Simple check of email address in Constant Contact - php

I can't find a damned bit of documentation for using the Constant Contact REST API to check if an email address is in a list or not.
The following seems to be completely useless:
include_once('cc_class.php');
$ccContactOBJ = new CC_Contact("basic", $cckey, $ccuser, $ccpass);
if(($_SERVER['REQUEST_METHOD']=="POST") && !empty($_REQUEST['member-submit'])) {
$contact = $ccContactOBJ->getSubscribers(urlencode($_POST['MemberEmail']));
if (empty($contact['items'])) {
$message = 'You are not listed in our database.';
}
else {
$message = 'You are already listed in our database';
}
echo $message;
}
Anyone have ANY idea how to return a true or false value?

Related

Secure a contact form from scratch in Wordpress

I am currently creating a website with Wordpress, I am creating my theme and I am not using jQuery. I need to introduce a simple contact form, which sends an email on submission and all plugins need jquery to work.
Is it safe to create a contact form that sends an email? Is there a risk of SQL injection since I do not query the database on submission?
I have very little security skill, any information or clarification will be welcome

So for example something like:
$name = "{$_POST['message_name']} {$_POST['message_lastname']}"; // I like to combine first and lastname in to 1 variable.
$email = $_POST['message_email'];
$website = $_POST['message_url'];
$message = $_POST['message_description'];
if ( ! filter_var( $email, FILTER_VALIDATE_EMAIL ) ) {
$response = form_validation_response( 'error', $email_invalid );
} else {
if ( empty( $name ) || empty( $message) ) {
$response = form_validation_response( 'error', $missing_content );
}
}
// The most simple check you can do is make sre that the fields are NOT empty.
The form_validation_response method is a simple function which you can use to return error message:
$not_human = "Human verification incorrect.";
$missing_content = "Please supply all information.";
$email_invalid = "Email Address Invalid.";
$message_unsent = "Message was not sent. Try Again.";
$message_sent = "Thanks! Your message has been sent.";
function form_validation_response( $type, $message ) {
$class = 'px-2 py-1 mb-6 rounded-md' // These are tailwind classes, but it could be bootstrap
if ( $type == 'success' ) {
$class .= "border border-green-800 text-green-700";
} else {
$class .= "border border-redish text-redish";
}
return "<div class='{$class}'>{$message}</div>";
}
The example above is used to validate the email, but you can also make sure that the fields are actually submitted, before even starting the validation process:

If you're not familiar with creating a "secure" php form I would advice you to use a plugin for this.
If your "allowed" to install plugins, then have a look "form plugins" like:
WPForms (https://wpforms.com/)
Gravity Forms (https://www.wpbeginner.com/refer/gravityforms/)
Contact Form 7 (https://wordpress.org/plugins/contact-form-7/)
This is just a few of the form plugins that are available. Depending on your need/budget you should then make a decision which plugin fits the best (some are free, freemium, premium etc.).

email domain validation in php on windows

I am asking for an email address through a form in my website. I want to validate the domain so that I can prevent fake entries I am getting right now. I am using the following code, but it dose not seem to work :
function myCheckDNSRR($hostName, $recType = '')
{
if(!empty($hostName)) {
if( $recType == '' ) $recType = "MX";
exec("nslookup -type=$recType $hostName", $result);
// check each line to find the one that starts with the host
// name. If it exists then the function succeeded.
foreach ($result as $line) {
if(eregi("^$hostName",$line)) {
echo "valid email";
}
}
// otherwise there was no mail handler for the domain
echo "invalid email";
}
echo "invalid EMAIL";
}
I am new to this and used this code from here
Please guide me. Thanks.

I guess you can simply ping like this.
function myCheckDNSRR($email_address)
{
if(!empty($email_address)) {
$hostName=strstr($email_address, '#');
$hostName=str_replace("#","www.",$hostName);
exec("ping " . $hostName, $output, $result);
if ($result == 0){
echo "valid email";
}
else{
echo "invalid email";
}
}
}
call it like
echo myCheckDNSRR("sample#gmail.com");

