|
|
|
After reading the example of how to secure your email on your website from robots with Javascript, I thought a pure PHP version would be nice.
The code below takes 1, 2 or 3 parameters, (1)the email and (2)the text for the link. If you omit the text, the email address is used. The 3rd parameter could be used to format the link.
| <?php
function eMail($email, $name='', $params='') {
$encMail = encString($email);
if(!$name) $name=$email;
return '<a href="mailto:'.$encMail.'" '.$params.'>'.$name.'</a>';
}
function encString ($orgStr) {
$encStr = "";
$nowStr = "";
$rndNum = -1;
$orgLen = strlen($orgStr);
for ( $i = 0; $i < $orgLen; $i++) {
$encMod = rand(1,2);
switch ($encMod) {
case 1: // Decimal
$nowStr = "&#" . ord($orgStr[$i]) . ";";
break;
case 2: // Hexadecimal
$nowStr = "&#x" . dechex(ord($orgStr[$i])) . ";";
break;
}
$encStr .= $nowStr;
}
return $encStr;
}
?> | |
Usage Example
| <?php
echo eMail('bob@hotmail.com', 'bob@hotmail.com', 'class=whatever').'<BR>';
echo eMail('bob@hotmail.com', 'email me', 'class=whatever').'<BR>';
echo eMail('bob@hotmail.com');
?> | |
|
|
| Encoding data using PGP via PHP's proc_* functions
Categories : Cryptography, Security, Email, PHP, PGP | | | A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | Protect your email links from being spidered by spam email robots!
Categories : PHP, Security, Mail, Email | | | send_mail function to defeat Header Injection Hacking/Spamming
Categories : PHP, Email, Form Processing, Security | | | Email a user with out exposing email address
Categories : PHP, Databases, MySQL, Email | | | Password Creator: This PHP code exmaple shows how to use bitwise operations on a single variable and using it as a flagged variable. The class generates passwords of a given length using specified characters and the flags.
Categories : PHP, PHP Classes, Algorithms, Security | | | Simple Password example
Categories : PHP, Authentication, Security, HTTP | | | Class for sending mail with MIME attachments in multipart format using external sendmail, mimencode and zip
Categories : Email, Network, PHP, PHP Classes | | | PHP Function to Encrypt/Decrypt a string without a known key. The string itself has his own different key for every character.
Categories : PHP, Algorithms, Security, Authentication, Encryption | | | A PHP function to encrypt and decrypt a number or string or a combination of the two.
Categories : PHP, Encryption, Security | | | A web-based php3 IMAP email client supporting address books, attachements (downloading and sending), LDAP searching, and much much more.
Categories : Email, PHP, LDAP | | | A very simple PHP single password cookie based login without usernames.
Categories : PHP, Cookies, Security, Beginner Guides | | | email new items in db
Categories : PHP, Email, Databases, MySQL, Beginner Guides | | | MD5 secured login
Categories : PHP, Java Script, Authentication, Security | | | Secure URL $_GET
Categories : PHP, Data Validation, Security | |
| | | | Gerd Klingenspor wrote : 1162
I forgot to mention, that you have to look into the source code to see the results.
Your visitors will see the unencoded version, the bots/harvesters will see the encoded version, but not the unencoded one.
| | | | matthew waygood wrote : 1164
The results I got were :-
<a href="mailto:bob@hotmail.com" class=whatever>bob@hotmail.com</a><BR><a href="mailto:bob@hotmail.com" class=whatever>email me</a><BR><a href="mailto:bob@hotmail.com" >bob@hotmail.com</a>
You forgot to encrypt the link text if it too contains and email address, so bob@hotmail.com could still be extracted.
| | | | matthew waygood wrote : 1165
forgot this was being displayed on a page, so doesnt reflect what I saw. I have replace the codes with # to make it more readable
<a href="mailto:########### class=whatever>bob@hotmail.com</a>
<a href="mailto:######## class=whatever>email me</a>
<a href="mailto:#######>bob@hotmail.com</a>
| | | | matthew waygood wrote : 1166
Although you can decode the email address, I have tried extracting with a few programs and it does seem to protect you email.
