Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know there is a best method which called "PREG MATCH" in php programming language. I want to know is there any other method in php for validation? and which is the best? what method I practice as a pro php developer? Thank you all :)
As mentioned above in the comment, it's situational.
Most of PHP Frameworks have its own validation methods for e-mails and other types of data, yet these methods usually rely on regular expressions ("PREG MATCH") and do additional checks (if the domain has any DNS entry, etc.).
Also, PHP has built-in function filter_var() (http://php.net/manual/en/function.filter-var.php). It should return false if the provided string is not valid e-mail address, but unfortunately it is not always reliable.
You can always use Symfony Validator component without the framework: https://symfony.com/doc/current/validation.html
You cannot figure out if an email address is valid by looking at its format. If you try, you will make a mistake that makes it impossible for certain people to register even when using valid email addresses.
It's easy enough to look for addresses of the form something#example.com but what about something.something+else#foo.bar.baz.example.com? What about something#example.money or any newer top-level domain? For every example can list of an unusual address formats, there are a thousand I'm not even thinking of — and neither are you.
You can do a simple check like "does this contain an # in it somewhere?" if you want to quickly rule out someone typing their name instead of their email address, or basic "filled in the wrong box" sorts of errors, but don't try to nitpick whether the whole address looks valid.
If you actually need to know if the email address is valid there's one and only one way to do that: send email to it, and have the owner respond (e.g., by clicking a link)
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
in short: building a website form so the user can enter his information including his phone number, and i need a way to verify his phone number. Am using PHP. any simple code/widget that i could add to the page without any installation or SDKs?
been looking for a server who can help me add a widget/code to my live website so the user verifies his phone number before signing in up.
I have found a lot of servers, some can't understand their docs; they required installing SDKs, and I can't finger out how to do that on the host server! if that what it means!
others add other options with the SMS, like call or email and I don't want that.
the last one I found firebase way, but I also couldn't understand how!
OK, my question is: is there a server or a way that is only to send SMS with code and check the code? i mean even if just send SMS and i could add the code to it and verify it with the function I could write.
i think it is so easy to do, but been looking for couple days and i don't why i couldn't find what i need!
If you want to autheticate the user with a phone number you can take a look on firebase
here is the documentation:
https://firebase.google.com/docs/web/setup
Also you can watch firebase tutorials series on youtube
This question too specific and there is no exac answer.
Mostly SMS depends to local providers (for simple cases). If you get SMS plan your provider and if supporting REST API or SOAP you can use simply. This info should be in docs.
In the worst case scenario, if there is not any info you can check SDK source code and extract SMS parts then create your function or class. After all if, else, basic CRUD operations.
When you need all services (SMS, Call etc.) SDK best way doing this. Yes SDK may has a lot of dependencies and complex but you can trust.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm writing up my first website and I am down to the last part; the contact form. Everything has been just HTML5 and CSS so far. From the searches I've done online it would seem that PHP is necessary to make contact forms. Is that true? If not what are some other ways? I'm guess making a contact form with just HTML5 and CSS isn't possible.
Is PHP absolutely necessary to make a contact form?
PHP, no. A server side scripting language of some description, yes.
PHP is generally used because it's common and is shipped with most standard web servers.
You could also use ASP, Python, node.js, whatever you want.
I'm guess making a contact form with just HTML5 and CSS isn't possible.
Making the form is, you just won't be able to send any emails without it.
The only way you could achieve this without using your own server side validation is to use someone else's (i.e. a third party to send your email for you). You'll still be exposing your connection to them, which isn't ideal.
Just add it with PHP if your web server has it installed already! See the documentation for examples. Otherwise there's plenty of tutorials online if you search "[language here] contact form tutorial".
No, PHP is not necessary. To make a contact form which a user can send you'll need some kind of a server-side implementation, and PHP is one of the easiest ways to go.
But you are correct in that HTML and CSS wont be enough.
You could send an email directly from the user's device to your email address using javascript like this
window.open('mailto:oliver#example.com?subject=subject&body=body');
the subject and body could be made from the form content. When you receive the email, you do what you want with it.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am creating a form that users will use to register for an event. However, I just discovered that there are some really tight security limitations due to policies due to the site's hosting and also policies the organization has about external-facing scripts (such as PHP) that are seen as an unneeded vulnerability.
I haven't been told flat-out that all PHP is completely banned, but I think that I won't be able to create a file and send email with it. However, I do want to be able to have an online registration form that can be filled out and emailed in as low-tech a way as possible.
I'm aware that you can use mailto: to prepopulate the subject and body of an email sent through the users normal email client:
mailto:my#addy.com?subject=subject+here&body=body+of+email
This is not the best solution because not everyone will be able to use mailto in this way, and for those that do, they must be relied upon not to mess up the formatting of the email. It isn't very consistent. Is there anything better than mailto: but which is still less of a security risk than PHP?
If you don't have the ability to run server side code, then sending an email is pretty much out of the question. Unless of course, you can make javascript calls to some other website that emails or store the form information for you.
Your best bet might be outsourcing it entirely, and using a Google Doc form or something.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I have a website which provides optional sign up.
Recently, I have been getting too many sign-ups which seem to be spam. Though I implemented email verification, the accounts keep getting added, and moreover, are even activated as soon as they are created.
I also added a hidden input field in the form and check if it is filled or not, but that too doesn't seem to work.
Any help?
Yeah , Make use of CAPTCHA.
A CAPTCHA (an acronym for "Completely Automated Public Turing test to
tell Computers and Humans Apart") is a type of challenge-response test
used in computing to determine whether or not the user is human.
Here's a library available. Check out.
Include this library on your Signup Form .. and do like this
session_start();
$captcha = new SimpleCaptcha();
// Change configuration...
//$captcha->wordsFile = null; // Disable dictionary words
//$captcha->wordsFile = 'words/es.txt'; // Enable spanish words
//$captcha->session_var = 'secretword'; // Change session variable
$captcha->CreateImage();
A good way to do this would be using Captcha.
A very common and good Captcha is ReCaptcha.
The link to this can be found here.
Recaptcha is very easy to install and google provides all of the Libraries necessary. Installing it is basically copying and pasting,but you do have to sign up with google.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
What is the most secure way to fight spam? Any algorithm?O r way to fight back spammers?
Get a captcha dude, it's probably the best way to defeat spam. Here is a great one called reCaptcha. It's pretty easy to integrate with PHP and is mighty effective. Here is how you do it.
Mollom is a more user-friendly alternative to reCaptcha. It can be set to only require CAPTCHA validation if the content of the submission looks "spammy", so it doesn't interfere with users entering safe submissions.
3 simple methods that I use on my employer's website contact form that really help out:
Set a serverside timestamp when the contact page loads, and check the
time again when it posts. If your form was submitted in under 5 seconds (or
whatever minimal time is reasonable for your form) then you know its a bot since
humans aren't that fast.
Check for multiple tag types in the message. Much of spam we see spam tries to mix html and
bulletin board style tags, so you get <a> and [url=] [link=] in the
same message, this is an easy to check red flag
Create a hidden text input field called email and name the visible
email field something different. Human visitors won't see that field, so if it has a
value its a bot(technically could be a
blind person with a screen reader but highly unlikely)