Re: [PHP] Regex validation

2008-10-30 Thread Yeti 
ceo wrote:
>var_dump(imap_rfc822_parse_adrlist('"! # $ % &  * + - / = ? ^ _ ` { | } ~"', 
>''));
>This looks like a valid localhost email address to me...

It surely is a valid localhost email address, but what most people
(and the OP) usually need is to validate a full email string with a
local and a domain part.

What should be valid email addresses according to RFC 2822 [1]:
!#$%&*+-/=?^_`{|[EMAIL PROTECTED]
"@"@example.com

Not valid email addresses:
"\"@example.com
@@example.com
- [EMAIL PROTECTED]

Valid email addresses according to the Multipurpose Internet Mail
Extension (MIME) [2]:
[EMAIL PROTECTED]
[EMAIL PROTECTED]

So for people who got to write code that also works on PHP4 it is not
very easy to validate an email address.
Even nice regex attempts like [3] fail since more and more mail
servers support the MIME hieroglyphs.
That's why I was pretty excited about imap_rfc822_parse_adrlist(),
since it runs in PHP4 if installed.
Which clearly is no substitute for the PHP5+ filter functions [4].
If it's just my brain farting and there actually then tell me.

[1] http://www.faqs.org/rfcs/rfc2822.html
[2] http://en.wikipedia.org/wiki/MIME
[3] http://www.addedbytes.com/php/email-address-validation/
[4] http://in.php.net/filter

Re: [PHP] Regex validation

2008-10-30 Thread ceo 

var_dump(imap_rfc822_parse_adrlist('"! # $ % &  * + - / = ? ^ _ ` { | } ~"', 
'')); 



This looks like a valid localhost email address to me...



What's wrong with it?

:-v



You may want to check that "host" is non-empty, if you do not expect any 
localhost users, and fail on that condition, however.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-30 Thread Yeti 
After "ceo" posted about the imap function I was eager to try it out
and got rather disappointed pretty soon.
imap_rfc822_parse_adrlist() should not be used for email validation!

EXAMPLE:


The above code will output:

array(1) {
  [0]=>
  object(stdClass)(2) {
["mailbox"]=>
string(36) "! # $ % &  * + - / = ? ^ _ ` { | } ~"
["host"]=>
string(0) ""
  }
}

Although
"! # $ % &  * + - / = ? ^ _ ` { | } ~"@example.com
would be a valid email address!

Without the '@example.com' it is not.

Have a look at the user comments at [1], where one user has further examples.

[1] http://us.php.net/manual/en/function.imap-rfc822-parse-adrlist.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-29 Thread Yeti 
On Wed, Oct 29, 2008 at 5:36 AM,  <[EMAIL PROTECTED]> wrote:
>
> When it comes to email validation, I would recommend using the IMAP function 
> which will be both fast and correct:
>
> http://us.php.net/manual/en/function.imap-rfc822-parse-adrlist.php
>
> Otherwise, it's guaranteed that you are having at least some false positives, 
> and probably some false negatives.

Didn't know about those IMAP functions. And they even work in PHP4.
Thanks for telling.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-29 Thread ceo 

When it comes to email validation, I would recommend using the IMAP function 
which will be both fast and correct:



http://us.php.net/manual/en/function.imap-rfc822-parse-adrlist.php



Otherwise, it's guaranteed that you are having at least some false positives, 
and probably some false negatives.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-29 Thread Bastien Koert 
On Tue, Oct 28, 2008 at 8:57 PM, VamVan <[EMAIL PROTECTED]> wrote:

> SSO process:
>
> $_POST the Email Address and password
>
> Get Authenticated, Get the COOKIE ( Through Oracle IDM suite SOAP call)
>
> Decrypt the COOKIE ( Through Oracle Enterprise business suite SOAP call)
>
> and get the profile Info
>
> Thats what happens now.
>
> But there is a glitch in the decryption algorithm we currently have. And
> when we decrypt + or some thing else comes with funny characters and does
> not authenticate.
>
> So I need to restrict them for now. When the algorithm gets corrected then
> I
> will use standard RFC.
>
>
>
>
>
Are they not base64 encoded? I have had issues in decrypting elements that
were not base64 encoded as some characters would end up mimicing EOL or
otherwise dropping data

-- 

Bastien

Cat, the other other white meat

Re: [PHP] Regex validation

2008-10-28 Thread Micah Gersten 
How is anything but your webserver decrypting the $_POST data?  PHP
should get it after that as is.

