Solved

PHP echoing JavaScript for obscurity

Posted on 2014-09-26
7
214 Views
Last Modified: 2014-09-26
I have an interesting issue.  I have seen seveveral posts about using JavaScript to display email addresses in order to obscure SpamBot access to openly published emails.  I like the idea, but I wanted to add a layer of complexity to it to further obscure the matter.

I wanted to use PHP to echo the JavaScript code, and I wanted to use the sprintf() function in order to fill-in the variables in the JavaScript.  Something in the back of my head tells me this is no more obscure than just doing the JavaScript, but I thought I would press-on anyway.

Here's the problem:  it seems the PHP variables I'm using are not being retained.  I tried putting the unchanging portion of the script at the very beginning of the document (before the <Document> tag.  There, I created the variable and assigned it.  However, when I tried to "echo" the sprintf($e,'value1','value2'), it writes   0   to the page.

I have tried various configurations and placements, my most recent is listed below:

<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.A.<br />
	<?php
		$e = sprintf('<script language="javascript">var u=\'%n\';var s=\'@\';var d=\'ourdomain.edu\';document.write(\'<a href="mail\'+\'to\'+\':\'+u+s+d">Contact, %f</a>\');</script>','FirstName.LastName','Mr. FirstName');
		echo $e;
	?>
</div>

Open in new window

When I view the page source, this is what gets printed:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FristName LastName, M.A.<br />
	<script language="javascript">var u='';var s='@';var d='ourdomain.edu';document.write('<a href="mail'+'to'+':'+u+s+d">Contact, 0.000000</a>');</script>
</div>

Open in new window

0
Comment
Question by:Shane Kahkola
  • 3
  • 2
  • 2
7 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40346514
Using PHP to echo JS is just adding a layer of complexity that ends up with the same result ergo waste of time.
The end result is the same js being sent to the browser but you have wasted hours trying to get the syntax right.
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346528
Per your sentiment, I removed the PHP portion and changed it to the following:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

The result was that nothing was written to the document at that location.  Here is the Page Source view of that section:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346535
Just figured out why.  I was missing the single quote before the final double-quote of the URL
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40346538
Here is my teaching example showing how I've handled the issue.  All PHP, packaged in functions.  Look at the browser output first, then look at "view source."
http://iconoun.com/demo/obscure_email.php

<?php // demo/obscure_email.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE EMAIL ADDRESSES TO REDUCE 'BOT HARVESTING


// RETURN OBFUSCATED STRING
function obscure($raw)
{
    $chrs = str_split(trim($raw));
    $done = '';
    for ($k=0; $k < count($chrs); $k++)
    {
        $done.='&#'.ord($chrs[$k]).';';
    }

    // RANDOM UPPERCASE CHANGES
    $nums = range(65,90);
    $chrs = range('A', 'Z');
    $ran1 = rand(65,90);
    $ran2 = rand(65,90);
    $ran3 = rand(65,90);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-65], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-65], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-65], $done);

    // RANDOM LOWERCASE CHANGES
    $nums = range(97,122);
    $chrs = range('a', 'z');
    $ran1 = rand(97,122);
    $ran2 = rand(97,122);
    $ran3 = rand(97,122);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-97], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-97], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-97], $done);

    // RANDOM NUMERIC CHANGES
    $nums = range(48,57);
    $chrs = range('0', '9');
    $ran1 = rand(48,57);
    $ran2 = rand(48,57);
    $ran3 = rand(48,57);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-48], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-48], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-48], $done);

    return $done;
}


// RETURN AN OBFUSCATED EMAIL LINK
function eMail($email='feedback', $subject='', $label='', $title='Email Link', $class='mailto')
{
    // SET DEFAULT VALUES FOR DOMAIN, EMAIL, SUBJECT AND LABEL
    $domain = $_SERVER["HTTP_HOST"];
    if (preg_match('#^www\.#i', $domain))
    {
        $domain = substr($domain,4);
    }
    if (!preg_match("#@#", $email))
    {
        $email .= "@" . $domain;
    }
    if (empty($subject))
    {
        $subject = "?subject=$domain Inquiry";
    }
    else
    {
        $subject = "?subject=$subject";
    }
    if (empty($label))
    {
        $label = "$email";
    }

    // OBSCURE SOME THINGS, BUT NOT CSS CLASS
    $mailto  = obscure('mailto:');
    $email   = obscure($email);
    $subject = obscure($subject);
    $label   = obscure($label);
    $title   = obscure($title);
    $string
    = '<span style="white-space:nowrap;">'
    . '<a class="'
    . $class
    . '" title="'
    . $title
    . '" href="'
    . $mailto
    . $email
    . $subject
    . '">'
    . $label
    . '</a>'
    . '</span>'
    ;
    return $string;
}


// CAPTURE THE ENCODED STRINGS
ob_start();


// CHARACTER CHECK USING THE OBSCURE CLASS STANDALONE
$str = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789';
echo PHP_EOL . '<br/>' . $str;
$new = obscure($str);
echo PHP_EOL . '<br/>' . $new;


// DEMONSTRATE THE EMAIL TEST CASES
echo PHP_EOL . '<br/>' . email();
echo PHP_EOL . '<br/>' . email('RAY');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com');
echo PHP_EOL . '<br/>' . email('foo', 'Your New Subject Here');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com', 'Whats Updock?', 'Click to Email', 'Click This to Send Email', 'my_style');

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40346540
A lot easier to read!
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346576
Well, because I lack the time, and the experience, to make full sense of what you posted, Ray, may I use your code?  If so, how do I credit you satisfactorily?
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40346609
Of course you can use the code, I've used it in several classroom settings.  It's free and open source.  No credits required at all.  I would only point out that I have not tested it exhaustively with every modern browser.  It's something I wrote a few years ago, so you might want to test it with current versions of IE, Firefox, Chrome and Safari.  I would expect no problems, but tests have a way of proving or disproving expectations!
0

Featured Post

ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
two ways encryption with php 3 28
Which userID to use for shopping cart application 13 19
How do I fix this UPDATE error? 7 24
How to deal with the query string 8 27
This article discusses four methods for overlaying images in a container on a web page
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question