[aur-dev] [PATCH] validate email and fully check existence of it

[BlackEagle]

- check if the format is valid
- go and connect to the smtp server of the given domain and verify if
  the given email exists there
---
 web/lib/aur.inc.php |   75 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 74 insertions(+), 1 deletions(-)

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index c662b80..3fc0a14 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -80,7 +80,80 @@ function check_sid($dbh=NULL) {
 # verify that an email address looks like it is legitimate
 #
 function valid_email($addy) {
-	return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false);
+    // check against RFC 3696
+    if(filter_var($addy, FILTER_VALIDATE_EMAIL) === false) {
+        return false;
+    }
+
+    // check dns for mx, a, aaaa records
+    list($local, $domain) = explode('@', $addy);
+    if(! (checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) {
+        return false;
+    }
+
+    // get mx records and check full email address
+    $mxlist = array();
+    $mxweight = array();
+    getmxrr($domain, $mxlist, $mxweight);
+    $mx = array_combine($mxweight, $mxlist);
+    ksort($mx);
+
+    //smtp_test_email($addy, current($mx));
+    foreach($mx as $prio => $mxsrv) {
+        if(smtp_test_email($addy, $mxsrv) === true) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+# verify that an email address exists on the smtp server
+#
+function smtp_test_email($addy, $mxsrv) {
+    if(($smtp = fsockopen($mxsrv, 25)) === false) {
+        return false;
+    }
+
+    if(intval(preg_replace('/^\([0-9]{3}\).*/', '\1', fgets($smtp))) !== 220) {
+        smtp_close($smtp);
+        return false;
+    }
+
+    fwrite($smtp, "HELO $mxsrv\r\n");
+    if(intval(preg_replace('/^\([0-9]{3}\).*/', '\1', fgets($smtp))) !== 250) {
+        smtp_close($smtp);
+        return false;
+    }
+
+    fwrite($smtp, "MAIL FROM: <mailtest at archlinux.org>\r\n");
+    if(intval(preg_replace('/^\([0-9]{3}\).*/', '\1', fgets($smtp))) !== 250) {
+        smtp_close($smtp);
+        return false;
+    }
+
+    fwrite($smtp, "RCPT TO: <$addy>\r\n");
+    $code = intval(preg_replace('/^\([0-9]{3}\).*/', '\1', fgets($smtp)));
+    /**
+     * 250 = success
+     * 451 or 452 = address got greylisted but another error occured
+     *              so assume ok
+     */
+    if($code !== 250 && $code !== 451 && $code !== 452) {
+        smtp_close($smtp);
+        return false;
+    }
+
+    smtp_close($smtp);
+    return true;
+}
+
+# close smtp conneciton
+#
+function smtp_close(&$smtp) {
+    fwrite($smtp, "RSET\r\n");
+    fwrite($smtp, "QUIT\r\n");
+    fclose($smtp);
 }
 
 # a new seed value for mt_srand()
-- 
1.7.9.1