this can be used as an intermediate 'patch' util there is a validation
system in place.
the extra check is to verify that the domain part of a correctly
formatted email address is existing and in use. this will not at all
stop spammers since they can use bogus emails with valid domain parts
---
web/lib/aur.inc.php | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index c662b80..001f23f 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -80,7 +80,18 @@ function check_sid($dbh=NULL) {
# verify that an email address looks like it is legitimate
#
function valid_email($addy) {
- return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false);
+ // check against RFC 3696
+ if(filter_var($addy, FILTER_VALIDATE_EMAIL) === false) {
+ return false;
+ }
+
+ // check dns for mx, a, aaaa records
+ list($local, $domain) = explode('@', $addy);
+ if(! (checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') ||
checkdnsrr($domain, 'AAAA'))) {
+ return false;
+ }
+
+ return true;
}
# a new seed value for mt_srand()
--
1.7.9.1
