?
Solved

PHP echoing JavaScript for obscurity

Posted on 2014-09-26
7
Medium Priority
?
241 Views
Last Modified: 2014-09-26
I have an interesting issue.  I have seen seveveral posts about using JavaScript to display email addresses in order to obscure SpamBot access to openly published emails.  I like the idea, but I wanted to add a layer of complexity to it to further obscure the matter.

I wanted to use PHP to echo the JavaScript code, and I wanted to use the sprintf() function in order to fill-in the variables in the JavaScript.  Something in the back of my head tells me this is no more obscure than just doing the JavaScript, but I thought I would press-on anyway.

Here's the problem:  it seems the PHP variables I'm using are not being retained.  I tried putting the unchanging portion of the script at the very beginning of the document (before the <Document> tag.  There, I created the variable and assigned it.  However, when I tried to "echo" the sprintf($e,'value1','value2'), it writes   0   to the page.

I have tried various configurations and placements, my most recent is listed below:

<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.A.<br />
	<?php
		$e = sprintf('<script language="javascript">var u=\'%n\';var s=\'@\';var d=\'ourdomain.edu\';document.write(\'<a href="mail\'+\'to\'+\':\'+u+s+d">Contact, %f</a>\');</script>','FirstName.LastName','Mr. FirstName');
		echo $e;
	?>
</div>

Open in new window

When I view the page source, this is what gets printed:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FristName LastName, M.A.<br />
	<script language="javascript">var u='';var s='@';var d='ourdomain.edu';document.write('<a href="mail'+'to'+':'+u+s+d">Contact, 0.000000</a>');</script>
</div>

Open in new window

0
Comment
Question by:Shane Kahkola
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40346514
Using PHP to echo JS is just adding a layer of complexity that ends up with the same result ergo waste of time.
The end result is the same js being sent to the browser but you have wasted hours trying to get the syntax right.
0
 
LVL 4

Author Comment

by:Shane Kahkola
ID: 40346528
Per your sentiment, I removed the PHP portion and changed it to the following:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

The result was that nothing was written to the document at that location.  Here is the Page Source view of that section:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

0
 
LVL 4

Author Comment

by:Shane Kahkola
ID: 40346535
Just figured out why.  I was missing the single quote before the final double-quote of the URL
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40346538
Here is my teaching example showing how I've handled the issue.  All PHP, packaged in functions.  Look at the browser output first, then look at "view source."
http://iconoun.com/demo/obscure_email.php

<?php // demo/obscure_email.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE EMAIL ADDRESSES TO REDUCE 'BOT HARVESTING


// RETURN OBFUSCATED STRING
function obscure($raw)
{
    $chrs = str_split(trim($raw));
    $done = '';
    for ($k=0; $k < count($chrs); $k++)
    {
        $done.='&#'.ord($chrs[$k]).';';
    }

    // RANDOM UPPERCASE CHANGES
    $nums = range(65,90);
    $chrs = range('A', 'Z');
    $ran1 = rand(65,90);
    $ran2 = rand(65,90);
    $ran3 = rand(65,90);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-65], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-65], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-65], $done);

    // RANDOM LOWERCASE CHANGES
    $nums = range(97,122);
    $chrs = range('a', 'z');
    $ran1 = rand(97,122);
    $ran2 = rand(97,122);
    $ran3 = rand(97,122);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-97], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-97], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-97], $done);

    // RANDOM NUMERIC CHANGES
    $nums = range(48,57);
    $chrs = range('0', '9');
    $ran1 = rand(48,57);
    $ran2 = rand(48,57);
    $ran3 = rand(48,57);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-48], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-48], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-48], $done);

    return $done;
}


// RETURN AN OBFUSCATED EMAIL LINK
function eMail($email='feedback', $subject='', $label='', $title='Email Link', $class='mailto')
{
    // SET DEFAULT VALUES FOR DOMAIN, EMAIL, SUBJECT AND LABEL
    $domain = $_SERVER["HTTP_HOST"];
    if (preg_match('#^www\.#i', $domain))
    {
        $domain = substr($domain,4);
    }
    if (!preg_match("#@#", $email))
    {
        $email .= "@" . $domain;
    }
    if (empty($subject))
    {
        $subject = "?subject=$domain Inquiry";
    }
    else
    {
        $subject = "?subject=$subject";
    }
    if (empty($label))
    {
        $label = "$email";
    }

    // OBSCURE SOME THINGS, BUT NOT CSS CLASS
    $mailto  = obscure('mailto:');
    $email   = obscure($email);
    $subject = obscure($subject);
    $label   = obscure($label);
    $title   = obscure($title);
    $string
    = '<span style="white-space:nowrap;">'
    . '<a class="'
    . $class
    . '" title="'
    . $title
    . '" href="'
    . $mailto
    . $email
    . $subject
    . '">'
    . $label
    . '</a>'
    . '</span>'
    ;
    return $string;
}


// CAPTURE THE ENCODED STRINGS
ob_start();


// CHARACTER CHECK USING THE OBSCURE CLASS STANDALONE
$str = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789';
echo PHP_EOL . '<br/>' . $str;
$new = obscure($str);
echo PHP_EOL . '<br/>' . $new;


// DEMONSTRATE THE EMAIL TEST CASES
echo PHP_EOL . '<br/>' . email();
echo PHP_EOL . '<br/>' . email('RAY');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com');
echo PHP_EOL . '<br/>' . email('foo', 'Your New Subject Here');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com', 'Whats Updock?', 'Click to Email', 'Click This to Send Email', 'my_style');

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40346540
A lot easier to read!
0
 
LVL 4

Author Comment

by:Shane Kahkola
ID: 40346576
Well, because I lack the time, and the experience, to make full sense of what you posted, Ray, may I use your code?  If so, how do I credit you satisfactorily?
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 40346609
Of course you can use the code, I've used it in several classroom settings.  It's free and open source.  No credits required at all.  I would only point out that I have not tested it exhaustively with every modern browser.  It's something I wrote a few years ago, so you might want to test it with current versions of IE, Firefox, Chrome and Safari.  I would expect no problems, but tests have a way of proving or disproving expectations!
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question