RE: [Phplib-users] New phpauth code
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] New phpauth code
|
From: Layne W. <la...@if...> - 2002-05-06 23:09:29
|
> I generally force the username to lowercase before doing the > check, and > this code should do that (it's not rocket science to implement it). > I'll probably make that change. > > I won't allow case-sensitive matching. I've done it before, and > inevitably someone ends up typing in a couple of caps in their email > address, then they can't understand why it won't work next time when > they don't. Same with passwords, sad to say. Whoa! People use mixed case passwords for added security. You're lowering the security of your users' data by forcing lowercase passwords? For email addresses, MySQL searches case-insensitively, so why should we care how they enter it? > > In addition to checking email addresses against a simple > format, I check > > against all known TLDs. I also find it useful to warn users > if I cannot find > > an MX record for their domain. This prevents numerous > "us...@ho..." > > attempts. > > That's not a bad idea. Have any code which you'd like to share? I started with Validator 1.2 from thewebmasters.net and changed is_email() to use this new function: function has_mx($host) { exec("nslookup -type=mx $host", $return); if(is_array($return)) $return = join("\n", $return); if(is_integer(strpos($return, "mail exchanger"))) return true; return false; } Layne Weathers Ifworld Inc. |
