WebsiteBaker Community Forum
WebsiteBaker Support (2.8.x) => Droplets & Snippets => Topic started by: doc on March 29, 2007, 04:46:50 PM
-
Hello,
found some threads dealing with email obfuscation (http://forum.WebsiteBaker.org/index.php/topic,5816.0.html) or email protection (http://forum.WebsiteBaker.org/index.php/topic,4571.0.html) here in the forum.
As I had similar problems with spam caused by unprotected mail addresses I wrote a small code snippet which creates clickable images of email addresses. In case the users has Javascript enabled, an clickable mailto: link is generated in addtion to the image.
Installation and usage:
a) download the attached code snippet and install it via the WB backend
b) add the following code line into the index.php file of your template
<script type="text/javascript" src=" <?php echo WB_URL; ?>/modules/nospam/nospam.js"></script>c) create a code page and enter mlink("yourname@yourdomain.com");
d) view the page in the WB frontend
Customisation:
If you have long email addresses to protect (>48 characters), set the variable $maxlen in include.php to a higher value. If you want to change foreground and background color, padding or text size of the mail image to be created, have a look into the file create_img.php.
Limitations:
The function can only be invoked from a code page or from the index.php file of your template.
Images are not cached yet, so a huge amout of images may slow down your side.
Remind the ; after mlink("yourmail@yourdomain.com");
Best regards
Christian
[gelöscht durch Administrator]
-
Hi all!
I can't seem to get this working.
Do I use:
mlink("yourname@yourdomain.com");
in code view or do I use
<?php mlink("yourname@yourdomain.com"); ?>
in code view?
Any help would be greatly appreciated.
-
Hello,
you need to use mlink("yourname@yourdomain.com"); in code pages.
In addition you need to add the following line into the <head> section of the index.php file of your template to get things working.<script type="text/javascript" src=" <?php echo WB_URL; ?>/modules/nospam/nospam.js"></script>
Just to mention. I have modified some core files to integrate this feature by default with one of the next WB versions. The update protects all emails displayed at the WB frontend without any additional coding. All embedded mails yourname@yourdomain.com or mailto:yourname@yourdomain.de will be protected that way. The protection works the same way like the one implemented in Typo3 (http://typo3forum.hosting-agency.de/email-spam-protection-t48.html).
Regards Christian
-
slick stuff...
Only change I would recommend is in the image alignment
$out = ' <a><img align="middle" border="0" src="' . $url . '"' . $js . '></a> ';In Firefox this aligns the middle of the image with the bottom of the surround text.
If you change it to
$out = ' <a><img align="absmiddle" border="0" src="' . $url . '"' . $js . '></a> ';Firefox will align the center of text with the center of the image.
IE treats both the same I believe.
This is handy so you can use echo in the code section you call this function to place text around the image tag.
example here: http://baker.mnpages.com/pages/snippets/no-spam.php (http://baker.mnpages.com/pages/snippets/no-spam.php)
-
Hello,
thanks for your feedback.
Have added a function to the WB core, which protects email addresses displayed on all frontend (WYSIWYG) pages without adding any code. The function scans for valid email addresses (incl. mailto: links) and modifies them like (yourmail@domain.com => yourdomain(at)domain(dot).com). It is possible to define replacements for @ and . (dot) in the top level domain part. Images are possible too. Mailto links are encrypted via Javascript and clickable if JS is enabled.
If you are interested, I can send you the core file adaptions. It´s planned to add this function to WB2.7.
Regards Christian
-
I'd be interested in seeing these modifications to the core files...sounds like a wonderful addition.
P.S. I know you hate to set expectations too high...but do you know when WB 2.7 might be released? Is it a matter of weeks, months, or a year away?
-
<script type="text/javascript">
function fixemail(id, username){
a = '@';
$(id).href='mail' + 'to:' + username + a + 'northwind-inc' + '.' + 'com';
}
</script>
<a href="#" id="contactus1" onclick="fixemail(this.id,'contactus')">
thats what i use. it requires prototype.js
-
Just to mention. I have modified some core files to integrate this feature by default with one of the next WB versions. The update protects all emails displayed at the WB frontend without any additional coding. All embedded mails yourname@yourdomain.com or mailto:yourname@yourdomain.de will be protected that way. The protection works the same way like the one implemented in Typo3 (http://typo3forum.hosting-agency.de/email-spam-protection-t48.html).