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com



VamVan wrote:
> SSO process:
>
> $_POST the Email Address and password
>
> Get Authenticated, Get the COOKIE ( Through Oracle IDM suite SOAP call)
>
> Decrypt the COOKIE ( Through Oracle Enterprise business suite SOAP call)
>
> and get the profile Info
>
> Thats what happens now.
>
> But there is a glitch in the decryption algorithm we currently have. And
> when we decrypt + or some thing else comes with funny characters and does
> not authenticate.
>
> So I need to restrict them for now. When the algorithm gets corrected then I
> will use standard RFC.
>
>
>
>
> On Tue, Oct 28, 2008 at 5:41 PM, Micah Gersten <[EMAIL PROTECTED]> wrote:
>
>   
>> What are you talking about with a cookie and an E-Mail address?
>>
>> Thank you,
>> Micah Gersten
>> onShore Networks
>> Internal Developer
>> http://www.onshore.com
>>
>>
>>
>> VamVan wrote:
>> 
>>> Yeah, I understand that its allowed in RFC. But unfortunately I use
>>> SSO layer which decrypts the Cookie to get email address.
>>>
>>> This is where it messes up. So I have decided not to allow people to
>>> use that as well.
>>>
>>> Thanks
>>>
>>>
>>>   
>
>   

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread VamVan 
SSO process:

$_POST the Email Address and password

Get Authenticated, Get the COOKIE ( Through Oracle IDM suite SOAP call)

Decrypt the COOKIE ( Through Oracle Enterprise business suite SOAP call)

and get the profile Info

Thats what happens now.

But there is a glitch in the decryption algorithm we currently have. And
when we decrypt + or some thing else comes with funny characters and does
not authenticate.

So I need to restrict them for now. When the algorithm gets corrected then I
will use standard RFC.




On Tue, Oct 28, 2008 at 5:41 PM, Micah Gersten <[EMAIL PROTECTED]> wrote:

> What are you talking about with a cookie and an E-Mail address?
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> VamVan wrote:
> > Yeah, I understand that its allowed in RFC. But unfortunately I use
> > SSO layer which decrypts the Cookie to get email address.
> >
> > This is where it messes up. So I have decided not to allow people to
> > use that as well.
> >
> > Thanks
> >
> >
>

Re: [PHP] Regex validation

2008-10-28 Thread Micah Gersten 
What are you talking about with a cookie and an E-Mail address?

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com



VamVan wrote:
> Yeah, I understand that its allowed in RFC. But unfortunately I use
> SSO layer which decrypts the Cookie to get email address.
>
> This is where it messes up. So I have decided not to allow people to
> use that as well.
>
> Thanks
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread Lupus Michaelis 

VamVan a écrit :


This is where it messes up. So I have decided not to allow people to use
that as well.


  By that way, you're making a lot of ennemies on this very list :D

--
Mickaël Wolff aka Lupus Michaelis
http://lupusmic.org

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread VamVan 
Yeah, I understand that its allowed in RFC. But unfortunately I use SSO
layer which decrypts the Cookie to get email address.

This is where it messes up. So I have decided not to allow people to use
that as well.

Thanks

On Tue, Oct 28, 2008 at 5:10 PM, Ashley Sheridan
<[EMAIL PROTECTED]>wrote:

> On Tue, 2008-10-28 at 18:07 -0500, Micah Gersten wrote:
> > Keep in mind that ereg will disappear with PHP 6.  You might want to use
> > the preg functions:
> > http://www.making-the-web.com/2007/09/21/becoming-php-6-compatible/
> >
> > Thank you,
> > Micah Gersten
> > onShore Networks
> > Internal Developer
> > http://www.onshore.com
> >
> >
> >
> > VamVan wrote:
> > > Thank Guys,
> > >
> > > I at least got part of it working , not the double words but almost
> > > everything else than that:
> > >
> > > function _email_validate($mail_address){
> > >   $invalid_charset_pattern = "[(*+?)|~<>:;{}/ ]";
> > >   if(ereg($invalid_charset_pattern, $mail_address)){
> > > return false;
> > >   }else{
> > > return true;
> > >   }
> > > }
> > >
> > > Thanks for the inputs
> > >
> > > On Tue, Oct 28, 2008 at 3:31 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]
> > > > wrote:
> > >
> > > Good to know filter_var() exists in PHP5
> > >
> > > Unless you have PHP5 you better validate the string in the way of
> > > checking
> > > if it is fit's to your allowed characters and not checking if it
> > > contains
> > > the NOT allowed charaters.
> > >
> > > You better use: [a-z0-9A-Z\_\.]+ instead of
> > > [^\)\(\*\&[EMAIL PROTECTED] and I
> > > haven't started yet with the weirdy ones
> > >
> > > HTH,
> > > Nitsan
> > >
> > > On Wed, Oct 29, 2008 at 12:10 AM, Yeti <[EMAIL PROTECTED]
> > > > wrote:
> > >
> > > > > If your trying to filter E-Mail addresses, then filter_var is
> > > what you
> > > > > should use:
> > > > >
> > > > > http://php.net/filter_var
> > > >
> > > > If the OP (original poster) got PHP5+
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> > >
> >
> Also, according to the official spec, +, < and > are all valid email
> address characters.
>
>
> Ash
> www.ashleysheridan.co.uk
>
>

