Cannot register, always get: The e-mail address is invalid (General)

by shian ⌂ @, Sunday, February 02, 2020, 16:36 (1506 days ago)
edited by shian, Sunday, February 02, 2020, 16:44

- I've installed the forum (mylittleforum-2.4.20) at https://www.rapideuphoria311.com/forum/

- I've created my admin account (of course)

- I'm using PHP version 7.4 (should I try with version 5.6?)

- I've tried to register with other name/email (with/without spam protection),
but ALWAYS get the same error message: "The e-mail address is invalid".

I'm using a valid-real email address and valid registration details.

WHAT IS THE PROBLEM? Why can't I register to my own forum? It looks like a bug...

P.s. the my little forum looks just great!

Thank you,
shian

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Sunday, February 02, 2020, 18:04 (1506 days ago) @ shian

Actually... also in "E-mail to the forum administrator" I get the same error message: The e-mail address is invalid

Maybe the e-mail field in all forms has a problem...?

Forum: https://www.rapideuphoria311.com/forum/

Avatar

Cannot register, always get: The e-mail address is invalid

by Micha ⌂, Sunday, February 02, 2020, 19:10 (1506 days ago) @ shian

Hello,

I'm using a valid-real email address and valid registration details.

Did you try several addresses (different providers)?

WHAT IS THE PROBLEM? Why can't I register to my own forum? It looks like a bug...

We changed the validation process some months ago... Maybe you problem is related to such changes, cf. Auge's comment:

Only as a note.

There is a further restriction. filter_var does not support IDN (domain names with non latin chars) because the filter is based on RFC 822 which is from 1982. I don't know if IDN domains are in common use for e-mail-addresses (it's not the case in Germany) but it could possibly break in some countries. Thatswhy we did not switch to filter_var until now.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Sunday, February 02, 2020, 20:42 (1506 days ago) @ Micha
edited by shian, Sunday, February 02, 2020, 21:13

Yes, I did try to enter e-mails of few domains (gmail, yahoo, rapideuphoria311.com).

All e-mails, including @rapideuphoria311.com are using only (7-bit) ASCII characters (I assume that digits 0-9 are included...).

I've also cleared my browser's cache completely, and restarted it (Firefox).

The installation of the forum was easy and fast, and everything else works...!

Are there any restrictions of length of passwords, database name, etc?
Are the characters '_'; '-'; '0-9'; 'a-z'; 'A-Z' can be used for all purposes?
In the "phpMyAdmin" there is a setting for "Server connection collation": 'utf8mb4_unicode_ci'
The database name is: 'rapideup_mylittleforum-2.4.20'
Database user name has '_' in it.

P.s.
I'm not a PHP programmer, I can only follow instructions as needed.
Therefore I cannot really look at the code by myself.

Thank you, shian

OK - I will delete the forum and create it again...

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Sunday, February 02, 2020, 22:20 (1506 days ago) @ shian

Now it's OK. (It works!).

The problem was that I was using PHP version 7.4;
When I switched to PHP version 5.6 and then installed everything from the beginning - I could register immediately a new user without any error.

Now I'll continue to use the forum and hopefully everything will work fine... let's see.

Thanks a lot, shian.

Avatar

Cannot register, always get: The e-mail address is invalid

by Auge ⌂, Monday, February 03, 2020, 07:55 (1506 days ago) @ shian

Hello

Now it's OK. (It works!).

The problem was that I was using PHP version 7.4;
When I switched to PHP version 5.6 and then installed everything from the beginning - I could register immediately a new user without any error.

Thank you for your patience and tests. When you was unable to send e-mails through the forum script with PHP 7.4, we can assume, anyone else will not be able to do so. We will have to search for the issue. Please stay tuned for possible questions.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Monday, February 03, 2020, 12:34 (1506 days ago) @ Auge

Thank you for your patience and tests. When you was unable to send e-mails through the forum script with PHP 7.4, we can assume, anyone else will not be able to do so. We will have to search for the issue. Please stay tuned for possible questions.

I will... What if my host will drop support for PHP 5...?
And by the way, will it be possible to switch back to use PHP 7.x, using the same database? This is all a mystery for me.

Avatar

Cannot register, always get: The e-mail address is invalid

by Auge ⌂, Monday, February 03, 2020, 10:00 (1506 days ago) @ shian

Hello

I try to answer your questions but one thing beforehand. Micha mentioned a change in the process of e-mail-address validation. This change from a regular expression to the function filter_var happens with My Little Forum 2.5 but is not part of any subversion of the 2.4-branch. So your version 2.4.20 works the old way with a regular expression and a function that checks for invalid chars and strings like '<', '>', '\', '"', 'expression(', 'javascript', 'file', 'data' or 'jar'.

Yes, I did try to enter e-mails of few domains (gmail, yahoo, rapideuphoria311.com).

All services use the latin alphabet and ".com" als top level domain (TLD) so this should be no problem.

All e-mails, including @rapideuphoria311.com are using only (7-bit) ASCII characters (I assume that digits 0-9 are included...).

