From 12ee76ff4389e56545b7ac367aad07de279e797f Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@Gmail.com>
Date: Sun, 19 Feb 2023 16:46:16 +0700
Subject: [PATCH] Extended email validation

* Standard RFC-like email validation.
* Will check if there are DNS records that signal that the server accepts emails. This does not entail that the email exists.
* Will check for multi-utf-8 chars that can signal an erroneous email name.
---
 library/config.php      |  1 +
 src/Legacy/Validate.php | 23 ++++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/library/config.php b/library/config.php
index 2b3298b6d..6f6be8de4 100644
--- a/library/config.php
+++ b/library/config.php
@@ -384,6 +384,7 @@ $bb_cfg['emailer'] = [
     ],
     'ssl_type' => '', // SMTP ssl type (ssl or tls)
 ];
+$bb_cfg['extended_email_validation'] = true; // DNS & RFC checks for entered email addresses
 
 $bb_cfg['board_email'] = "noreply@$domain_name"; // admin email address
 $bb_cfg['board_email_form'] = false; // can users send email to each other via board
diff --git a/src/Legacy/Validate.php b/src/Legacy/Validate.php
index 2298d818c..083b76608 100644
--- a/src/Legacy/Validate.php
+++ b/src/Legacy/Validate.php
@@ -9,6 +9,12 @@
 
 namespace TorrentPier\Legacy;
 
+use Egulias\EmailValidator\EmailValidator;
+use Egulias\EmailValidator\Validation\DNSCheckValidation;
+use Egulias\EmailValidator\Validation\MultipleValidationWithAnd;
+use Egulias\EmailValidator\Validation\RFCValidation;
+use Egulias\EmailValidator\Validation\SpoofCheckValidation;
+
 /**
  * Class Validate
  * @package TorrentPier\Legacy
@@ -88,7 +94,7 @@ class Validate
      */
     public static function email($email, $check_ban_and_taken = true)
     {
-        global $lang, $userdata;
+        global $lang, $userdata, $bb_cfg;
 
         if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
             return $lang['EMAIL_INVALID'];
@@ -97,6 +103,21 @@ class Validate
             return $lang['EMAIL_TOO_LONG'];
         }
 
+        // Extended email validation
+        if ($bb_cfg['extended_email_validation']) {
+            $validator = new EmailValidator();
+
+            $multipleValidations = new MultipleValidationWithAnd([
+                new RFCValidation(), // Standard RFC-like email validation.
+                new DNSCheckValidation(), // Will check if there are DNS records that signal that the server accepts emails. This does not entail that the email exists.
+                new SpoofCheckValidation() // Will check for multi-utf-8 chars that can signal an erroneous email name.
+            ]);
+
+            if (!$validator->isValid($email, $multipleValidations)) {
+                return $lang['EMAIL_INVALID'];
+            }
+        }
+
         if ($check_ban_and_taken) {
             $banned_emails = array();