Use a validation lib like https://docs.zendframework.com/zend-validator/validators/email-address/
$validator = new Zend\Validator\EmailAddress();
if ($validator->isValid($email)) {
// email appears to be valid
} else {
// email is invalid; print the reasons
foreach ($validator->getMessages() as $message) {
echo "$message\n";
}
}
Create a table in your DB for storing an email link code. When someone registers, mark the user as unactivated until he clicks the link in the email. This way, you know it's real, and can activate the user.

php integrated function form mail validation doesnt work FILTER_VALIDATE_EMAIL

I have the following script that checks emails and do something with them if they are correct formatted.. I am using FILTER_VALIDATE_EMAIL for this
Here is the code:
if(!empty($_POST['maillist'])){
$_POST['maillist'] = 'mariatettamanti#gmail.com,
H0889#sofiaertel.com,sdfd#sfs.com,';
$mails = explode(',',$_POST['maillist']);
foreach($mails as $mail){
if(!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
echo $emailErr = $mail." - Invalid email format<br />";
}else{
echo 'do job with this mail';
}
}
}
As you can see mails are formatted as mails but the function prints only first mail as correct and the rest as wrong.. Why is that? What am I missing? Thanks

Problem is with last comma in your email address. It create and empty value at the end . To avoid this you use isset()
if (!empty($_POST['maillist'])) {
$_POST['maillist'] = 'H0889#sofisadatel.com,info#daddsadyomiaasdmi.com,info#hotsdaelmidasami.com,';
$mails = explode(',', $_POST['maillist']);
foreach ($mails as $mail) {
if (isset($mail) && $mail != "") {// check for empty email
if(!filter_var(trim($mail), FILTER_VALIDATE_EMAIL)) {
echo $emailErr = $mail . " - Invalid email format<br />";
} else {
echo 'do job with this mail';
}
}
}
}

See if # symbol is in field and proceed with form validation

I am trying to set up a web form for my website and I want to search the user's input for an # symbol and if it is not there, the form should not validate and a message should show up asking the user to recomplete the form.
Here's what I have so far:-
$at = "#";
if (is_null($at[$email]))
{
return FALSE;
}
I hope someone can help me!

<?php
$email = "someone#example.com";
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
echo "Valid email address.";
}
else {
echo "Invalid email address.";
}
?>
Or little bit more modern:
<?php
$email_address = "someone#example.com";
if (preg_match("/^[^#]*#[^#]*\.[^#]*$/", $email_address)) {
return "E-mail address";
}
?>

How To solve dis synchronize of form Validation?

I am wondering if anyone out there can help with my form Validation Please?
I am having a few problems trying to synchronized out how certain bits of the actual structure of the script works together.
<?php
$flag="OK"; // This is the flag and we set it to OK
$msg=""; // Initializing the message to hold the error messages
if(isset($_POST['Send'])){
$key=substr($_SESSION['key'],0,4);
$num_key = $_POST['num_key'];
if($key!=num_key){
$msg=$msg."Your Key not valid! Please try again!<BR>";
$flag="NOTOK";
}
else{
$msg=$msg."Your Key is valid!<BR>";
$flag="OK";
}
}
$email=$_POST['email'];
echo "Your Email: ".$email." is";
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$msg=$msg."Invalid email<BR>";
$flag="NOTOK";
}else{
$msg=$msg."Valid Email<BR>";
$flag="OK";
}
$password=$_POST['password'];
if(strlen($password) < 5 ){
$msg=$msg."( Please enter password of more than 5 character length )<BR>";
$flag="NOTOK";
}
if($flag <>"OK"){
echo "$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // all entries are correct and let us proceed with the database checking etc …
}
function spamcheck($field)
{
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
if (isset($_POST['email']))
{//if "email" is filled out, proceed
$mailcheck = spamcheck($_POST['email']);
if ($mailcheck==FALSE)
{
echo "Invalid input";
}
}
?>
the problem, when email valid, password valid, though key is invalid the warning of key disappear, it mean passed too... and also the spamcheck doesn't look work..