Also that should be no problem.

Are there any restrictions of length of passwords, database name, etc?

There are no restrictions for the database connection related data from the side of the script. If there would be restrictions these restrictions would be originated in the database server in itself (like i.e. the maximal length of table names).

Are the characters '_'; '-'; '0-9'; 'a-z'; 'A-Z' can be used for all purposes?

Yes, these chars can be used everywhere.

In the "phpMyAdmin" there is a setting for "Server connection collation": 'utf8mb4_unicode_ci'

No problem. Our script resets the connection collation to "utf8_general_ci". because of that the default value does not come into the play.

The database name is: 'rapideup_mylittleforum-2.4.20'
Database user name has '_' in it.

No problem at all.

But nothing of that has anything to do with the e-mail-address validation.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Monday, February 03, 2020, 12:38 (1506 days ago) @ Auge

I try to answer your questions [...]

Thank you :tick: , shian.

Cannot register, always get: The e-mail address is invalid

by WorldofBB, Tuesday, February 04, 2020, 22:55 (1504 days ago) @ Auge

I actually sent you an e-mail about this on January 2nd because the issue also affects the addons forum at:

https://projekt-mlf.de/forum/

I sent the e-mail to the address listed as the contact page listed on the bottom of the main page of the addons site.

Basically, this is the issue that is discussed in this thread:

https://mylittleforum.net/forum/index.php?id=11780

It can be resolved by making the code change on line 393 in functions.inc.php from

if (!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email))

to

if  ( ! filter_var ( $ email , FILTER_VALIDATE_EMAIL ) )  {

What I had found was that the problem doesn't appear to be anything to do with the code change in 2.4.20 - it affects any version of mylittleforum 2.4x when using any version of php 7.3 or higher.

So whatever caused the issue was code changes in php 7.3, and it appears to affect all versions of mlf 2.x that use that function. The solution for me was to either make that code change or to revert the version of php on the server to 7.2 or lower.

Cannot register, always get: The e-mail address is invalid

by WorldofBB, Tuesday, February 04, 2020, 23:39 (1504 days ago) @ WorldofBB
edited by WorldofBB, Wednesday, February 05, 2020, 00:16

Quick follow-up:

Keeping in mind that my knowledge of php is VERY limited, I looked into this a little further and the problem appears to be the migration from PCRE to PCRE2 in php 7.3

According to the changelog for version 10.33 of PCRE2

https://www.pcre.org/changelog.txt

26. With PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL set, escape sequences such as \s
which are valid in character classes, but not as the end of ranges, were being
treated as literals. An example is [_-\s] (but not [\s-_] because that gave an
error at the *start* of a range). Now an "invalid range" error is given
independently of PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL.

27. Related to 26 above, PCRE2_BAD_ESCAPE_IS_LITERAL was affecting known escape
sequences such as \eX when they appeared invalidly in a character class. Now
the option applies only to unrecognized or malformed escape sequences.

With php 7.3 - PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL is set to false.

So as of php 7.3, PCRE2 is more strict in pattern validations. So hyphens now need to be escaped or put at the beginning or the end of a character class.

https://wiki.php.net/rfc/pcre2-migration#backward_incompatible_changes

After running a quick test, it would seem that escaping the hyphen does seem to resolve the problem in php 7.3. Replacing line 393 in functions.inc.php with the following code appears to resolve the issue as well:

if (!preg_match("/^([\w\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email)) {

Avatar

Cannot register, always get: The e-mail address is invalid

by Auge ⌂, Wednesday, February 05, 2020, 10:16 (1504 days ago) @ WorldofBB

Hello

So as of php 7.3, PCRE2 is more strict in pattern validations. So hyphens now need to be escaped or put at the beginning or the end of a character class.

After running a quick test, it would seem that escaping the hyphen does seem to resolve the problem in php 7.3. Replacing line 393 in functions.inc.php with the following code appears to resolve the issue as well:

if (!preg_match("/^([\w\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email)) {

I've two questions about it (I myself have problems with understandig of regular expressions).

1. The syntax checks are more strict with PRCE2 which was introduced with PHP 7.3. Is it possible that the more strict syntax rules break the code in older PHP versions (up to 7.2.x) that use PRCE1?

"/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/"
"/^([\w\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/"

2. In the first block (([\w-\.]+) versus ([\w\-\.]+)) you masked the hyphen (-) with a backslash. In the block for the domain name the hyphen got not masked only because it is at the end of the rule ((([\w-]+\.)+)); for this see your sentence: "So hyphens now need to be escaped or put at the beginning or the end of a character class.")?

Thank you again for your investigations.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Cannot register, always get: The e-mail address is invalid

by WorldofBB, Wednesday, February 05, 2020, 12:01 (1504 days ago) @ Auge
edited by WorldofBB, Wednesday, February 05, 2020, 12:06

Hello

So as of php 7.3, PCRE2 is more strict in pattern validations. So hyphens now need to be escaped or put at the beginning or the end of a character class.