Regards Christian
Christian, I HOPE you are making this optional?
Not everybody likes or has have javascript on/working-correctly, despite the popularity of AJAX. I saw something not long ago that said all of the major AJAX toolkits have a huge security flaw.
There really should be an option to turn it off, at least in the site settings, if not in individual member profile configuration.
Hmm... nicest method might be to have an email obscuration module function - you could set it to NONE, JS, IMAGE, etc, as methods are implemented. Especially if there are member only areas, you really don't need that feature.
For example, on my Palm Blazer, JS doesn't always work with logins - I can't log into my router for example, which I'd really like to be able to do from my Palm, and the Admin back-end of WB isn't much fun with it either.
And I've seen claims that at least some of the harvesters can read JS. I had done several things to some of my addresses and went to a testing site - it read it all easily. I gave up.
What I'd like to do is be able to use a form instead. I.e. use a drop-down or a radio-button to pick who you want to email, and send any comment to the selected person. Now of course, only one email is possible.
-
@DGEC
Relax a little.
Per default spam protection will be switched off. Javascript encryption is an additional option which can be enabled. However, even with Javascript disabled, users will see the email address in human readable format. The only drawback, mailto links are not clickable when Javascript is switched off.
No AJAX frameworks/routines are used at all. All coding (except mailto decryption when clicking on a mailto: link) is done via PHP. The entire spam protection routine is done via adding one single function to the WB core.
As I have offered to send the code to everyone interested in, I was wondering why you do so much interpretation on how things may work instead of simply testing it and give some feedback.
Regards Christian
-
Hey thank you Christian it is easy to handle and it works very fine, but is it possible to make the background of the png transparancy? Then it were much more integrated in my design. Btw I use your function in the guestbook module.
You did a great job ;-)
-
Hello,
this is one of the options planned (or the use of GIF with transparent background).
You can define the background color (RGB values) via the the array $bgcolor in the file create_img.php.
Regards Christian
-
Yes, thanks I've found the option in create_img.php. But I thought that also with pgn format a transparent background is possible.
Alexander
-
Hi Alexander,
But I thought that also with png format a transparent background is possible.
It's possible, but not supported in IE <7 :|
Regards Bernd
-
There are ways around that transparent PNG support in Versions of IE earlier than 7 ... but none of them do work 100%.
1) A Javascript: http://homepage.ntlworld.com/bobosola/pnghowto.htm
2) AlphaImage Loader: http://koivi.com/ie-png-transparency/
3) Another JS: http://www.twinhelix.com/css/iepngfix/
But, like said, it doesn't work on all Versions. My W2K with the latest IE6 (2900) does not work with ANY of the found solutions.
cheers
Klaus
-
I thought it could be made possible with conditional CSS?
http://creativebits.org/webdev/ie_conditional_css (http://creativebits.org/webdev/ie_conditional_css)
Hans
-
Hello,
this post shows a solution to protect mail addresses typed into WYSIWYG pages/sections without adding any code stuff around.
The mechanism used is included in the following two core files of WB:
- /framework/frontend.functions.php
- /frameworks/class.frontend.php
The aim of the function is to protect email addresses shown at the WB frontend (WYSIWYG pages) from beeing harvested by spam robots without additional interaction by the user. The idea is based on something I found in Typo3.
The function extracts <a href="mailto:name@domain.com> and name@domain.com addresses before beeing displayed and replaces the two parts "@" and "." (only top level domain) with the values specified in the config.php via:
<?php
// enable/disable frontend email spam protection (0.. off, 1.. on)
define('SPAM_PROTECTION_MODE', '1');
// example 1: replace "@" with (at) and "." with (dot); highlight replacements with different colors
define('SPAM_PROTECTION_AT_REPLACE', '<em style="color:blue;">(at)</em>');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<em style="color:red;">(dot)</em>');
// example 2: replace "@" and "." with a user defined image
//define('SPAM_PROTECTION_AT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/at.gif" border="0" alt="@" />');
//define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/dot.gif" border="0" alt="." />');
?>
All mailto: references are encrypted via a Javascript function using the simple caesar encryption algorithm. Hence mailto: references are clickable if the user has Javascript enabled. The mail address itself is human readable in any case.
One need to add the follwoing line between the <head></head> section in the index.php file of your template.