As the person who submitted the Javascript solution you refer to, I will be switching to this method as it provides better compatability with people who switch off javascript.
Nice work. I`ll add a comment to my own submission referencing this.
| | | | Sarah King wrote : 1171
for comparison also see this code: http://www.weberdev.com/get_example.php3?count=3939
One type of encryption and also hides the mailto= string to prevent that giving the bots reason to store for manual processing (as they get smarter)
Sarah
| | | | Gerd Klingenspor wrote : 1174
To make it pretty much bombproof:
replace OLD:
function eMail($email, $name=``, $params=``) {
$encMail = encString($email);
if(!$name) $name=$email;
return `<a href="mailto:`.$encMail.`" `.$params.`>`.$name.`</a>`;
}
with NEW:
function eMail($email, $name=``, $params=``) {
if(!$name) $name=$email;
return `<a href="`.encString(`mailto:`).encString($email).`" `.$params.`>`.encString($name).`</a>`;
}
| | | | matthew waygood wrote :1261
I needed this recently so I recoded it with some other features you may find useful. And included the coding of the MAILTO: text aswell as pointed out earlier.
<?php
function eMail($email, $name=``, $params=``, $email_extras=``)
{
// return an empty link if no email was specified
if( (!$email) || (!is_scalar($email)) ) return ``;
// contruct extra parameters for the mailto link, ie subject,cc,bcc,body while will also be encoded
$email_extras_string=``;
if($email_extras) $email_extras_string=`?`.$email_extras;
if(is_array($email_extras))
{
$email_extras_string=`?`;
$first=TRUE;
while(list($key,$value)=each($email_extras))
{
if(!$first)
{
$email_extras_string.="&";
}
$first=FALSE;
$email_extras_string.=$key."=".urlencode($value);
}
}
// if no name was specified then use the email address
if( (!$name) || (!is_scalar($name)) ) $name=$email;
// if formatting parameters were specified then add a space to make readable
$param_string=``;
if( ($params) && (is_scalar($params)) ) $param_string=` `.$params;
// return the link, encoding appropriate parts of the href
return `<A HREF="`.encString(`MAILTO:`.$email.$email_extras_string).`"`.$param_string.`>`.encString($name).`</A>`;
}
function encString($orgStr)
{
$encStr="";
$nowStr="";
$rndNum=-1;
$orgLen=strlen($orgStr);
for($i=0;$i<$orgLen;$i++)
{
if(version_compare("4.2", php_version)) // a pre php version 4.2, rand should be seeded
{
list($usec, $sec) = explode(` `, microtime());
srand( (float) $sec + ((float) $usec * 100000) );
}
$encMod = rand(1,5); // make chances of coding as follows: Decimal 2/5, Hex 2/5, None 1/5
switch($encMod)
{
case 1: // Decimal
case 2: // Decimal
$nowStr="&#".ord($orgStr[$i]).";";
break;
case 3: // Hexadecimal
case 4: // Hexadecimal
$nowStr="&#x".dechex(ord($orgStr[$i])).";";
break;
default: // Normal (case 5)
$nowStr=$orgStr[$i];
break;
}
$encStr.=$nowStr;
}
return $encStr;
}
echo eMail(`mwwaygoo@hotmail.com`)."<BR/>\n";
echo eMail(`mwwaygoo@hotmail.com`, `email me`)."<BR/>\n";
echo eMail(`mwwaygoo@hotmail.com`, `email me`, `onMouseOver="self.status=\`status\`;return true" onMouseOut="self.status=\`\`;return true"`)."<BR/>\n";
echo eMail(`mwwaygoo@hotmail.com`, `email me`, ``, array(`Subject`=>`sub`,`Cc`=>`cc`,`body`=>`body`,`Bcc`=>`bcc`))."<BR/>\n";
?>
| |
|
|
|
