Archive
Monthly
Go
|
|
DNN Blog
Nov
15
Posted by:
Erik van Ballegoij
11/15/2007 2:03 PM
While DotNetNuke 4.4.x already validates emails in the user profile with a regular expression, this regular expression could not be changed by portal admins. In DNN 4.5, the regular expression used to validate email address can be altered in the User Settings Page (Admin > User Accounts > User Settings)
The default regular expression is:
\b[a-zA-Z0-9._%-+']+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b
And while this catches a lot of errors already, there still are some email address that will wrongfully validate, while some other valid addresses will not. For example: erik.vanballegoij@.dotnetnuke.com will validate, as will erik.vanballegoij@dotnetnuke..com, while both are not valid (punctuation errors). Also, erik@somemuseum.museum will not validate, even though it is perfectly valid.
I've found the article by Jan Goyvaerts (http://www.regular-expressions.info/email.html) very informative when it comes to validating email addresses with regular expressions. Charles Nurse probably used the same article as inspiration, as the DNN regex closely resembles the first sample on that page. Using a few of the hints in that article led me to construct the following regex:
^[a-zA-Z0-9._%-+']+@(?:[a-zA-Z0-9-]+\.)+(?:[A-Z]{2}|com|org|net|biz|info|name|aero|biz|info|jobs|museum|name)$
^[a-zA-Z0-9._%\-+']+@(?:[a-zA-Z0-9\-]+\.)+(?:[a-zA-Z]{2}|com|org|net|biz|info|name|aero|jobs|museum)$
^[a-zA-Z0-9._%\-+']+@(?:[a-zA-Z0-9\-]+\.)+(?:[a-zA-Z]{2}|aero|arpa|asia|biz|cat|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|pro|root|tel|travel|cym|geo|post)$
(Thanks Gilles for letting me know there were a few errors in the regex.. thats what you get when copy-pasting ...) Which will correctly invalidate adresses with dot after @ and with consecutive dots. Also, all extra top level domain names will be validated.
Now, I do not consider my self a regex expert in any way, in fact, I need tools to understand them at all. I like Expresso myself, but I've also looked at RegexBuddy and The Regulator.
Now.. there's only one question left: what if i wanted to exclude some domains, like yahoo, hotmail etc. I've been trying to construct the proper regex but failed misserably ... so if anyone out there knows how to add domain exclusion.. that would be greatly appreciated!
For a full list of generic top level domains, see here: http://www.iana.org/gtld/gtld.htm
[update November 15:] thanks swift51 and dukesb11 for the extra info! [/update]
20 comment(s) so far...
Re: Define your own e-mail validation in DNN 4.5
I've noticed users with a - (dash) in their email address failed as well. had to edit the DB for them directly. *cough*
For instance my-email@domain.com was invalid.
So it's nice we can edit this ourselves (if I can figure it out too!)
By bmolzen on
4/9/2007 8:28 AM
|
Re: Define your own e-mail validation in DNN 4.5
I am not a regex expert either, but it seems like a two-stage evaluation would be best:
1. evaluate with a regex for the undesired domain names -- T or F determines passing to test #2 below
2. evaluate with a regex to see if it is a valid email format -- T or F determines what to do next
I know there exists DNS testing on the domain, building this into the email validation would be very nice if you or someone can do it...
Thank you, Tom
By tlyczko on
4/9/2007 8:29 AM
|
Re: Define your own e-mail validation in DNN 4.5
@Tom,
Thanks for the ideas. A 2 pass regex would be very hard to do with the current implementation of controls for userprofile. However, the current implementation does allow for creating new controls, so it should be feasible to create an email edit control with built in "live" testing. This could be a simple dns test to find out whether the domain actually exists, or a real mail send (that aborts after the receiving SMTP server acknowledges the address)...
By ErikVB on
4/9/2007 8:33 AM
|
Re: Define your own e-mail validation in DNN 4.5
ErikVB: 'what if i wanted to exclude some domains, like yahoo, hotmail etc.'
The following links provide the basics.
