Hi all, I've got a paid-for web site hosted on geocities, and I guess I must be blind or something today, because the email address validation aspect of my script was working fine yesterday, but today its not working at all. Even if I put "wtf" in the email field, it gets passed through. Here's my code:

<label>E-mail Address</label>
<input tabindex="54" name="Email" type="text" maxlength="50" size="17" id="Email" /> <span style="color:red">*</span>

And PHP snippets:



if(($check_email_address == "yes") && (!empty($email))) {
	if(!check_email($email)) {
		include_dodosmail_header($dodosmail_header_file);
		echo "<fieldset><legend>Error</legend><p class=\"DodosMailError\"><br />Error - the email address ".dodosmail_error_handle($email)." is not valid!\n";
		echo "<br /><br /><a href=\"javascript:history.back(1)\">Go Back</a>\n";
		echo "</p></fieldset>\n";
		include_dodosmail_footer($dodosmail_footer_file);
		exit;
	}
}


/* ----------------------------------------------------------------------------------------- */

function check_email($email) {
	if( (preg_match('/(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/', $email)) ||
		(preg_match('/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/',$email)) ) {
		return true;
	}
	return false;
}

    Where do the variables in the first if expression get set? Are you sure they are set and have the expected values?

     if(($check_email_address == "yes") && (!empty($email))) {

      Well, $check_email_address gets set via the form, as you can see, but I have no clue where $email is suppose to get its value from. Of course, its value should be the persons literal email address I assume.

      <form id="form" name="form" class="forms" method="post" action="dodosmail.php">

<!-- these variables require customization -->
<input type="hidden" name="required_fields" value="FirstName,Email,Message" />
<input type="hidden" name="subject" value="Business ***************s E-mail Form" />
<input type="hidden" name="check_email_address" value="yes" />

<!-- indicate below that you will use captcha -->
<input type="hidden" name="use_dodos_captcha" value="yes" />

<!-- these variables are for error page and output page if you didn't choose to redirect -->
<input type="hidden" name="background_color" value="#000000" />
<input type="hidden" name="background_image" value="images/backdrop2.gif" />
<input type="hidden" name="text_color" value="#ffffff" />
<input type="hidden" name="link_color" value="#C000C0" />
<input type="hidden" name="visited_link_color" value="#0000C0" />
<input type="hidden" name="active_link_color" value="#0000C0" />
<input type="hidden" name="font_name" value="Verdana" />
<input type="hidden" name="font_size" value="2" />
<input type="hidden" name="dodosmail_header_file" value="dodoshead.php" />
<input type="hidden" name="dodosmail_footer_file" value="dodosfoot.php" />

<!-- the font color for highlighting required field -->
<input type="hidden" name="highlight_color" value="red" />

<!-- leave it blank if you don't have a css file or know what it is -->
<input type="hidden" name="css_file" value="style.css" />

<!-- these variables are for the auto response email sent to your sender, feel free to disable by putting a "no" in the first line -->
<input type="hidden" name="autoresponse" value="yes" />
<input type="hidden" name="owner_name" value="Business ***************s" />
<input type="hidden" name="response_subject" value="Thank you for your E-mail!" />
<input type="hidden" name="response_mail" value="This is an auto response to let you know that we have successfully received the E-mail you sent. Thank You!" />
<input type="hidden" name="after_url" value="thanks.htm" />

<fieldset>
<legend>Contact Information</legend>

<label>First name</label> 
<input tabindex="51" type="text" maxlength="50" size="17" name="FirstName" id="FirstName" /> <span style="color:red">*</span>
<br />
<label>Last name</label> 
<input tabindex="52" type="text" maxlength="50" size="17" name="LastName" id="LastName" />
<br />
<label>Company</label> 
<input tabindex="53" type="text" maxlength="50" size="17" name="Company" id="Company" />
<br />
<label>E-mail Address</label>
<input tabindex="54" type="text" maxlength="50" size="17" name="Email" id="Email" /> <span style="color:red">*</span>
<br />
<label>Daytime Phone</label>
<input tabindex="55" type="text" maxlength="16" size="17" name="Phone" id="Phone" class="TextBox" />
<br />
</fieldset>

<fieldset>
<legend>Subject</legend>

<div class="fl width25">
<input tabindex="56" id="rad1" type="radio" name="Message-type" value="Technical Support" checked="checked" /> Technical Support<br />

<input tabindex="57" id="rad2" type="radio" name="Message-type" value="Product Inquiries" /> Product Inquiries

</div>

<div class="fl">
<input tabindex="58" id="rad3" type="radio" name="Message-type" value="Business Development" /> Business Development<br />

<input tabindex="58" id="rad4" type="radio" name="Message-type" value="Other" /> Other
</div>
<br />
</fieldset>

<fieldset>
<legend>Question or Comment</legend>

<textarea tabindex="59" name="Message" id="Message" cols="50" rows="4" title="Detailed description of your question or comment."></textarea>
<br />
<strong>Spam protection</strong><br />
Enter the highlighted text <img 
src="dodoscaptcha.php?captchabgcolor=EEEEEE&amp;captchatextcolor=900000" 
style="vertical-align: middle" alt="" /> in this field:

<input type="text" name="use_dodos_captcha_typed" size="6" /> 
<br />
<input type="submit" name="Submit" value="Submit" />
<input type="reset" name="Reset" value="Clear Form" />

</fieldset>

</form>

      This is insane!! Also, phpbuilder seems to be throwing asterixes inside my code.

        Could be a case problem: in your form the field is named "Email" (first letter upper-case) but your variable $email is all lower-case.

          Wow. Amazingly, that did the trick. And its odd, because that variable seems to never be declared, or even have a null value set to it in the PHP script.

          Here's the script if you want to check it out for yourself, this $email variable is still a big mystery to me, but it seems to be working now.
          http://www.regretless.com/scripts/scripts.php#dodosmail

            You probably have register_globals enabled on your host. A more portable method would be to use the $_POST['Email'] variable, as that will always be available regardless of whether register_globals is enabled or not.

              Write a Reply...