sanitize email address

zap0paz

$user_email = $wpdb->escape($_POST['landRegisterEmail']);
if (empty($user_email))
{
die($m_errorHead."You have to include your email!".$m_stReadErrorString.$m_errorTail);
}

how do I sanitize email address to be such name@domain.tld ?? because even you input name for email field, its enough :S I want it to work such as name@domain.tld

bradgrafelman

[man]filter_var/man using the FILTER_VALIDATE_EMAIL filter.

zap0paz

it did work! i used

var_dump(filter_var('bob@example.com', FILTER_VALIDATE_EMAIL));

however even after successful email input, success page comes with error message on top. why?

Derokorian

Can you show the code, as is with filter_var, and then maybe we can tell you why you are getting error now.

bradgrafelman

It might be helpful to also tell us what the error message says so that we know what it is we're supposed to help you with. 😉

zap0paz

<?php
get_header();
registerNow();
//get_sidebar();
function registerNow()
{
	global $wpdb,$table_prefix,$wp_version,$userdata,$current_user, $user_ID,$post,$wp_rewrite,$g_content;
	get_currentuserinfo();
	ob_start();

require_once(ABSPATH."/wp-includes/registration.php");
echo "<div id='left'>";

$errors = array();
nocache_headers();
$user_login = '';
$user_pass = '';
$confirm_pass = '';
$using_cookie = FALSE;
$m_siteurl = get_option('home');
$m_errorHead = '<div>';
$m_errorHead .=	'<h2>error:</h2><br />';
$m_errorHead .= "<hr><br />";
$m_errorTail = '</div>';
$m_srReadSuccessHead = 	'<br /><div>';
$m_srReadSuccessHead .=	'<h2>open an account</h2><br />';
$m_srReadSuccessTail = '</div>';

$m_registerURL1 = get_option('istifade')."/istifade/";
$m_registerURL = get_option('home')."/?s=Register";
$m_stReadErrorString = "<BR /> <BR />return<a href='".$m_registerURL."'>here</a><br /><br />";

if (isset($_POST['landRegisterUser']))
{
	$user_login = $wpdb->escape($_POST['landRegisterUser']);
	if (empty($user_login))
	{
		die($m_errorHead."input user".$m_stReadErrorString.$m_errorTail);
	}
	$user_login = sanitize_user( $user_login );
	$user_email = $wpdb->escape($_POST['landRegisterEmail']);

	if (empty($user_email))
	{
		die($m_errorHead."input email".$m_stReadErrorString.$m_errorTail);
	}	
	var_dump(filter_var('email@domain.com', FILTER_VALIDATE_EMAIL));

	$user_pass  = $wpdb->escape($_POST['landFirstPass']);

	if (empty($user_pass))
	{
		die($m_errorHead."enter pass".$m_stReadErrorString.$m_errorTail);
	}

	$confirm_pass = $wpdb->escape($_POST['landAgainPass']);
	if (empty($user_pass))
	{
		die($m_errorHead."postal code)".$m_stReadErrorString.$m_errorTail);
	}

	if (isset($user_login))
	{
		$table_name = $table_prefix . "users";
		$m_stSearchUserSql = "SELECT `ID`,`user_email`,`user_login` FROM `" .$table_name."` WHERE `user_login` = '".$user_login."' OR `user_email` = '".$user_email."' LIMIT 1";
		$m_stSearchUserResult = $wpdb->get_results($m_stSearchUserSql,ARRAY_A);
		if ((!(empty($m_stSearchUserResult[0]['ID']))) || (!(empty($m_stSearchUserResult[0]['user_email']))))
		{
			if ($m_stSearchUserResult[0]['user_email'] == $user_email)
			{
				die($m_errorHead."existing email".$m_stReadErrorString.$m_errorTail);
			}

			if (!(empty($m_stSearchUserResult[0]['ID'])))
			{
				die($m_errorHead."existing user".$m_stReadErrorString.$m_errorTail);
			}
		}
		else
		{
			$end_pass = md5($user_pass);
			$user_id = wp_create_user( $user_login, $end_pass, $user_email );
			if ( !$user_id )
			{
				die($m_errorHead."error.".$m_stReadErrorString.$m_errorTail);
			}
			else 
			{
				$m_table = $table_prefix."users";
				$m_sql = "update `".$m_table."` set  `user_pass` = '".$end_pass."' where `ID` = '".$user_id."'";
				$m_result = $wpdb->query($m_sql);
				$m_stSiteURL = get_option('home');
				$m_stSiteURL = str_replace("http://","",$m_stSiteURL);					
				$m_stSiteLink = get_option('home');
				$m_stTitle = "message".$m_stSiteURL."!";
				echo "<div class='tahomaset'>";$m_stMessage = "

				echo "</div>";
echo '<br />';
					echo "<div><h2>thanks!</h2>".$m_stMessage;
					echo "<div class='tahomaset'>";
					echo "your <a href='".get_option('home')."'> access </a>.";
					echo "<br />";
echo '<br />';

				echo "<br />";
				echo $m_srReadSuccessTail."</div>";
				echo "<div style='clear:both;'></div>";