VBScript User's Guide:
http://msdn2.microsoft.com/en-us/library/sx7b3k7y(vs.80).aspx
Introduction to Regular Expressions (Scripting):
http://msdn2.microsoft.com/en-us/library/6wzad2b2(VS.80).aspx
.NET Framework Regular Expressions:
http://msdn2.microsoft.com/en-us/library/hs600312(vs.80).aspx
---
Validation:
http://msdn2.microsoft.com/en-us/asp.net/aa336647.aspx
Here, you find the following fragment:
ControlToValidate="email"
runat="server"
ValidationExpression="\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*">
ThThe email address appears to be of an incorrect format
I haven't checked it, so it's on you...
---
For more information, here's a search for "valid email":
http://search.msdn.microsoft.com/search/default.aspx?__VIEWSTATE=&query=%22valid+email%22&siteid=0&tab=0
Back to topic. In order to exclude (ban) email addresses, I would prefer a blacklist. Making things nice, I guess DNN should have editable blacklists for IP's, domains, email addresses, usernames (e.g. admin, moderator, webhost, webmaster, b***h, f***, f***you, WeF***You, etc. ), etc. Such a blacklisting functionality makes Admins day easier, right?
Happy Coding!
By deanman1 on
4/11/2007 1:34 PM
|
Re: Define your own e-mail validation in DNN 4.5
Here's another piece (not tested):
http://www.asp.net/ControlGallery/ControlDetail.aspx?Control=2035&tabindex=0
Happy Coding!
By deanman1 on
4/11/2007 1:11 PM
|
Re: Define your own e-mail validation in DNN 4.5
Sorry, I've posted the wrong link in my last post!!!
Here's the correct link:
http://blogs.msdn.com/larryosterman/archive/2005/01/07/348548.aspx
And the answer can be found here:
http://blogs.msdn.com/larryosterman/archive/2005/01/10/350135.aspx
I apologize any inconvenience!
Happy Coding!
By deanman1 on
4/11/2007 1:11 PM
|
Re: Define your own e-mail validation in DNN 4.5
Here's another good read:
http://tools.ietf.org/html/rfc3696
By deanman1 on
4/11/2007 1:11 PM
|
Re: Define your own e-mail validation in DNN 4.5
Nice! This one:
^[\w\d_\+-]+(\.[\w\d_\+-]+)*@(?:[a-zA-Z0-9-]+\.)+(?:[A-Z]{2}|com|org|net|biz|info|name|aero|biz|info|jobs|museum|name)$
would also filter out email addresses starting with a dot
Timo
By messmail on
4/11/2007 1:08 PM
|
Re: Define your own e-mail validation in DNN 4.5
Well, here's another good read:
http://hexillion.com/email_validation/
However, after spending some hours on the e-mail validation issue, two conclusions left over.
1. The e-mail address specification allows plenty of valid e-mail addresses that will be rejected by the most 'regex' verifications. In such cases, it would prevent users from using their valid e-mail addresses.
2. The 'live' e-mail-address test confirms the existence of a domain only, but in the most cases not the e-mail address itself (this would be an open door for spammers to check the validity of an e-mail address, therefore, the most e-mail hosts also acknowledge non-existing e-mail addresses).
3. To make sure that an e-mail address is valid, an e-mail has to be sent to the user and the user must confirm this e-mail address by typing in the correct verification code in the registration/login form.
---
The main question is now. Isn't it better that the user has to type in the e-mail address twice in order to provide the user the possibility to prevent input errors? I guess that's the main reason for the e-mail address verification..
Note: In order to make the user input more reliable, the input should be hidden like it is with the password input. In addition, the copy/paste feature should be deactivated, so that the user 'must' type in the e-mail address twice.
The second question is what to do with registered users whose e-mail address is invalid at a later time (sending an e-mail to the given e-mail address fails)?
Note: I would prefer the solution that they have to provide a new e-mail address when logging in the next time after sending an e-mail failed. In such a case, the e-mail address verification process (verification code) should be available as option.
---
Anyway, the e-mail address verification process (verification code) is always the only way in order to make sure that the user has provided a valid e-mail address to which he/she has access. Everything else is not reliable. In other words, I would abandon the regex verification in favor of the double input idea, the e-mail verification process, and the blacklists (in order to ban some IP's, domains, e-mail addresses, usernames, etc.) I've mentioned before. Agreed, that's my point of view.
Happy Coding!