<script type="text/javascript" src=" <?php echo WB_URL; ?>/include/mdcr/mdcr.js"></script>
The attached zip package contains all required files. You can test the new function on basis of a WB v2.6.7 installation. Simply download the zip file and overwritte the existing files on your server. The original WB 2.67 core files are included in the package with the extension: _wb267.php Detailed information can be found in the README.txt file contained in the package.
You need to add the define commands to config.php file to enable the routine.
Have fun Christian
[gelöscht durch Administrator]
-
Hello!
I use your spamprotection quite a while now and I think it works bugfree and very good.
I would recommend to built it in WB2.7 (of course with an option), or at least recommend it to many users. ;)
Regards Michael
-
Hi doc
Thanx for the nice snippet "spamprotection". I just had to adjust the "example 2" in the config.php from your solution to
// example 2: replace "@" and "." with a user defined image
define('SPAM_PROTECTION_AT_REPLACE', '<img src="/include/mdcr/at.gif" border="0" alt="@" />');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="/include/mdcr/dot.gif" border="0" alt="." />');
The likely reason for my error with the original version was that I did not install WebsiteBaker into the standard directory but used an extra subdirectory. Now it works perfectly.
Ciao Elbview
-
Hello,
as noted in the comment line, this is only an example. Of course you need to adapt the settings according your needs. It is also possible to use own images placed in the media directory or ...
Regards Christian
-
Hi
After playing around with the spam-protection snippet I found an error in the example 2 method (replacing @/. with graphics). Please see below the html-code which is produced by website-baker 2.6.7:
<p><span style="font-weight: bold;"><br />
E-Mail: <a href="javaacriptt:mdcr('xyz')"> bbb.ccc <img src="http://xxx<img src="http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de/cms/include/mdcr/at.gif" border="0" alt="@" />web<img src=" http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de</a></p>
Where:
my email is: bbb.ccc@web.de
my domain is: http://xxx.de
website baker is installed in http://xxx.de/cms
According to my understanding the code is wrong as the code tries to load the dot.gif (after bbb.ccc) although the at.gif would be required. And the Internet explorer displays bullshit.
FYI: I just downloaded the doc’s zip-file and followed all instruction in the file. And of course I use the original code in the config.php (not the modified one which used two posts above, as it creates the same wrong code).
The second strange thing is that method 1 of the spam-protection snippet (replacing @ with (at) and . with (dot) works fine, although it basically uses almost the same code (to replace the @ and . ).
Any ideas what is wrong?
Regards
Elbview
-
Hello,
could not reproduce the error. My mail link looks correct.
<a href="javascript:mdcr('rfnqyt%3Ffggg3hhhE%7Cjg3ij')">bbb.ccc<img src="http://localhost/webserver/wb267_blank/include/mdcr/at.gif" border="0" alt="@" />web<img src="http://localhost/webserver/wb267_blank/include/mdcr/dot.gif" border="0" alt="." />de</a>
config.php
<?php
define('SPAM_PROTECTION_MODE', '1');
define('SPAM_PROTECTION_AT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/at.gif" border="0" alt="@" />');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/dot.gif" border="0" alt="." />');
?>
Checked with Firefox and WB 2.6.7.
Regards Christian
-
The spam protection does not work, if you define a class for a link.
Example:
<a class="email" href="mailto:my@email.com">It's me</a>
This is written by FCKEditor, whenever you specify a dedicated class for links. Currently looking for an expressing, which skips the part between a and href...
Regards, Thomas
-
Hello Thomas,
yes that is right. Klasses can not be used with the current implementation. If someone find a regular expression which can be used to fix this, please let me know :-)
Regards Christian
-
Fixed that issue, modified the code in frontend.functions. php a little bit. You'll find it attached. At least it solved the issue, that classes, added with FCKEditor, are kept as they are.
Find it attached here and make a new package. :)
Regards, Thomas
Modification of frontend.functions. php on 2007-12-07:
I modified the pattern and the result code now so, that also classes and other stuff after the link is left as it is.
