Snippet to protect email addresses from spam

[doc]

Hello,

found some threads dealing with email obfuscation or email protection here in the forum.

As I had similar problems with spam caused by unprotected mail addresses I wrote a small code snippet which creates clickable images of email addresses. In case the users has Javascript enabled, an clickable mailto: link is generated in addtion to the image.

Installation and usage:
a) download the attached code snippet and install it via the WB backend
b) add the following code line into the index.php file of your template

Code: [Select]

  <script type="text/javascript" src=" <?php echo WB_URL; ?>/modules/nospam/nospam.js"></script>c) create a code page and enter mlink("yourname@yourdomain.com");
d) view the page in the WB frontend

Customisation:
If you have long email addresses to protect (>48 characters), set the variable $maxlen in include.php to a higher value. If you want to change foreground and background color, padding or text size of the mail image to be created, have a look into the file create_img.php.

Limitations:
The function can only be invoked from a code page or from the index.php file of your template.
Images are not cached yet, so a huge amout of images may slow down your side.
Remind the ; after mlink("yourmail@yourdomain.com");

Best regards
Christian

[gelöscht durch Administrator]

[jensl1972]

Hi all!

I can't seem to get this working.

Do I use:
mlink("yourname@yourdomain.com");

in code view or do I use

<?php mlink("yourname@yourdomain.com"); ?>

in code view?

Any help would be greatly appreciated.

[doc]

Hello,

you need to use mlink("yourname@yourdomain.com"); in code pages.
In addition you need to add the following line into the <head> section of the index.php file of your template to get things working.

Code: [Select]

<script type="text/javascript" src=" <?php echo WB_URL; ?>/modules/nospam/nospam.js"></script>
Just to mention. I have modified some core files to integrate this feature by default with one of the next WB versions. The update protects all emails displayed at the WB frontend without any additional coding. All embedded mails yourname@yourdomain.com or mailto:yourname@yourdomain.de will be protected that way. The protection works the same way like the one implemented in Typo3.

Regards Christian

[Panther]

slick stuff...

Only change I would recommend is in the image alignment

Code: [Select]

$out = ' <a><img align="middle" border="0" src="' . $url . '"' . $js . '></a> ';In Firefox this aligns the middle of the image with the bottom of the surround text.

If you change it to

Code: [Select]

$out = ' <a><img align="absmiddle" border="0" src="' . $url . '"' . $js . '></a> ';Firefox will align the center of text with the center of the image.

IE treats both the same I believe.

This is handy so you can use echo in the code section you call this function to place text around the image tag.

example here: http://baker.mnpages.com/pages/snippets/no-spam.php

[doc]

Hello,

thanks for your feedback.

Have added a function to the WB core, which protects email addresses displayed on all frontend (WYSIWYG) pages without adding any code. The function scans for valid email addresses (incl. mailto: links) and modifies them like (yourmail@domain.com => yourdomain(at)domain(dot).com). It is possible to define replacements for @ and . (dot) in the top level domain part. Images are possible too. Mailto links are encrypted via Javascript and clickable if JS is enabled.

If you are interested, I can send you the core file adaptions. It´s planned to add this function to WB2.7.

Regards Christian

[marathoner]

I'd be interested in seeing these modifications to the core files...sounds like a wonderful addition.

P.S. I know you hate to set expectations too high...but do you know when WB 2.7 might be released? Is it a matter of weeks, months, or a year away?

[tomhung]

Code: [Select]

<script type="text/javascript">
function fixemail(id, username){
a = '@';
$(id).href='mail' + 'to:' + username + a + 'northwind-inc' + '.' + 'com';
}

</script>

<a href="#" id="contactus1" onclick="fixemail(this.id,'contactus')">


thats what i use.  it requires prototype.js

[DGEC]

Just to mention. I have modified some core files to integrate this feature by default with one of the next WB versions. The update protects all emails displayed at the WB frontend without any additional coding. All embedded mails yourname@yourdomain.com or mailto:yourname@yourdomain.de will be protected that way. The protection works the same way like the one implemented in Typo3.
Regards Christian

Christian, I HOPE you are making this optional? 

Not everybody likes or has have javascript on/working-correctly, despite the popularity of AJAX.  I saw something not long ago that said all of the major AJAX toolkits have a huge security flaw.

There really should be an option to turn it off, at least in the site settings, if not in individual member profile configuration. 

Hmm... nicest method might be to have an email obscuration module function - you could set it to NONE, JS, IMAGE, etc, as methods are implemented.  Especially if there are member only areas, you really don't need that feature.

For example, on my Palm Blazer, JS doesn't always work with logins - I can't log into my router for example, which I'd really like to be able to do from my Palm, and the Admin back-end of WB isn't much fun with it either.