By deanman1 on
4/11/2007 1:08 PM
|
Re: Define your own e-mail validation in DNN 4.5
Hi Erik,
Your regex is wrong ! ;-) I have already make a post on Gemini (Issue DNN-5011) about this problem. Try this email o your regex : john-doe@dutch.nl
Your regex reject it because the - between john and doe, and the country in lower case is rejected too.
You can use this one instead :
^[a-zA-Z0-9._%\-+']+@(?:[a-zA-Z0-9\-]+\.)+(?:[a-zA-Z]{2}|com|org|net|biz|info|name|aero|biz|info|jobs|museum|name)$
Gilles
By Ploum on
4/11/2007 1:12 PM
|
Re: Define your own e-mail validation in DNN 4.5
@Timo:
Your regex would not allow addresses with % or ' in it, this one would work better in that case: ^[\w\d%\-+']+(?:\.[\w\d\%\-+']+)*@(?:[a-zA-Z0-9-]+\.)+(?:[a-zA-Z]{2}|com|org|net|biz|info|name|aero|biz|info|jobs|museum|name)$
By ErikVB on
4/11/2007 1:38 PM
|
Re: Define your own e-mail validation in DNN 4.5
@erik
Your right I cleaned it up a bit too much, for testing...
Timo
By messmail on
4/11/2007 6:50 PM
|
Re: Define your own e-mail validation in DNN 4.5
And what about foreign country domains like .ca, .ru, .cn, etc.??
There is a very good email validation library at aspemporium.com, with a basic javascript version and a C# version that takes into account all the country variations but I do not know how to convert it to VB or JS.
Thank you, Tom
By tlyczko on
4/11/2007 6:50 PM
|
Re: Define your own e-mail validation in DNN 4.5
@Tom
Any TLD with 2 characters will be validated by both the core regex, as the modified ones. In the core one this will be handled by this part: "\.[a-zA-Z]{2,4}", allowing any uppercase or lowercase character from a-z between 2 and 4 positions long. You can test regular expresions for instance here: http://regexlib.com/RETester.aspx.
By ErikVB on
4/11/2007 6:55 PM
|
Re: Define your own e-mail validation in DNN 4.5
Is there any way to get something similar to these validation improvements into a 4.4 installation? A config file that can be altered? Or a simple source amendment? My site users are complaining that they cannot register addresses with dashes in them.
By TomMcClelland on
6/12/2007 8:10 PM
|
Re: Define your own e-mail validation in DNN 4.5
bmolzen: you might have figured it out by now but if you want a dash (-) to validate in an email address put a '-' at the very beginning of the validation expression:
\b[-a-zA-Z0-9._%-+']+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b
Other '-' are interpreted as ranges, putting it at the beginning overrides this
By 01012872 on
6/12/2007 8:10 PM
|
Re: Define your own e-mail validation in DNN 4.5
any particular reason why |edu| is excluded from the exclusive list of domain extensions?
By swift51 on
11/15/2007 1:58 PM
|
Re: Define your own e-mail validation in DNN 4.5
If anyone is still trying to use this for reference, note that you need to add a couple more top-level domains, making the last section into |aero|arpa|asia|biz|cat|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|pro|root|tel|travel|cym|geo|post
I just got bit by not having edu in there, also added gov, arpa, int, mil, asia, cat, coop, mobi, pro, root, tel, travel, and three proposed domains, post, geo, and cym. These come mainly from http://www.iana.org/gtld/gtld.htm.
By dukesb11 on
11/15/2007 1:58 PM
|
Re: Define your own e-mail validation in DNN 4.5
Would be great if the regex winner got impliemented by default in an upcoming DNN release :)... Great stuff!!! Email validation I've always found to be a total nightmare :).
By NukeAlexS on
11/20/2007 8:11 PM
|
Re: Define your own e-mail validation in DNN 4.5
I created a regexp that seems to work (at least for me). Feel free to add additional valid characterers between the []
^[a-zA-Z](?:[-a-zA-Z0-9_]|\.(?!\.))*(?<=[-a-zA-Z0-9_])@(([-&a-zA-Z0-9_]+)(\.?(?!\.)))+?(?<=\.[-.&a-zA-Z0-9]+)(?<=[-&a-zA-Z0-9]{2,})$
By aalbetski on
8/25/2008 5:37 PM
|
|