After running a quick test, it would seem that escaping the hyphen does seem to resolve the problem in php 7.3. Replacing line 393 in functions.inc.php with the following code appears to resolve the issue as well:

if (!preg_match("/^([\w\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email)) {


I've two questions about it (I myself have problems with understandig of regular expressions).

1. The syntax checks are more strict with PRCE2 which was introduced with PHP 7.3. Is it possible that the more strict syntax rules break the code in older PHP versions (up to 7.2.x) that use PRCE1?

As far as I understand it, the problem is that PCRE1 was way more forgiving of syntax errors than PCRE2 is, so unless a hyphen was at the beginning or the end of a character class, then it is always supposed to be escaped if it is supposed to be taken as a literal hyphen and not part of a range. PCRE1 would assume that an unescaped hyphen was literal if it caused a syntax error whereas PCRE2 no longer assumes that an unescaped hyphen was intended to be a literal hyphen. As of 10.33 it will always follow the syntax as written, and it will no longer assume a hyphen was meant to be taken as literal if it does not follow the correct syntax.

Since PCRE follows Perl behaviour, it is documented like this:

The minus (hyphen) character can be used to specify a range of characters in a character class. For example, [d-m] matches any letter between d and m, inclusive. If a minus character is required in a class, it must be escaped with a backslash or appear in a position where it cannot be interpreted as indicating a range, typically as the first or last character in the class, or immediately after a range. For example, [b-d-z] matches letters in the range b to d, a hyphen character, or z.

"/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/"
"/^([\w\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/"

2. In the first block (([\w-\.]+) versus ([\w\-\.]+)) you masked the hyphen (-) with a backslash. In the block for the domain name the hyphen got not masked only because it is at the end of the rule ((([\w-]+\.)+)); for this see your sentence: "So hyphens now need to be escaped or put at the beginning or the end of a character class.")?

Correct. A hyphen that cannot be syntactically part of a range will still be interpreted as literal, so there is no need to escape the hyphen at the beginning or the end of the character class (Or immediately after a range such as the example above [b-d-z]). But if the hyphen appears anywhere else, it will now ALWAYS be considered part of a range if it isn't escaped with a backslash, and it will always throw up an error - whereas that same code in php 7.2 and earlier would not have.

At least, that's the way that I understand it.

Thank you again for your investigations.

Tschö, Auge

I'm happy to help in any way that I can.

Thank you for all of the time and effort you've put into this forum over the years, it is very much appreciated.

Avatar

Cannot register, always get: The e-mail address is invalid

by Auge ⌂, Wednesday, February 05, 2020, 09:19 (1504 days ago) @ WorldofBB

I actually sent you an e-mail about this on January 2nd because the issue also affects the addons forum at:

https://projekt-mlf.de/forum/

I sent the e-mail to the address listed as the contact page listed on the bottom of the main page of the addons site.

OMFG! I'm sorry, I found your e-mail in the spam filter of my mail client. :-(

Basically, this is the issue that is discussed in this thread:

https://mylittleforum.net/forum/index.php?id=11780

It can be resolved by making the code change on line 393 in functions.inc.php from

if (!preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,}|[0-9]{1,3})(\]?)$/", $email))

to

if  ( ! filter_var ( $ email , FILTER_VALIDATE_EMAIL ) )  {

We changed that for MLF 2.5 but did not change it for the 2.4-branch.

So whatever caused the issue was code changes in php 7.3, and it appears to affect all versions of mlf 2.x that use that function.

And now I know, why you hit the trap in my forum. I changed from PHP 7.2 to 7.3 approximately two months ago and everything I tested worked. But I did not test every single function of the software.

The solution for me was to either make that code change or to revert the version of php on the server to 7.2 or lower.

I will add this information to the release page. Thank you for your investigation.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Wednesday, February 05, 2020, 14:11 (1504 days ago) @ Auge

The solution for me was to either make that code change or to revert the version of php on the server to 7.2 or lower.


I will add this information to the release page. Thank you for your investigation.

Tschö, Auge

Great.

Sorry for nagging:
last time I've changed the PHP version, mlf could not connect to the SQL database (I got an error so I had to reinstall the forum).

So now I want to try to switch back the PHP version from 5.6 to 7.2: are there any specific rules that I must follow? (I know nothing about PHP).

Thank you, shian.

Cannot register, always get: The e-mail address is invalid

by shian ⌂ @, Wednesday, February 05, 2020, 16:21 (1503 days ago) @ shian

last time I've changed the PHP version, mlf could not connect to the SQL database (I got an error so I had to reinstall the forum).

OK, solved.

Using mylittleforum-2.4.20.

Switching PHP version from 7.4 to 5.6 leads to an error (cannot connect to SQL database).

But switching PHP version from 5.6 to 7.2 works (apparently) without any problem.

Thank you - great software honestly, I've tried at least 10 forums, but this one, MLF, is the real deal.

shian.

RSS Feed of thread