And I've seen claims that at least some of the harvesters can read JS. I had done several things to some of my addresses and went to a testing site - it read it all easily.  I gave up.

What I'd like to do is be able to use a form instead. I.e. use a drop-down or a radio-button to pick who you want to email, and send any comment to the selected person.  Now of course, only one email is possible.

[doc]

@DGEC
Relax a little.

Per default spam protection will be switched off. Javascript encryption is an additional option which can be enabled. However, even with Javascript disabled, users will see the email address in human readable format. The only drawback, mailto links are not clickable when Javascript is switched off.

No AJAX frameworks/routines are used at all. All coding (except mailto decryption when clicking on a mailto: link) is done via PHP. The entire spam protection routine is done via adding one single function to the WB core.

As I have offered to send the code to everyone interested in, I was wondering why you do so much interpretation on how things may work instead of simply testing it and give some feedback.

Regards Christian

[spawnferkel]

Hey thank you Christian it is easy to handle and it works very fine, but is it possible to make the background of the png transparancy? Then it were much more integrated in my design. Btw I use your function in the guestbook module.

You did a great job

[doc]

Hello,

this is one of the options planned (or the use of GIF with transparent background).
You can define the background color (RGB values) via the the array $bgcolor in the file create_img.php.

Regards Christian

[spawnferkel]

Yes, thanks I've found the option in create_img.php. But I thought that also with pgn format a transparent background is possible.

Alexander

[BerndJM]

Hi Alexander,

But I thought that also with png format a transparent background is possible.

It's possible, but not supported in IE <7

Regards Bernd

[kweitzel]

There are ways around that transparent PNG support in Versions of IE earlier than 7 ... but none of them do work 100%.

1) A Javascript: http://homepage.ntlworld.com/bobosola/pnghowto.htm
2) AlphaImage Loader: http://koivi.com/ie-png-transparency/
3) Another JS: http://www.twinhelix.com/css/iepngfix/

But, like said, it doesn't work on all Versions. My W2K with the latest IE6 (2900) does not work with ANY of the found solutions.

cheers

Klaus

[Hans]

I thought it could be made possible with conditional CSS?
http://creativebits.org/webdev/ie_conditional_css

Hans

[doc]

Hello,

this post shows a solution to protect mail addresses typed into WYSIWYG pages/sections without adding any code stuff around.

The mechanism used is included in the following two core files of WB:

• /framework/frontend.functions.php
• /frameworks/class.frontend.php

The aim of the function is to protect email addresses shown at the WB frontend (WYSIWYG pages) from beeing harvested by spam robots without additional interaction by the user. The idea is based on something I found in Typo3.

The function extracts <a href="mailto:name@domain.com> and name@domain.com addresses before beeing displayed and replaces the two parts "@" and "." (only top level domain) with the values specified in the config.php via:

Code: [Select]

<?php
// enable/disable frontend email spam protection (0.. off, 1.. on)
define(&#39;SPAM_PROTECTION_MODE&#39;, &#39;1&#39;);

// example 1: replace "@" with (at) and "." with (dot); highlight replacements with different colors
define(&#39;SPAM_PROTECTION_AT_REPLACE&#39;, &#39;<em style="color:blue;">(at)</em>&#39;);
define(&#39;SPAM_PROTECTION_TLD_DOT_REPLACE&#39;, &#39;<em style="color:red;">(dot)</em>&#39;);

// example 2: replace "@" and "." with a user defined image
//define(&#39;SPAM_PROTECTION_AT_REPLACE&#39;, &#39;<img src="&#39; .WB_URL .&#39;/include/mdcr/at.gif" border="0" alt="@" />&#39;);
//define(&#39;SPAM_PROTECTION_TLD_DOT_REPLACE&#39;, &#39;<img src="&#39; .WB_URL .&#39;/include/mdcr/dot.gif" border="0" alt="." />&#39;);
?>

All mailto: references are encrypted via a Javascript function using the simple caesar encryption algorithm. Hence mailto: references are clickable if the user has Javascript enabled. The mail address itself is human readable in any case.

One need to add the follwoing line between the <head></head> section in the index.php file of your template.

Code: [Select]

  <script type="text/javascript" src=" <?php echo WB_URL; ?>/include/mdcr/mdcr.js"></script>

The attached zip package contains all required files. You can test the new function on basis of a WB v2.6.7 installation. Simply download the zip file and overwritte the existing files on your server. The original WB 2.67 core files are included in the package with the extension: _wb267.php Detailed information can be found in the README.txt file contained in the package.

You need to add the define commands to config.php file to enable the routine.

Have fun Christian

[gelöscht durch Administrator]

[Waldschwein]

Hello!

I use your spamprotection quite a while now and I think it works bugfree and very good.
I would recommend to built it in WB2.7 (of course with an option), or at least recommend it to many users.

