A Script to test an email account

Hi:

Does anyone have a Perl or PHP Script to just test the existence of an email account? Let's imagine a form field where we put the account info, like ACCOUNT NAME, POP SERVER (and PASSWORD if needed) and the Script would just test anyway that account and say: Yes it exists and is active (or something like this).

Thanks

Mario./
multisitesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StormyWatersCommented:
you could use imap_open() and test for an error, but you would need their password to check their account, etc. Far, far to insecure. I think that'd be the only way to do it.

Easier to just send them a confirmation e-mail.
0
multisitesAuthor Commented:
Well, StormyWaters, I thank you, but it sounds like greek for me, because I'm not a programmer. So, I need something like a ready-made Script.

Mario./
0
StormyWatersCommented:
There is no real way to do this without compromising people's security.


It's much easier to send a confirmation e-mail like most major companies do. Use this php script:


Change the $content variable to whatever you want, and the stuff in the $header variable to whatever you want it to be from.
<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Your E-mail</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>

<body>
<?
$email = $HTTP_POST_VARS['email'];
if(isset($email)) {
  $content = "Hello! Someone has used your e-mail address to sign up for our site. To confirm this, follow this link:\nhttp://www.yoursite.com/confirm.php?code=".base64_encode($email)."\nThank you for your time.";
  $subject = "Confirm address";
  $headers = "From: Intelligent Shade Of Blue mailer";
  mail($email, $subject, $content, $headers);
  echo "An email has been sent to $email. Please confirm it.";
} else {
echo <<<END
  <form method="post" action="$PHP_SELF">
  <input type="text" name="email" />
  <input type="submit" name="sbmt" value="Submit!"/>
  </form>
END;
}
?>
</body>
</html>

That's your form page.



Then this is confirm.php:
Do whatever you want if they've got a valid address where I've just echo'd some information.
<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>

<body>
<?
$email = $HTTP_GET_VARS['code'];
if(isset($email)) {
  echo 'Address '.base64_decode($email).' confirmed.';
}
?>
</body>
</html>

0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

StormyWatersCommented:
I'm sorry, the server I tested that script on runs an old version of PHP.
$HTTP_GET_VARS should be replaced with $_GET and $HTTP_POST_VARS with $_POST on newer versions.
0
multisitesAuthor Commented:
Great, StormyWaters, it does exactly what I need. But before accepting, please, explain to me why people's security is compromised with such a procedure? At which extent it could be a danger to my domain/server?

Thanks,

Mario./
0
StormyWatersCommented:
In order to check their account, you would need to know their e-mail account's password. Firstly, nobody in their right mind would give that to you, even if your purpose was honest. Secondly, if you didn't have a secure server others could retrieve that information and get people's passwords.
As I said, it's relatively simple to use a confirmation email script, so I wouldn't suggest using something different.
0
multisitesAuthor Commented:
Hi, StormyWaters:

Ansewring to your first comment, as a matter of fact, this procedure will be used by each of our customers, individually, that is, when we give him/her a new mailbox, he/she will test his/her own mailbox. So, here there's no problem about password, ok?

I didn't understand your second comment that says that others could retrieve that information and get people's password.

And finally, you told about using a simple confirmation email script. That's what I want. This one you wrote above, and I have already tested, isn't it one of these you mentioned?

Mario./
0
StormyWatersCommented:
I thought what you wanted was a way to test, by connecting to a server, whether a certain address exists. I gave you a different script, which sends an e-mail to that account, and has them confirm that it exists. They're different. There's no security problem with the script I gave you, but what I *thought* you were suggestion (which you might not have been, apparently), there is one. Using a confirmation e-mail in no way asks for the user's password, and is therefore more secure.

Ask for password, run a function to detect if the account exists: insecure.
Confirmation e-mail, the script I gave you: no security risk.

Sorry if there was any confusion.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.