This mod now matches those email anchors:
<a href="mailto:someone@onthe.web" class="someclass">Email me</a>
<a class="someclass" href="mailto:someone@onthe.web">Email me</a>
[gelöscht durch Administrator]
-
Hello,
tested your fix, but it does not work for me:
<a href="mailto:bbb.ccc@web.de?subject=test" class="test">bbb.ccc@web.de</a>
<a class="test" href="mailto:bbb.ccc@web.de">bbb.ccc@web.de</a>
Both times the link is broken (with Javascript), the result is:
<a href="javascript:mdcr('ocknvq%3Ccddd0eeeBygd0fg')bbb.ccc<img src="http://localhost/include/mdcr/at.gif" border="0" ...
So I will wait for a regexp which matches all the possible solutions :-)
Regards Christian
-
You're right, this one does not work:
aaa.bbb@somewhere.net?subject=Mailme
This is a problem anyway, this looks then like javascript:mdscr(...)?subject=Mailme. JS does not accept this. But this ones should work, I got this working on a customer's website with the file I posted:
aaa.bbb@somewhere.net
aaabbb@somewhere.net
Will take a look on the regex later on.
Regards, Thomas
-
Got the reason why it does not work. As long as you do not specifiy the same email address again between the anchor tag, it works, if you specify an email address, it will match rather also something with the second one.
So, we can say, this works:
<a class="someclass" href="mailto:some.one@onthe.net">Mailme</a>
<a href="mailto:some.one@onthe.net" class="someclass">Mailme</a>
This will not work:
<a href="mailto:some.one@onthe.net?subject=hello" class="someclass">Mailme</a>
<a href="mailto:some.one@onthe.net">some.one@onthe.net</a>
I think I'll take some time and rework the patch, I think we can change it a little bit to get it working.
Regards, Thomas
-
Played around a lot and modified frontend.funtions.p hp so, that it matches now most cases. One thing I changed is, if there's an email address, regardless if there's a 'mailto:' tag or not, we want to protect it anyway. With this new replacement I was also able to fix the problem with the additional parameters like '?subject=...'. The solution was quite easy - I added it to the encryption and is now part of the encrypted string.
Be careful with the replacement strings. If you use tags like <em style=""> or <img src="/path/to/at.gof">, the ending quotes may mess up the link. I think, replacing '@' with '(at)' and '.' with '(dot)' is quite enough.
Please test it on your own risk, but I think it is quite safe, it works for me quite fine.
Regards, Thomas
P.S.: Christian, when you verify the modified class, could you create a new package (maybe v.0.31)?
[gelöscht durch Administrator]
-
What I recognized is that plugins may bypass the encryption, for instance the guestbook. Anyone who enters a valid email address there, will be kept in clear text. Have to investigate, why...
Regards, Thomas
-
Hello,
well as I stated in my first Reply #15, this module does only work for the content typed into WYSIWYG pages, nothing else.
The aim of the function is to protect email addresses shown at the WB frontend (WYSIWYG pages) from beeing ...
The frontend output of modules is realised via view.php. However, you can make use of the function spam_protect_emails defined in frontend.functions.php.
Include /frameworks/frontend.functions.php file to the view.php of the module. Then use PHP output buffering in the view.php of your module. Save the output in a variable e.g. $output_view (PHP functions: ob_start; ob_get_contents are your friend). Then filter the output via:
<?php $output_view = spam_protect_emails($output_view); ?>
Then stop the buffer and output the cleaned string with echo.
Regards Christian
-
Hi,
the snippet is pretty cool, but I am running in some problems with a multilingual site and the use of an intro page. This results in
Fatal error: Call to undefined function spam_protect_emails() in ...\framework\class.frontend.php on line 275
So it seems the intro page does not include the frontend.functions. php
Has someone a workaround?
Rolf
-
Hello,
the spam protection will be implemented as Admin module into the upcoming WB 2.7 version. Can be switched on/off (off per default). The regular expression was adapted to fix all the knwon problems of todays spam protection.
Regards Christian
-
Hi Christian,
I would like to have your code snippet to protect email addreses. From where can I download it? You mention an attached zip file, but somehow I cannot find it.
I thank you very much for your help.
-
Hello,
you need to login to the forum to view and download attached files. The files are attached in this thread. If you have time, wait for WB 2.7 which ships with this new feature.
Regards Christian
-
Thank you Christian, I found it on the forum. I will switch to 2.7, but, I already have it integrated for my customer.
Great job!
-
Hello,
closed this thread as this patch is no longer supported for WB 2.6.x or lower. The solution is part of the WB 2.7 admin tools (output-filter).
Regards Christian