Re: [PHP] Regex validation

2008-10-28 Thread Ashley Sheridan 
On Tue, 2008-10-28 at 18:07 -0500, Micah Gersten wrote:
> Keep in mind that ereg will disappear with PHP 6.  You might want to use
> the preg functions:
> http://www.making-the-web.com/2007/09/21/becoming-php-6-compatible/
> 
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
> 
> 
> 
> VamVan wrote:
> > Thank Guys,
> >
> > I at least got part of it working , not the double words but almost
> > everything else than that:
> >
> > function _email_validate($mail_address){
> >   $invalid_charset_pattern = "[(*+?)|~<>:;{}/ ]";
> >   if(ereg($invalid_charset_pattern, $mail_address)){
> > return false;
> >   }else{
> > return true;
> >   }
> > }
> >
> > Thanks for the inputs
> >
> > On Tue, Oct 28, 2008 at 3:31 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]
> > > wrote:
> >
> > Good to know filter_var() exists in PHP5
> >
> > Unless you have PHP5 you better validate the string in the way of
> > checking
> > if it is fit's to your allowed characters and not checking if it
> > contains
> > the NOT allowed charaters.
> >
> > You better use: [a-z0-9A-Z\_\.]+ instead of
> > [^\)\(\*\&[EMAIL PROTECTED] and I
> > haven't started yet with the weirdy ones
> >
> > HTH,
> > Nitsan
> >
> > On Wed, Oct 29, 2008 at 12:10 AM, Yeti <[EMAIL PROTECTED]
> > > wrote:
> >
> > > > If your trying to filter E-Mail addresses, then filter_var is
> > what you
> > > > should use:
> > > >
> > > > http://php.net/filter_var
> > >
> > > If the OP (original poster) got PHP5+
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> >
> 
Also, according to the official spec, +, < and > are all valid email
address characters.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread Micah Gersten 
Keep in mind that ereg will disappear with PHP 6.  You might want to use
the preg functions:
http://www.making-the-web.com/2007/09/21/becoming-php-6-compatible/

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com



VamVan wrote:
> Thank Guys,
>
> I at least got part of it working , not the double words but almost
> everything else than that:
>
> function _email_validate($mail_address){
>   $invalid_charset_pattern = "[(*+?)|~<>:;{}/ ]";
>   if(ereg($invalid_charset_pattern, $mail_address)){
> return false;
>   }else{
> return true;
>   }
> }
>
> Thanks for the inputs
>
> On Tue, Oct 28, 2008 at 3:31 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]
> > wrote:
>
> Good to know filter_var() exists in PHP5
>
> Unless you have PHP5 you better validate the string in the way of
> checking
> if it is fit's to your allowed characters and not checking if it
> contains
> the NOT allowed charaters.
>
> You better use: [a-z0-9A-Z\_\.]+ instead of
> [^\)\(\*\&[EMAIL PROTECTED] and I
> haven't started yet with the weirdy ones
>
> HTH,
> Nitsan
>
> On Wed, Oct 29, 2008 at 12:10 AM, Yeti <[EMAIL PROTECTED]
> > wrote:
>
> > > If your trying to filter E-Mail addresses, then filter_var is
> what you
> > > should use:
> > >
> > > http://php.net/filter_var
> >
> > If the OP (original poster) got PHP5+
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread VamVan 
Thank Guys,

I at least got part of it working , not the double words but almost
everything else than that:

function _email_validate($mail_address){
  $invalid_charset_pattern = "[(*+?)|~<>:;{}/ ]";
  if(ereg($invalid_charset_pattern, $mail_address)){
return false;
  }else{
return true;
  }
}

Thanks for the inputs

On Tue, Oct 28, 2008 at 3:31 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:

> Good to know filter_var() exists in PHP5
>
> Unless you have PHP5 you better validate the string in the way of checking
> if it is fit's to your allowed characters and not checking if it contains
> the NOT allowed charaters.
>
> You better use: [a-z0-9A-Z\_\.]+ instead of [^\)\(\*\&[EMAIL PROTECTED] and
> I
> haven't started yet with the weirdy ones
>
> HTH,
> Nitsan
>
> On Wed, Oct 29, 2008 at 12:10 AM, Yeti <[EMAIL PROTECTED]> wrote:
>
> > > If your trying to filter E-Mail addresses, then filter_var is what you
> > > should use:
> > >
> > > http://php.net/filter_var
> >
> > If the OP (original poster) got PHP5+
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>

Re: [PHP] Regex validation

2008-10-28 Thread Nitsan Bin-Nun 
Good to know filter_var() exists in PHP5

Unless you have PHP5 you better validate the string in the way of checking
if it is fit's to your allowed characters and not checking if it contains
the NOT allowed charaters.