Regards Michael

[elbview]

Hi doc

Thanx for the nice snippet "spamprotection". I just had to adjust the "example 2" in the config.php from your solution to

Code: [Select]

// example 2: replace "@" and "." with a user defined image
define('SPAM_PROTECTION_AT_REPLACE', '<img src="/include/mdcr/at.gif" border="0" alt="@" />');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="/include/mdcr/dot.gif" border="0" alt="." />');

The likely reason for my error with the original version was that I did not install WebsiteBaker into the standard directory but used an extra subdirectory. Now it works perfectly.

Ciao Elbview

[doc]

Hello,

as noted in the comment line, this is only an example. Of course you need to adapt the settings according your needs. It is also possible to use own images placed in the media directory or ...

Regards Christian

[elbview]

Hi

After playing around with the spam-protection snippet I found an error in the example 2 method (replacing @/. with graphics). Please see below the html-code which is produced by website-baker 2.6.7:

Code: [Select]

<p><span style="font-weight: bold;"><br />
E-Mail: <a href="javaacriptt:mdcr('xyz')"> bbb.ccc <img src="http://xxx<img src="http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de/cms/include/mdcr/at.gif" border="0" alt="@" />web<img src=" http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de</a></p>

Where:
my email is: bbb.ccc@web.de
my domain is: http://xxx.de
website baker is installed in http://xxx.de/cms

According to my understanding the code is wrong as the code tries to load the dot.gif (after bbb.ccc) although the at.gif would be required. And the Internet explorer displays bullshit.

FYI: I just downloaded the doc’s zip-file and followed all instruction in the file. And of course I use the original code in the config.php (not the modified one which used two posts above, as it creates the same wrong code).
 
The second strange thing is that method 1 of the spam-protection snippet (replacing @ with (at) and . with (dot) works fine, although it basically uses almost the same code (to replace the @ and . ).

Any ideas what is wrong?

Regards

Elbview

[doc]

Hello,

could not reproduce the error. My mail link looks correct.

Code: [Select]

<a href="javascript:mdcr('rfnqyt%3Ffggg3hhhE%7Cjg3ij')">bbb.ccc<img src="http://localhost/webserver/wb267_blank/include/mdcr/at.gif" border="0" alt="@" />web<img src="http://localhost/webserver/wb267_blank/include/mdcr/dot.gif" border="0" alt="." />de</a>

config.php

Code: [Select]

<?php
define(&#39;SPAM_PROTECTION_MODE&#39;, &#39;1&#39;);
define(&#39;SPAM_PROTECTION_AT_REPLACE&#39;, &#39;<img src="&#39; .WB_URL .&#39;/include/mdcr/at.gif" border="0" alt="@" />&#39;);
define(&#39;SPAM_PROTECTION_TLD_DOT_REPLACE&#39;, &#39;<img src="&#39; .WB_URL .&#39;/include/mdcr/dot.gif" border="0" alt="." />&#39;);
?>

Checked with Firefox and WB 2.6.7.

Regards Christian

[Mr._T]

The spam protection does not work, if you define a class for a link.

Example:
<a class="email" href="mailto:my@email.com">It's me</a>

This is written by FCKEditor, whenever you specify a dedicated class for links. Currently looking for an expressing, which skips the part between a and href...

Regards, Thomas

[doc]

Hello Thomas,

yes that is right. Klasses can not be used with the current implementation. If someone find a regular expression which can be used to fix this, please let me know 

Regards Christian

[Mr._T]

Fixed that issue, modified the code in frontend.functions. php a little bit. You'll find it attached. At least it solved the issue, that classes, added with FCKEditor, are kept as they are.

Find it attached here and make a new package.

Regards, Thomas

Modification of frontend.functions. php on 2007-12-07:

I modified the pattern and the result code now so, that also classes and other stuff after the link is left as it is.

This mod now matches those email anchors:

Code: [Select]

<a href="mailto:someone@onthe.web" class="someclass">Email me</a>
<a class="someclass" href="mailto:someone@onthe.web">Email me</a>


[gelöscht durch Administrator]

[doc]

Hello,

tested your fix, but it does not work for me:

Code: [Select]

<a href="mailto:bbb.ccc@web.de?subject=test" class="test">bbb.ccc@web.de</a>
<a class="test" href="mailto:bbb.ccc@web.de">bbb.ccc@web.de</a>
Both times the link is broken (with Javascript), the result is:

Code: [Select]

<a href="javascript:mdcr('ocknvq%3Ccddd0eeeBygd0fg')bbb.ccc<img src="http://localhost/include/mdcr/at.gif" border="0" ...
So I will wait for a regexp which matches all the possible solutions 

Regards Christian