Solved

PHP echoing JavaScript for obscurity

Posted on 2014-09-26
7
203 Views
Last Modified: 2014-09-26
I have an interesting issue.  I have seen seveveral posts about using JavaScript to display email addresses in order to obscure SpamBot access to openly published emails.  I like the idea, but I wanted to add a layer of complexity to it to further obscure the matter.

I wanted to use PHP to echo the JavaScript code, and I wanted to use the sprintf() function in order to fill-in the variables in the JavaScript.  Something in the back of my head tells me this is no more obscure than just doing the JavaScript, but I thought I would press-on anyway.

Here's the problem:  it seems the PHP variables I'm using are not being retained.  I tried putting the unchanging portion of the script at the very beginning of the document (before the <Document> tag.  There, I created the variable and assigned it.  However, when I tried to "echo" the sprintf($e,'value1','value2'), it writes   0   to the page.

I have tried various configurations and placements, my most recent is listed below:

<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.A.<br />
	<?php
		$e = sprintf('<script language="javascript">var u=\'%n\';var s=\'@\';var d=\'ourdomain.edu\';document.write(\'<a href="mail\'+\'to\'+\':\'+u+s+d">Contact, %f</a>\');</script>','FirstName.LastName','Mr. FirstName');
		echo $e;
	?>
</div>

Open in new window

When I view the page source, this is what gets printed:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FristName LastName, M.A.<br />
	<script language="javascript">var u='';var s='@';var d='ourdomain.edu';document.write('<a href="mail'+'to'+':'+u+s+d">Contact, 0.000000</a>');</script>
</div>

Open in new window

0
Comment
Question by:Shane Kahkola
  • 3
  • 2
  • 2
7 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40346514
Using PHP to echo JS is just adding a layer of complexity that ends up with the same result ergo waste of time.
The end result is the same js being sent to the browser but you have wasted hours trying to get the syntax right.
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346528
Per your sentiment, I removed the PHP portion and changed it to the following:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

The result was that nothing was written to the document at that location.  Here is the Page Source view of that section:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346535
Just figured out why.  I was missing the single quote before the final double-quote of the URL
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40346538
Here is my teaching example showing how I've handled the issue.  All PHP, packaged in functions.  Look at the browser output first, then look at "view source."
http://iconoun.com/demo/obscure_email.php

<?php // demo/obscure_email.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE EMAIL ADDRESSES TO REDUCE 'BOT HARVESTING


// RETURN OBFUSCATED STRING
function obscure($raw)
{
    $chrs = str_split(trim($raw));
    $done = '';
    for ($k=0; $k < count($chrs); $k++)
    {
        $done.='&#'.ord($chrs[$k]).';';
    }

    // RANDOM UPPERCASE CHANGES
    $nums = range(65,90);
    $chrs = range('A', 'Z');
    $ran1 = rand(65,90);
    $ran2 = rand(65,90);
    $ran3 = rand(65,90);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-65], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-65], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-65], $done);

    // RANDOM LOWERCASE CHANGES
    $nums = range(97,122);
    $chrs = range('a', 'z');
    $ran1 = rand(97,122);
    $ran2 = rand(97,122);
    $ran3 = rand(97,122);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-97], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-97], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-97], $done);

    // RANDOM NUMERIC CHANGES
    $nums = range(48,57);
    $chrs = range('0', '9');
    $ran1 = rand(48,57);
    $ran2 = rand(48,57);
    $ran3 = rand(48,57);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-48], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-48], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-48], $done);

    return $done;
}


// RETURN AN OBFUSCATED EMAIL LINK
function eMail($email='feedback', $subject='', $label='', $title='Email Link', $class='mailto')
{
    // SET DEFAULT VALUES FOR DOMAIN, EMAIL, SUBJECT AND LABEL
    $domain = $_SERVER["HTTP_HOST"];
    if (preg_match('#^www\.#i', $domain))
    {
        $domain = substr($domain,4);
    }
    if (!preg_match("#@#", $email))
    {
        $email .= "@" . $domain;
    }
    if (empty($subject))
    {
        $subject = "?subject=$domain Inquiry";
    }
    else
    {
        $subject = "?subject=$subject";
    }
    if (empty($label))
    {
        $label = "$email";
    }

    // OBSCURE SOME THINGS, BUT NOT CSS CLASS
    $mailto  = obscure('mailto:');
    $email   = obscure($email);
    $subject = obscure($subject);
    $label   = obscure($label);
    $title   = obscure($title);
    $string
    = '<span style="white-space:nowrap;">'
    . '<a class="'
    . $class
    . '" title="'
    . $title
    . '" href="'
    . $mailto
    . $email
    . $subject
    . '">'
    . $label
    . '</a>'
    . '</span>'
    ;
    return $string;
}


// CAPTURE THE ENCODED STRINGS
ob_start();


// CHARACTER CHECK USING THE OBSCURE CLASS STANDALONE
$str = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789';
echo PHP_EOL . '<br/>' . $str;
$new = obscure($str);
echo PHP_EOL . '<br/>' . $new;


// DEMONSTRATE THE EMAIL TEST CASES
echo PHP_EOL . '<br/>' . email();
echo PHP_EOL . '<br/>' . email('RAY');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com');
echo PHP_EOL . '<br/>' . email('foo', 'Your New Subject Here');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com', 'Whats Updock?', 'Click to Email', 'Click This to Send Email', 'my_style');

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40346540
A lot easier to read!
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346576
Well, because I lack the time, and the experience, to make full sense of what you posted, Ray, may I use your code?  If so, how do I credit you satisfactorily?
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40346609
Of course you can use the code, I've used it in several classroom settings.  It's free and open source.  No credits required at all.  I would only point out that I have not tested it exhaustively with every modern browser.  It's something I wrote a few years ago, so you might want to test it with current versions of IE, Firefox, Chrome and Safari.  I would expect no problems, but tests have a way of proving or disproving expectations!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now