Validating strong passwords perl 3 dating series
yes -This is precisely the reason why you let the user bypass your check with a confirmation.
It's likely that most of your users who enter something without a period made a mistake.
If there are legitimate emails that don't follow RFC, you should absolutely allow users to enter non-RFC-compliant email addresses. Anybody can go online and search for an email validating regex, but as some have pointed out, many are too strict and don't allow for, say, tagged email addresses (email [email protected]). However, it seems like saying "most email validation regexes are broken" is equivalent to saying "email validation regex is hard"This technique is hinted about, and I don't claim it as my own creation.
I think the easiest (maybe not the best) route for both devs and users is:[submit]does email address have a '@' and a '.' after that?
Instead of being an error when the e-mail fails validation though, it would say something like: "your e-mail does not appear valid; please double check your entry.
You will be sent an activation e-mail; click [Continue] if you're sure the address is valid."Basically if it fails the "99%" test, then if that fails, let the user decide if their e-mail is in the 1% or not.
A couple years ago Evan Phoenix (of rubinius) and I collaborated (by which I mean he wrote the grammar and I did almost nothing) on a REAL RFC compliant email address validator using a PEG for parsing: https://github.com/larb/email_address_validator I don't know that anyone uses it, or would even want to use it.
It was a fun project, but I certainly wouldn't use it in an app (unless it was an MTA or MUA).
It wouldn't be RFC-compliant, but it would catch 99% of typos.Being able to send an email is a much better test because it matches what you're going to use the email address for in your app.But your way, if the user makes a typo like "[email protected]@bar,com" then he will expect to receive an email but wont.Edit: sorry for the echo, bigiain - I saw your post right after adding the comment. I've used internal zones of that form extensively without issue on all the common OSS MTAs (postfix, sendmail, exim).I'm unaware of any common MTA software which wouldn't handle it.imperial Wicket's approach would still work fine in that case when [email protected] clicks the "Yes, that's really my email adress" button - and I suspect he'd be pleasantly surprised to see it work, I'll bet he's got a very high expectation of that address failing completely on most websites...
The related RFC 2821, the successor to RFC 821 that is now obsoleted by RFC 5321, is for SMTP.