[PopSmith]

I've been toying with the idea of using explode() and a preg_match to disallow all emails from .ru domains and gawab.com from registering on my site due to the fact that they are mainly used by spammers/hackers and bots.

However, I must be doing something wrong with the preg_match (lines 87 to 92). I currently have the preg_match commented out because it causes the website to not pull up, it just shows a white background. If I comment out the preg_match it works fine. I've been experimenting with the preg_match in RegexBuddy but I still can't quite get it to work.

Also, the "echo $domain[1]" code is there as a debug so I could make sure that the explode was working properly.

For now I'm only trying to disallow all .ru domains but I'd like to add gawab.com to the list as well at some point.

php Code:

<?php
include('../includes/constants.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<script type="text/javascript">  
var RecaptchaOptions = {  
   theme : 'clean'  
};  
</script>
<title>Welcome to my Website!</title>
</head>
<body>
We are hard at work getting the site up and running! We are hoping to get running around December or January.
If you would like us to notify you when we get setup fill out the form below with your name and email address.
<?php
require_once('../reCAPTCHA/recaptchalib.php');
 
// Keys from [url]http://recaptcha.net/api/getkey[/url].
$publickey = "[deleted]";
$privatekey = "[deleted]";
 
# the response from reCAPTCHA 
$resp = null;
# the error code from reCAPTCHA, if any 
$error = null;
 
    if (isset($_POST&#91;'submitted'])) {
        require_once('../includes/sanitize.php');
        
        //Sanitize data before validation
        $c_fname = sanitize(3, 15, $_POST&#91;'first_name']);
        $c_lname = sanitize(3, 25, $_POST&#91;'last_name']);
        $c_email = sanitize(5, 60, $_POST&#91;'email']);
        $c_email_2 = sanitize(5, 60, $_POST&#91;'email_2']);
        
        ////////////////////////////////////////////////////
        // BotScout.com "BotBuster" check
        require_once('../includes/BotScout.php');
        ////////////////////////////////////////////////////
 
        $resp = recaptcha_check_answer ($privatekey,
                                        $_SERVER&#91;"REMOTE_ADDR"],
                                        $_POST&#91;"recaptcha_challenge_field"],
                                        $_POST&#91;"recaptcha_response_field"]);
 
        if ($resp->is_valid) {
        require_once(MYSQL);
                
        //Validate the first name
        $fResult = preg_match("/^[a-zA-Z\.]{1,15}/", $c_fname);
        if (!$fResult) /* If it didn't match okay. */
         return false;
            
        //Validate last name
        $lResult = preg_match("/^[a-zA-Z\-.]{1,25}/", $c_lname);
        if (!$lResult) /* If it didn't match okay. */
          return false;
        
        //Is the email valid and not empty?
        if (empty($c_email_2)) {
            echo '<p>Please go back and enter your email address in both fields.</p>';
            exit();
        } elseif ($c_email !== $c_email_2) {
            echo '<p>The email fields do not match. Please go back and confirm them again.</p>';
            exit();
        } else {
            function isValidEmail( $c_email = null ) {
            $eResult = preg_match( "/^ 
            [\d\w\/+!=#|$?%{^&}*`'~-] 
            [\d\w\/\.+!=#|$?%{^&}*`'~-]*@ 
            [A-Z0-9] 
            [A-Z0-9.-]{1,60} 
            [A-Z0-9]\. 
            [A-Z]{2,6}/", $c_email);
            if (!$eResult) /* If it didn't match okay. */
              return false;
                }
        }
            /* This code doesn't quite work yet....
            $domain = explode('@', $c_email);
            
            echo $domain[1];
            $dResult = preg_match("/^[A-Z0-9]{1,60}\.ru$/", $domain[1]);
            if ($dResult)
                return false;
            echo "<p>An error has occurred, please try again.</p>";
            exit();
            */
        if (!empty($c_email) && $c_email == $c_email_2) {
            $access = "SELECT Email FROM customers WHERE Email='$c_email'";
            $r = mysqli_query($dbc, $access) or trigger_error("Query: $access\n<br />MySQL error: " . mysqli_error($dbc));
        }
        
        //Insert information if email is unique:
        if (mysqli_num_rows($r) == 0) {
            $access = "INSERT INTO customers (Email, First, Last) VALUES ('$c_email', '$c_fname', '$c_lname')";
            $r = mysqli_query($dbc, $access) or trigger_error("Query: $access\n<br />MySQL error: " . mysqli_error($dbc));
        } elseif (mysqli_num_rows($r) == 1) {
            echo "<p>Your address has previously been recorded. We will notify you at $c_email when we are up and running.</p>";
        } else {
            echo '<p>Your email address could not be recorded due to an error, please try again.</p>';
        }
        
        //If user fails reCAPTCHA.
        } else {
             # set the error code so that we can display it
             $error = $resp->error;
} // End reCAPTCHA else.
mysqli_close($dbc);
} // End Submit IF.
?>
<form action="" method="post">
<fieldset>
<p><b>First name:</b> <input type="text" name="first_name" size="20" maxlength="15" value="<?php if(isset($c_fname)) echo $c_fname; ?>" /></p>
<p><b>Last name:</b> <input type="text" name="last_name" size="20" maxlength="25" value="<?php if(isset($c_lname)) echo $c_lname; ?>" /></p>
<p><b>Email Address:</b> <input type="text" name="email" size="30" maxlength="60" value="<?php if(isset($c_email)) echo $c_email; ?>" /> (Required)</p>
<p><b>Confirm email address:</b> <input type="text" name="email_2" size="30" maxlength="60" value="<?php if(isset($c_email_2)) echo $c_email_2; ?>" /> (Required)</p>
<?php echo recaptcha_get_html($publickey, $error); ?>
 
<br />
</fieldset>
<div class="center"><input type="submit" name="submit" value="Register" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</body>
</html> 

[End User]

Unless I misunderstand what you want to do, this will match any basic *.ru domain: (.*)\.ru

It won't match zzz.ru.somedomain.com, but it'll match some-bad.ru, foo.bar.ru, and so on.

[PopSmith]

Basically, I'm just looking to block anything that ends with .ru (i.e. mail.ru, yandex.ru, thisisatest.ru etc.) so that should work perfectly.

[wirehopper]

Quote:

Basically, I'm just looking to block anything that ends with .ru

You could also use strrchr.

PHP: strrchr - Manual

PHP Code:

$mRu=strrchr('.ru',strtolower($sEmail));

if ($mRu!=false)

  $mRu=($mRu=='.ru'); 

Not tested.