				$nowUserInfo = get_userdata(1);
				$fromAdminMail = $nowUserInfo->user_email;
				$headers = "from: ". get_option("blogname") ." <" . $fromAdminMail . ">\r\n";

				$m_checkURL = get_option('home')."/?page_id=".get_option('land_email_confirm');
				$me_title = "thanks!";

				//mail($user_email,$me_title,$m_stMessage,$headers);
			}

		}
	}

}
else 
{
	echo '<br />';
	echo '<form id="registerFirstForm" action="" method="post">';
	//echo '<div style="width:350px;border:1px solid #ccc;background:#eee;margin:3px 0px 50px 0px;padding:20px 18px;font-size:12px;font-family: Arial,Verdana,Sans-Serif;">';
	echo "<div>";
	echo '<h2 style="color:#D2691E;font-size:14px;">register now:</h2>';
	echo '<br />';
echo '<br />';

	if ( FALSE == get_option('users_can_register') )
	{
		echo "<p>";
		echo "coming soon";
		echo "</p>";
		exit;
	}	
	else
	{
		echo "<table>";
		echo "<tr><td>email:</td></tr>";
		echo '<tr>';
		echo '<td><input type="text" id="landRegisterEmail" name="landRegisterEmail" class="regs" /></td></tr>';
		echo "<tr><td>user:</td></tr>";
		echo '<tr>';
		echo '<td><input type="text" id="landRegisterUser" name="landRegisterUser" class="regs" /></td></tr>';
		echo "<tr><td>pass:</td></tr>";
		echo '<tr>';
		echo '<td><input type="password" id="landFirstPass" name="landFirstPass" class="regs" /></td></tr>';
		echo "</table>";
		echo '<br />';
		echo '<input type="hidden" id="userHidden" name="userHidden" value="gizli" />';	
		echo '<button type="submit" id="usersubmit" name="usersubmit" value="Register" style="background-image:url(reg-button.png);width:130px;height:40px;margin-top:5px;"></button>';
		echo '<br /><br />';

	}
	echo "</div>";
	echo '</form>';

}
echo "</div>";
}

get_footer();
?>

zap0paz

and also how do I make password not to be same with the user login?

Derokorian

Well first off you're not testing anything with filter_var except for a static string, and you are not using the result of filter_var except to dump it to output. Second you have a syntax problem about halfway down. I added bb codes and previewed so i can see it highlighted and indented - you have an opening quote without closing so everything is off from that point on. You still haven't provided the error you are seeing tho so I'm not even sure if this is the problem you're having as of yet.

PS. WTB [NOPARSE]

[/NOPARSE] when posting code...

zap0paz

string(17) "email@example.com"

how do I debug and correct these errors?

bradgrafelman

zap0paz;10990529 wrote:
string(17) "email@example.com"

how do I debug and correct these errors?

What errors? You haven't shown us any errors.

zap0paz

it doesnt give error anymore, it just returns that message together with success message even an email is in fine format.

bradgrafelman

Well of course it's showing the first line... that's what [man]var_dump/man does. If you don't want that outputted to the screen, then don't call var_dump().

And unless you've changed the code (and if you have, why haven't you shown us the relevant code snippet after you've made changes?), you still aren't using filter_var() in any way that's going to be useful as Derokorian pointed out above.

zap0paz

var_dump(filter_var('email@domain.com', FILTER_VALIDATE_EMAIL)); if it is not the right way to use it, then could you explain and tell me how to use it please? I haven't changed anything...

Weedpacket

From [man]filter_var[/man]:

Returns the filtered data, or FALSE if the filter fails.

zap0paz

basically its fine then..however how can I hide the message when the filter is done its job.

bradgrafelman

Again, read Derokorian's and Weedpacket's posts above. You are not using the filter correctly.

If you don't want to see var_dump()'s output, then... don't call var_dump()!

You should be using [man]filter_var/man in an if() statement to check if it returns boolean FALSE (indicating the address wasn't valid).

zap0paz

no clue what should I do

zap0paz

I did something like this and it works fine.

function check_email_address($user_email) {
    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $user_email)) {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $user_email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++) {
         if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
            return false;
        }
    }    

    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
                return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++) {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
                return false;
            }
        }
    }
    return true;
}
if (check_email_address($user_email)) {
} else {
   die($m_errorHead. $user_email . ' do&#287;ru e-poçt adresi deyildir.'.$m_stReadErrorString.$m_errorTail);
		}

bradgrafelman

Well for one, there is a lot of use of separate regular expressions even when just one would do (granted, the single regexp pattern that matches RFC specs is tremendously long). But on top of that, note that the [man]ereg/man (and similar) functions have been deprecated for some time now in favor of the [man]PCRE[/man] functions.

However, none of that matters when you consider the speed and simplicity of your function above versus:

if (filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
	// email is valid
} else {
	// email is invalid
}

using the suggested [man]filter_var/man approach.

zap0paz

if (filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
    // email is valid
} else {
 die($m_errorHead. $user_email . ' is a wrong email address'.$m_stReadErrorString.$m_errorTail); 
}

so, this would replace my previous code and do the trick. Right?