validate email addresses to see if the hostnames actually resolve before committing...

diff --git a/boot.php b/boot.php
index baf1f4812125b9b1a210d062dc38d1ab51f7b71a..c90d05130527c9fdd2a2e1554b9c7b2af220d476 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -1160,13 +1160,25 @@ function validate_url(&$url) {
                $url = 'http://' . $url;
        $h = parse_url($url);
 
-       if(! $h) {
-               return false;
+       if(($h) && (checkdnsrr($h['host'], 'ANY'))) {
+               return true;
        }
-       if(! checkdnsrr($h['host'], 'ANY')) {
+       return false;
+}}
+
+// checks that email is an actual resolvable internet address
+
+if(! function_exists('validate_email')) {
+function validate_email($addr) {
+
+       if(! strpos($addr,'@'))
                return false;
+       $h = substr($addr,strpos($addr,'@') + 1);
+
+       if(($h) && (checkdnsrr($h, 'ANY'))) {
+               return true;
        }
-       return true;
+       return false;
 }}
 
 // Check $url against our list of allowed sites,

diff --git a/mod/register.php b/mod/register.php
index 773d5536406a6961e6eff03d4857f36bdbcb8212..12d27482b3bb0861411cfc7919893ef096cc942c 100644 (file)
--- a/mod/register.php
+++ b/mod/register.php
@@ -65,10 +65,9 @@ function register_post(&$a) {
        if(! allowed_email($email))
                        $err .= t('Your email domain is not among those allowed on this site.') . EOL;
 
-       if(! valid_email($email))
+       if((! valid_email($email)) || (! validate_email($email)))
                $err .= t('Not a valid email address.') . EOL;
 
-
        $nickname = $_POST['nickname'] = strtolower($nickname);
 
        if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))