validate email addresses to see if the hostnames actually resolve before committing a new user

2 files changed, 17 insertions, 6 deletions

diff --git a/boot.php b/boot.php
index baf1f4812..c90d05130 100644
--- a/boot.php
+++ b/boot.php
@@ -1160,13 +1160,25 @@ function validate_url(&$url) {
 		$url = 'http://' . $url;
 	$h = parse_url($url);
 
-	if(! $h) {
-		return false;
+	if(($h) && (checkdnsrr($h['host'], 'ANY'))) {
+		return true;
 	}
-	if(! checkdnsrr($h['host'], 'ANY')) {
+	return false;
+}}
+
+// checks that email is an actual resolvable internet address
+
+if(! function_exists('validate_email')) {
+function validate_email($addr) {
+
+	if(! strpos($addr,'@'))
 		return false;
+	$h = substr($addr,strpos($addr,'@') + 1);
+
+	if(($h) && (checkdnsrr($h, 'ANY'))) {
+		return true;
 	}
-	return true;
+	return false;
 }}
 
 // Check $url against our list of allowed sites,
diff --git a/mod/register.php b/mod/register.php
index 773d55364..12d27482b 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -65,10 +65,9 @@ function register_post(&$a) {
 	if(! allowed_email($email))
 			$err .= t('Your email domain is not among those allowed on this site.') . EOL;
 
-	if(! valid_email($email))
+	if((! valid_email($email)) || (! validate_email($email)))
 		$err .= t('Not a valid email address.') . EOL;
 
-
 	$nickname = $_POST['nickname'] = strtolower($nickname);
 
 	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))