isemail validation

[lcollong]

Hi,

As per this trick : http://magazine.joomla.org/issues/i...e-email-used-on-multiple-joomla-user-accounts the "isemail" validation plugin should accept the "+". I use this in combination with the juser form plugin. For now it considers this syntax as an invalid email.

 

[jfquestiaux]

I suspect this article used Joomla 2.5 and does not work anymore with Joomla 3.x. The "isemail" uses the built-in Joomla validation, so if it does not accept "+", that means Joomla does not accept it either.
You could use a "regex" validation instead, but if the final destination is the "email" field in the #__users table, Joomla may still reject the address even if it passed the validation in the Fabrik form.

 

[lcollong]

Hi jf,

On a fresh J3.2 test drive install, I'am able to use this trick to add a new user with the same email as the SU... so, at least on this version, the joomla validation accept the "+"... Effectively, one could use regex validation to bypass this. Thanks.

 

[jfquestiaux]

Good to know. I noticed the behavior change in the email validation going from 2.5 to 3.0. I did not test since then, having switched to regex instead.

 

[cheesegrits]

Hi jf,

On a fresh J3.2 test drive install, I'am able to use this trick to add a new user with the same email as the SU... so, at least on this version, the joomla validation accept the "+"... Effectively, one could use regex validation to bypass this. Thanks.

Are you saying that our isemail now works in 3.2 with the + trick, or simply that you are able to add a J! user through J! (not involving Fabrik) and it works?

What email method do you have configured in J!? If you use sendmail, we actually apply two methods - J!'s isEmailAddress(), which uses this regex:

$allowed = 'A-Za-z0-9!#&*+=?_-';
$regex = "/^[$allowed][\.$allowed]{0,63}$/";

... which should allow a + (I just tested that regex, and it does allow it).

However, if you use sendmail as your method, we also apply PHPMailer::ValidateAddress(), as sendmail has a slightly different idea about what constitutes a "valid" address ... and off the top of my head I couldn't tell you if this regex:

        return (boolean)preg_match('/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[\t ])+|(?>[\t ]*\x0D\x0A)?[\t ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){8,})((?6)(?>:(?6)){0,6})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){6,})(?8)?::(?>((?6)(?>:(?6)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD', $address);

... allows a + or not, LOL! I tried to test it in Eclipse, but the regex parser blows up.

-- hugh[/php]

 

[cheesegrits]

I guess it's questionable whether we should use the PHPMailer test for the 'isemail' validation, regardless of what mail method you are using. On one hand, it makes sense, as there doesn't seem much point allowing an email which satisfies J!, but is going to fail if you try and run it through sendmail, and you are using sendmail.

But on the other hand, you may not care about that, and simply want something that J! will accept as an address, or for some other purpose that doesn't actually involve sending mail out through your system, and never mind whether it'll go through sendmail or not.

So we should probably add an option in 'isemail', to allow you to specify which checks to run on it. Perhaps a "Strict" option, which applies any mailer specific checks, and if not selected will just run it through the much less restrictive J! check.

-- hugh

 

[lcollong]

Hi Hugh,

Indeed, I did not yet installed Fabrik on my J3.2 test drive. So I just was able to add a new user with the same email as the SU with the "+" trick. The method used for the J! configuration is PHP Mail.
Your last suggestion sounds good. As JF mentioned it is possible to use php or regex to validate email on specific situation. I would think that the standard "isemail" validation should "stick" which whatever is acceptable by Joomla (through the jUser plugin in this particular case).
BTW, is there is any procecure of Fabrik plugin to effectively verify the email address (test the foreign pop server ?)

 

[rob]

I would think that the standard "isemail" validation should "stick" which whatever is acceptable by Joomla (through the jUser plugin in this particular case).

I think Hugh explained pretty well what we are doing, and why. We're following what Joomla does and additionaly not accepting if your server won't be able to send mail to the mail address.

BTW, is there is any procecure of Fabrik plugin to effectively verify the email address (test the foreign pop server ?)

There's already a lot of support work based on people not being able to send emails because their servers aren't set up correctly, the further we stray from what Joomla does the greater the confusion we generate with this validation rule. So I don't want to go down the route of attempting to test the foreign servers for the email validity.

 

[cheesegrits]

There is no way to test a recipient address, period. The ability to do this (the VRFY command in the SMTP protocol) was deprecated years ago, as it made spamming waaaay to easy. I don't think anyone has enabled VRFY on a publicly accessible mail server for at least 20 years.

All you can really do is confirm whether it is a valid domain, known to the DNS, and if there is a mail server for the domain currently up and running.

The only way to actually verify an email address is to send a verification email with a verification link in it (like J! has an option to do on registration), requiring a human response.

But no, we don't support any of that, although sending a custom verification email with a link and having a corresponding simple verification form (just a submit button, basically) would be easy enough to do with our existing plugins.

-- hugh

 

[cheesegrits]

NOTE - it would be relatively easy to test to see if the domain is valid and known to the DNS, and could be done either as a few lines in a custom PHP validation, or it might be worthwhile implementing it as a separate little validation plugin, like 'is_valid_domain'

-- hugh

 

[jfquestiaux]

AcyMailing, a very good newsletter extension for Joomla checks if the domain exists, although they report that some hosting company does not allow this kind of test.

 

[cheesegrits]

It would have to be a very, very restrictive hosting company to affect any kind of DNS lookup, although I'm sure some of the super low rent / "free" sites may rate limit their local resolvers, to throttle things like AcyMailing (thus preventing people from using super cheap J! hosting to run massive mailing lists), but even that could be worked around by using one of the widely available public resolvers.

Anyway ... bottom line, we're unlikely to change anything in the near future. For now if anyone needs to validate recipient addresses differently, or verify domains, it'll need to be done with a few lines of code in a PHP validation.

-- hugh