You better use: [a-z0-9A-Z\_\.]+ instead of [^\)\(\*\&[EMAIL PROTECTED] and I
haven't started yet with the weirdy ones

HTH,
Nitsan

On Wed, Oct 29, 2008 at 12:10 AM, Yeti <[EMAIL PROTECTED]> wrote:

> > If your trying to filter E-Mail addresses, then filter_var is what you
> > should use:
> >
> > http://php.net/filter_var
>
> If the OP (original poster) got PHP5+
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Regex validation

2008-10-28 Thread Yeti 
> If your trying to filter E-Mail addresses, then filter_var is what you
> should use:
>
> http://php.net/filter_var

If the OP (original poster) got PHP5+

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Regex validation

2008-10-28 Thread Boyd, Todd M. 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Richard Heyes
> Sent: Tuesday, October 28, 2008 4:30 PM
> To: VamVan
> Cc: php List
> Subject: Re: [PHP] Regex validation
> 
> > Hello Team of Nerds,
> 
> Not the best way  to start your request for help.
> 
> > I need help in writing a regular expression for this:
> >
> > invalid character set is:
> >
> >
>
INVALID_STRING={"/","*","+","(",")","'\'","<",">",",",":",";","~","..",
> ".@","@."};
> >
> > I want to a pregmatch for these characters on my whole email address
> and if
> > match is found I need to return false.
> 
> Based on what you've said, you might not need a regex, there may well
> be an str* function that you can use. Maybe strpos().

I thought so at first, but it appears the final 3 array members of
INVALID_STRING are two characters wide. That could, of course, be
handled with a different algorithm from the other, one-character
members.


Todd Boyd
Web Programmer



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread Micah Gersten 

VamVan wrote:
> Hello Team of Nerds,
>
> I need help in writing a regular expression for this:
>
> invalid character set is:
>
> INVALID_STRING={"/","*","+","(",")","'\'","<",">",",",":",";","~","..",".@","@."};
>
> I want to a pregmatch for these characters on my whole email address and if
> match is found I need to return false.
>
> Thank you
>
>   

If your trying to filter E-Mail addresses, then filter_var is what you
should use:

http://php.net/filter_var

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread Richard Heyes 
> Hello Team of Nerds,

Not the best way  to start your request for help.

> I need help in writing a regular expression for this:
>
> invalid character set is:
>
> INVALID_STRING={"/","*","+","(",")","'\'","<",">",",",":",";","~","..",".@","@."};
>
> I want to a pregmatch for these characters on my whole email address and if
> match is found I need to return false.

Based on what you've said, you might not need a regex, there may well
be an str* function that you can use. Maybe strpos().

-- 
Richard Heyes

HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org (Updated October 25th)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex validation

2008-10-28 Thread Daniel P. Brown 
On Tue, Oct 28, 2008 at 4:10 PM, VamVan <[EMAIL PROTECTED]> wrote:
> Hello Team of Nerds,
>
> I need help in writing a regular expression for this:
>
> invalid character set is:
>
> INVALID_STRING={"/","*","+","(",")","'\'","<",">",",",":",";","~","..",".@","@."};

Then you need to STFW and RTFM.  PHP uses Perl-style regexp's, by the way.

The best place to start, in my opinion, and a site you should
bookmark, is Jan Goyvaerts'[1] site.  He's done a fantastic job for
people of varying degrees of /regexpertise/:

http://www.regular-expressions.info/


1: [MEDIA] http://www.just-great-software.com/special/JanGoyvaerts.wav

-- 

http://www.parasane.net/ [New Look]
[EMAIL PROTECTED] || [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Regex validation

2008-10-28 Thread VamVan 
Hello Team of Nerds,

I need help in writing a regular expression for this:

invalid character set is:

INVALID_STRING={"/","*","+","(",")","'\'","<",">",",",":",";","~","..",".@","@."};

I want to a pregmatch for these characters on my whole email address and if
match is found I need to return false.

Thank you