senseless. Not only, because there should be no invalid chars after the sanitizing but also because the possible changes of the input. We can't identify deliberately bad input after sanitizing the string but IMHO we should be able to do so.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

".email" email address error on sign up

by Micha ⌂, Monday, August 28, 2017, 11:13 (2404 days ago) @ Auge

Hi,

  return (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) && !contains_invalid_string($email);
}

2. What should be returned? The two functions can return three possible states (the functions (in this combination) returns one of the following states: true, false or a string).

No, only true or false are possible return values.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

RSS Feed of thread