[Spykie]

Hi,

I've been looking around for a Google like Domain verification script but can't seem to find one.
Any help would be appreciated!

Explanation:
A user submits a domain but before the submissions is processed I want the user to create a empty HTML page with a certain name. Once the page is created the user needs to acknowledge that the page was created and the script would then check if that is indeed the case.
Note: It does not have to be exactly like this, the above is just an indication of what I have in mind

Thanks in advance!

[Spykie]

This seems to be a popular topic but a program / script to make this seems to not exist?
To bad

[og9]

Quote:

Originally Posted by Spykie

This seems to be a popular topic but a program / script to make this seems to not exist?
To bad

It's very easy to do:

PHP Code:

<?php

  

  $verify_key = "spykie-a678BC342HJ9034a678BC342HJ9034";

  

  $html = file_get_contents( 'http://www.og9.co.uk/' );

  $verify_tag = preg_match('/.*\<meta name="spykie-verify" content="(.*)".*>/', $html, $matches);

  if ( isset($matches[1]) )

  {

      if ( $matches[1] == $verify_key )

        exit('Success! The key was matched');

  }

  exit('You cannot be verified make sure you have added the meta tag supplied.');  

?>

If you run this, you will get a match at the moment as I have added the appropriate meta tag to my homepage. If you change the $verify_key slightly and run it against my site again, it will fail.

[Dratone]

Hi,

Here is a php class that will check for a .html file with the key in the filename, or a DNS Entry for the key:

Code:

<?php
        /**
        * Class: DomainValidation
        * Author: Dratone
        * Author-Email: dratone [that little sign that seperates identifier from domain goes here] gmail <and here goes that little dot> com
        * This class will validate a domain.
        * Legal shit:
        * 
        * This class is provided AS IS, with NO GARANTEE what so ever for
        * any useability what so ever.
        * Usage of this code is completely on your own risk. The author
        * provides no warranty against damage directly or indirectly caused
        * by use of this code.
        *
        * Usage is free of charge. The code may be changed and reprovided 
        * under the provision that credit is giving to the original author
        *
        * License: GPLv3
        */
	class DomainValidation {

		var $usecurl = false;
		var $usefile = false;
		var $CNAME_DOMAIN = "<CNAME address>";

		function __construct() {
			if (function_exists("curl_init")) {
				$this->usecurl = true;
			} else {
				if (ini_get("allow_url_fopen")) {
					$this->usefile = true;
				} else {
					echo "No useable way for http requests is found. Install php5-curl or set allow_url_fopen to true\n";
					die();
				}
			}

		}

		function validate($domain) {
			$res = mysql_query("SELECT validation_key FROM validate_domain WHERE domain='" . mysql_escape_string($domain) . "'");
			$key = mysql_fetch_assoc($res);
			if (!is_array($key)) {
				return false;
			}
			$key = $key['validation_key'];
			return $this->validate_by_key($key,$domain);
		}
		function validate_by_key($key,$domain) {
			if ($this->usecurl) {
				$ch = curl_init("http://" . $domain . "/" . $key . ".html");
				curl_setopt($ch,CURLOPT_NOBODY,true);	
				curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
				curl_setopt($ch,CURLOPT_HEADER,true);
				$data = curl_exec($ch);
				$lines = split("\n",$data);
				if (stristr($lines[0],"200")) {
					return true;
				}
			}else if ($this->usefile) {
				$content = @file_get_contents("http://" . $domain . "/" . $key . ".html");
				if ($content !== false) {
					return true;
				}
			}


			# next do DNS.
			$t = gethostbyname($key . "." . $domain);
			if ($t == gethostbyname($this->CNAME_DOMAIN)) {
				return true;
			}

			return false;
		}

		function init_validation($domain) {
			$b=0;
			while(true) {
				// just in case.
				$b++;
				if ($b == 10) {
					return false;
				}
			$key = substr(sha1(rand(10,20)),0,20);
				if (!$this->validate_by_key($key,$domain)) {
					$sql = "REPLACE INTO validate_domain VALUES (DEFAULT,'".mysql_escape_string($domain)."','$key')";
					mysql_query($sql) or die (mysql_error());
					return $key;
				}	

			}
		}


		function install() {
			$sql = "CREATE TABLE validate_domain (domainid INT AUTO_INCREMENT PRIMARY KEY,domain varchar(255),validation_key char(20))";
			mysql_query($sql);
		}


	}
?>

It should be relatively easy to incorporate the script of og9 into this.

To install, create a script as follows:

Code:

<?php
mysql_connect("host","username","password");
mysql_select_db("dbname");
include("DomainValidation.php");
$domain = new DomainValidation();
$domain->install();
?>

And run it and delete it again.

To use it, use:

Code:

include("DomainValidation.php");
$domain = new DomainValidation();

$key = $domain->init_validation($domain);

it will return false when it cannot create a key that will work (for instance whildcard DNS that happens to point to the right location, or .htaccess rewrites that always produces 200 returns, or a 20 character alphanumerical value if true.

Validate using

Code:

if ($key !== false) {

}

to validate a domain use:

$domain->validate($domain);

returns true if successfull, false if not.

[Spykie]

Thanks guys it works great!
You can try it at BETA | Spamblock.in' for the masses | For Free!