Solved

PHP echoing JavaScript for obscurity

Posted on 2014-09-26
7
234 Views
Last Modified: 2014-09-26
I have an interesting issue.  I have seen seveveral posts about using JavaScript to display email addresses in order to obscure SpamBot access to openly published emails.  I like the idea, but I wanted to add a layer of complexity to it to further obscure the matter.

I wanted to use PHP to echo the JavaScript code, and I wanted to use the sprintf() function in order to fill-in the variables in the JavaScript.  Something in the back of my head tells me this is no more obscure than just doing the JavaScript, but I thought I would press-on anyway.

Here's the problem:  it seems the PHP variables I'm using are not being retained.  I tried putting the unchanging portion of the script at the very beginning of the document (before the <Document> tag.  There, I created the variable and assigned it.  However, when I tried to "echo" the sprintf($e,'value1','value2'), it writes   0   to the page.

I have tried various configurations and placements, my most recent is listed below:

<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.A.<br />
	<?php
		$e = sprintf('<script language="javascript">var u=\'%n\';var s=\'@\';var d=\'ourdomain.edu\';document.write(\'<a href="mail\'+\'to\'+\':\'+u+s+d">Contact, %f</a>\');</script>','FirstName.LastName','Mr. FirstName');
		echo $e;
	?>
</div>

Open in new window

When I view the page source, this is what gets printed:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FristName LastName, M.A.<br />
	<script language="javascript">var u='';var s='@';var d='ourdomain.edu';document.write('<a href="mail'+'to'+':'+u+s+d">Contact, 0.000000</a>');</script>
</div>

Open in new window

0
Comment
Question by:Shane Kahkola
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40346514
Using PHP to echo JS is just adding a layer of complexity that ends up with the same result ergo waste of time.
The end result is the same js being sent to the browser but you have wasted hours trying to get the syntax right.
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346528
Per your sentiment, I removed the PHP portion and changed it to the following:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

The result was that nothing was written to the document at that location.  Here is the Page Source view of that section:
<div class="arial_plain_13" style="display: block; float: left; width: 300px">
	Mr. FirstName LastName, M.Div.<br />
	<script language="javascript">
		var u='FirstName.LastName';
		var s='@';
		var d='ourdomain.edu';
		document.write('<a href="mail'+'to'+':'+u+s+d">Contact, Mr. FirstName</a><br />&nbsp;');
	</script>
</div>

Open in new window

0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346535
Just figured out why.  I was missing the single quote before the final double-quote of the URL
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40346538
Here is my teaching example showing how I've handled the issue.  All PHP, packaged in functions.  Look at the browser output first, then look at "view source."
http://iconoun.com/demo/obscure_email.php

<?php // demo/obscure_email.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE EMAIL ADDRESSES TO REDUCE 'BOT HARVESTING


// RETURN OBFUSCATED STRING
function obscure($raw)
{
    $chrs = str_split(trim($raw));
    $done = '';
    for ($k=0; $k < count($chrs); $k++)
    {
        $done.='&#'.ord($chrs[$k]).';';
    }

    // RANDOM UPPERCASE CHANGES
    $nums = range(65,90);
    $chrs = range('A', 'Z');
    $ran1 = rand(65,90);
    $ran2 = rand(65,90);
    $ran3 = rand(65,90);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-65], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-65], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-65], $done);

    // RANDOM LOWERCASE CHANGES
    $nums = range(97,122);
    $chrs = range('a', 'z');
    $ran1 = rand(97,122);
    $ran2 = rand(97,122);
    $ran3 = rand(97,122);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-97], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-97], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-97], $done);

    // RANDOM NUMERIC CHANGES
    $nums = range(48,57);
    $chrs = range('0', '9');
    $ran1 = rand(48,57);
    $ran2 = rand(48,57);
    $ran3 = rand(48,57);
    $done = str_replace('&#' . "$ran1" . ';', $chrs[$ran1-48], $done);
    $done = str_replace('&#' . "$ran2" . ';', $chrs[$ran2-48], $done);
    $done = str_replace('&#' . "$ran3" . ';', $chrs[$ran3-48], $done);

    return $done;
}


// RETURN AN OBFUSCATED EMAIL LINK
function eMail($email='feedback', $subject='', $label='', $title='Email Link', $class='mailto')
{
    // SET DEFAULT VALUES FOR DOMAIN, EMAIL, SUBJECT AND LABEL
    $domain = $_SERVER["HTTP_HOST"];
    if (preg_match('#^www\.#i', $domain))
    {
        $domain = substr($domain,4);
    }
    if (!preg_match("#@#", $email))
    {
        $email .= "@" . $domain;
    }
    if (empty($subject))
    {
        $subject = "?subject=$domain Inquiry";
    }
    else
    {
        $subject = "?subject=$subject";
    }
    if (empty($label))
    {
        $label = "$email";
    }

    // OBSCURE SOME THINGS, BUT NOT CSS CLASS
    $mailto  = obscure('mailto:');
    $email   = obscure($email);
    $subject = obscure($subject);
    $label   = obscure($label);
    $title   = obscure($title);
    $string
    = '<span style="white-space:nowrap;">'
    . '<a class="'
    . $class
    . '" title="'
    . $title
    . '" href="'
    . $mailto
    . $email
    . $subject
    . '">'
    . $label
    . '</a>'
    . '</span>'
    ;
    return $string;
}


// CAPTURE THE ENCODED STRINGS
ob_start();


// CHARACTER CHECK USING THE OBSCURE CLASS STANDALONE
$str = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789';
echo PHP_EOL . '<br/>' . $str;
$new = obscure($str);
echo PHP_EOL . '<br/>' . $new;


// DEMONSTRATE THE EMAIL TEST CASES
echo PHP_EOL . '<br/>' . email();
echo PHP_EOL . '<br/>' . email('RAY');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com');
echo PHP_EOL . '<br/>' . email('foo', 'Your New Subject Here');
echo PHP_EOL . '<br/>' . email('Ray.Paseur@Gmail.com', 'Whats Updock?', 'Click to Email', 'Click This to Send Email', 'my_style');

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40346540
A lot easier to read!
0
 
LVL 3

Author Comment

by:Shane Kahkola
ID: 40346576
Well, because I lack the time, and the experience, to make full sense of what you posted, Ray, may I use your code?  If so, how do I credit you satisfactorily?
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40346609
Of course you can use the code, I've used it in several classroom settings.  It's free and open source.  No credits required at all.  I would only point out that I have not tested it exhaustively with every modern browser.  It's something I wrote a few years ago, so you might want to test it with current versions of IE, Firefox, Chrome and Safari.  I would expect no problems, but tests have a way of proving or disproving expectations!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
This article discusses how to implement server side field validation and display customized error messages to the client.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question