You don't have to set the flag to 'OK' or a previous error get masked, as you already noted.
If all the check are ok, the flag remains in valid state and you can pass on, otherwise, if one of the check fails the flag reports the incorrect state.
$flag="OK"; // This is the flag and we set it to OK
$msg=""; // Initializing the message to hold the error messages
if(isset($_POST['Send'])) {
$key=substr($_SESSION['key'],0,4);
$num_key = $_POST['num_key'];
if($key!=$num_key){
$msg=$msg."Your Key not valid! Please try again!<BR>";
$flag="NOTOK";
} else {
$msg=$msg."Your Key is valid!<BR>";
}
}
$email=$_POST['email'];
echo "Your Email: ".$email." is";
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$msg=$msg."Invalid email<BR>";
$flag="NOTOK";
}else{
$msg=$msg."Valid Email<BR>";
}
$password=$_POST['password'];
if(strlen($password) < 5 ){
$msg=$msg."( Please enter password of more than 5 character length )<BR>";
$flag="NOTOK";
}
if($flag <>"OK"){
echo "$msg <br> <input type='button' value='Retry' onClick='history.go(-1)'>";
} else {
// all entries are correct and let us proceed with the database checking etc …
}
Said that I would use a different approach, for example using boolean values other than a string named flag. You can obtain a more fluent code calling it something like $inputIsvalid.
Other nags: Sometimes you add the messages to a $msg variable, other you issue an echo, maybe it is an oversight.
There is a lot of room for improvements, as every other code, I will address just some of the easy issues, for examples I will not check if the variables are set or not.
$inputIsValid=true; // This is the flag and we set it to OK
$messages = array(); // Initializing the message to hold the error messages
if(isset($_POST['Send'])) {
$key=substr($_SESSION['key'],0,4);
$num_key = $_POST['num_key'];
if($key!=$num_key){
$messages[]= 'Your Key not valid! Please try again!';
$inputIsValid=false;
} else {
$messages[]'Your Key is valid!';
}
}
$email=$_POST['email'];
$emailRegex='^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$';
$emailIsValid = eregi($emailRegEx, $email);
$messages[]= 'Your Email: '.$email.' is ' .($emailIsValid? 'Valid':'Invalid');
$inputIsValid = $inputIsValid && emailIsValid;
$password=$_POST['password'];
if(strlen($password) < 5 ){
$messages[]='( Please enter password of more than 5 character length )';
$inputIsValid=false;
}
if(!inputIsValid){
$messages[]='<input type='button' value='Retry' onClick='history.go(-1)'>';
echo join('<br/>', $messages);
} else {
// all entries are correct and let us proceed with the database checking etc …
}
Another approach should be (the functions are quite simple, but you can modify the validation policy of the different components without affecting the main code):
function validateKey() {
if(!isset($_POST['Send'])) {
return true;
}
$key=substr($_SESSION['key'],0,4);
$num_key = $_POST['num_key'];
return $key==$num_key;
}
function validateEmail($email) {
$emailRegex='^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$';
return eregi($emailRegEx, $email);
}
function validatePassword($password) {
return strlen($password) < 5;
}
$inputIsValid=true; // This is the flag and we set it to OK
$messages = array(); // Initializing the message to hold the error messages
if(validateKey()) {
$messages[]'Your Key is valid!';
} else {
$messages[]= 'Your Key not valid! Please try again!';
$inputIsValid=false;
}
$emailIsValid = validateEmail($_POST['email']);
$messages[]= 'Your Email: '.$email.' is ' .($emailIsValid? 'Valid':'Invalid');
$inputIsValid = $inputIsValid && emailIsValid;
$password=;
if(!validatePassword($_POST['password']){
$messages[]='( Please enter password of more than 5 character length )';
$inputIsValid=false;
}
if(!inputIsValid){
$messages[]='<input type='button' value='Retry' onClick='history.go(-1)'>';
echo join('<br/>', $messages);
} else {
// all entries are correct and let us proceed with the database checking etc …
}
Spam function:
why are you using Constant different than the boolena values?
(TRUE is different from true and FALSE is different from false)
You can rewrite the function like this in order to obtain the desired behaviour.
function spamcheck($field)
{
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
return filter_var($field, FILTER_VALIDATE_EMAIL);
}
if (isset($_POST['email'])) {//if "email" is filled out, proceed
$mailcheck = spamcheck($_POST['email']);
if (!$mailcheck) {
echo "Invalid input";
}
}

Each of you tests sets flag to "OK" or "NOTOK" overwriting decisions made by previous tests.
You could start with $flag = true;. And only if a test decides that the input is unsatisfying it sets $flag=false.
Or you can remove $flag altogether and check if 0===strlen($msg) after the tests.

Categories