Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PHP echoing JavaScript for obscurity

Posted on 2014-09-26
7
217 Views
Last Modified: 2014-09-26
I have an interesting issue.  I have seen seveveral posts about using JavaScript to display email addresses in order to obscure SpamBot access to openly published emails.  I like the idea, but I wanted to add a layer of complexity to it to further obscure the matter.

I wanted to use PHP to echo the JavaScript code, and I wanted to use the sprintf() function in order to fill-in the variables in the JavaScript.  Something in the back of my head tells me this is no more obscure than just doing the JavaScript, but I thought I would press-on anyway.

Here's the problem:  it seems the PHP variables I'm using are not being retained.  I tried putting the unchanging portion of the script at the very beginning of the document (before the <Document> tag.  There, I created the variable and assigned it.  However, when I tried to "echo" the sprintf($e,'value1','value2'), it writes   0   to the page.

I have tried various configurations and placements, my most recent is listed below:

<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.A.<br />
	<?php
		$e = sprintf('<script language="javascript">var u=\'%n\';var s=\'@\';var d=\'ourdomain.edu\';document.write(\'<a href="mail\'+\'to\'+\':\'+u+s+d">Contact, %f</a>\');</script>','FirstName.LastName','Mr. FirstName');
		echo $e;
	?>
</div>

Open in new window

When I view the page source, this is what gets printed:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FristName LastName, M.A.<br />
	<script language="javascript">var u='';var s='@';var d='ourdomain.edu';document.write('<a href="mail'+'to'+':'+u+s+d">Contact, 0.000000</a>');</script>
</div>

Open in new window

0
Comment
Question by:Shane Kahkola
  • 3
  • 2
  • 2
7 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40346514
Using PHP to echo JS is just adding a layer of complexity that ends up with the same result ergo waste of time.
The end result is the same js being sent to the browser but you have wasted hours trying to get the syntax right.
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346528
Per your sentiment, I removed the PHP portion and changed it to the following:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

The result was that nothing was written to the document at that location.  Here is the Page Source view of that section:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346535
Just figured out why.  I was missing the single quote before the final double-quote of the URL
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40346538
Here is my teaching example showing how I've handled the issue.  All PHP, packaged in functions.  Look at the browser output first, then look at "view source."
http://iconoun.com/demo/obscure_email.php

<?php // demo/obscure_email.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE EMAIL ADDRESSES TO REDUCE 'BOT HARVESTING


// RETURN OBFUSCATED STRING
function obscure($raw)
{
    $chrs = str_split(trim($raw));
    $done = '';
    for ($k=0; $k < count($chrs); $k++)
    {
        $done.='&#'.ord($chrs[$k]).';';
    }

    // RANDOM UPPERCASE CHANGES
    $nums = range(65,90);
    $chrs = range('A', 'Z');
    $ran1 = rand(65,90);
    $ran2 = rand(65,90);
    $ran3 = rand(65,90);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-65], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-65], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-65], $done);

    // RANDOM LOWERCASE CHANGES
    $nums = range(97,122);
    $chrs = range('a', 'z');
    $ran1 = rand(97,122);
    $ran2 = rand(97,122);
    $ran3 = rand(97,122);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-97], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-97], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-97], $done);

    // RANDOM NUMERIC CHANGES
    $nums = range(48,57);
    $chrs = range('0', '9');
    $ran1 = rand(48,57);
    $ran2 = rand(48,57);
    $ran3 = rand(48,57);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-48], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-48], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-48], $done);

    return $done;
}


// RETURN AN OBFUSCATED EMAIL LINK
function eMail($email='feedback', $subject='', $label='', $title='Email Link', $class='mailto')
{
    // SET DEFAULT VALUES FOR DOMAIN, EMAIL, SUBJECT AND LABEL
    $domain = $_SERVER["HTTP_HOST"];
    if (preg_match('#^www\.#i', $domain))
    {
        $domain = substr($domain,4);
    }
    if (!preg_match("#@#", $email))
    {
        $email .= "@" . $domain;
    }
    if (empty($subject))
    {
        $subject = "?subject=$domain Inquiry";
    }
    else
    {
        $subject = "?subject=$subject";
    }
    if (empty($label))
    {
        $label = "$email";
    }

    // OBSCURE SOME THINGS, BUT NOT CSS CLASS
    $mailto  = obscure('mailto:');
    $email   = obscure($email);
    $subject = obscure($subject);
    $label   = obscure($label);
    $title   = obscure($title);
    $string
    = '<span style="white-space:nowrap;">'
    . '<a class="'
    . $class
    . '" title="'
    . $title
    . '" href="'
    . $mailto
    . $email
    . $subject
    . '">'
    . $label
    . '</a>'
    . '</span>'
    ;
    return $string;
}


// CAPTURE THE ENCODED STRINGS
ob_start();


// CHARACTER CHECK USING THE OBSCURE CLASS STANDALONE
$str = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789';
echo PHP_EOL . '<br/>' . $str;
$new = obscure($str);
echo PHP_EOL . '<br/>' . $new;


// DEMONSTRATE THE EMAIL TEST CASES
echo PHP_EOL . '<br/>' . email();
echo PHP_EOL . '<br/>' . email('RAY');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com');
echo PHP_EOL . '<br/>' . email('foo', 'Your New Subject Here');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com', 'Whats Updock?', 'Click to Email', 'Click This to Send Email', 'my_style');

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40346540
A lot easier to read!
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346576
Well, because I lack the time, and the experience, to make full sense of what you posted, Ray, may I use your code?  If so, how do I credit you satisfactorily?
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40346609
Of course you can use the code, I've used it in several classroom settings.  It's free and open source.  No credits required at all.  I would only point out that I have not tested it exhaustively with every modern browser.  It's something I wrote a few years ago, so you might want to test it with current versions of IE, Firefox, Chrome and Safari.  I would expect no problems, but tests have a way of proving or disproving expectations!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question