Snippet to protect email addresses from spam

[doc]

Hello,

closed this thread as this patch is no longer supported for WB 2.6.x or lower. The solution is part of the WB 2.7 admin tools (output-filter).

Regards Christian

[POPDUM]

Thank you Christian, I found it on the forum. I will switch to 2.7, but, I already have it integrated for my customer.

Great job!

[doc]

Hello,

you need to login to the forum to view and download attached files. The files are attached in this thread. If you have time, wait for WB 2.7 which ships with this new feature.

Regards Christian

[POPDUM]

Hi Christian,

I would like to have your code snippet to protect email addreses. From where can I download it? You mention an attached zip file, but somehow I cannot find it.

I thank you very much for your help.

[doc]

Hello,

the spam protection will be implemented as Admin module into the upcoming WB 2.7 version. Can be switched on/off (off per default). The regular expression was adapted to fix all the knwon problems of todays spam protection.

Regards Christian

[RolfP]

Hi,

the snippet is pretty cool, but I am running in some problems with a multilingual site and the use of an intro page. This results in
Fatal error: Call to undefined function spam_protect_emails() in ...\framework\class.frontend.php on line 275

So it seems the intro page does not include the frontend.functions.php

Has someone a workaround?

Rolf

[doc]

Hello,

well as I stated in my first Reply #15, this module does only work for the content typed into WYSIWYG pages, nothing else.

The aim of the function is to protect email addresses shown at the WB frontend (WYSIWYG pages) from beeing ...

The frontend output of modules is realised via view.php. However, you can make use of the function spam_protect_emails defined in frontend.functions.php.

Include /frameworks/frontend.functions.php file to the view.php of the module. Then use PHP output buffering in the view.php of your module. Save the output in a variable e.g. $output_view (PHP functions: ob_start; ob_get_contents are your friend). Then filter the output via:

Code Select Expand

<?php $output_view = spam_protect_emails($output_view); ?>

Then stop the buffer and output the cleaned string with echo.

Regards Christian

[Mr._T]

What I recognized is that plugins may bypass the encryption, for instance the guestbook. Anyone who enters a valid email address there, will be kept in clear text. Have to investigate, why...

Regards, Thomas

[Mr._T]

Played around a lot and modified frontend.funtions.php so, that it matches now most cases. One thing I changed is, if there's an email address, regardless if there's a 'mailto:' tag or not, we want to protect it anyway. With this new replacement I was also able to fix the problem with the additional parameters like '?subject=...'. The solution was quite easy - I added it to the encryption and is now part of the encrypted string.

Be careful with the replacement strings. If you use tags like <em style=""> or <img src="/path/to/at.gof">, the ending quotes may mess up the link. I think, replacing '@' with '(at)' and '.' with '(dot)' is quite enough.

Please test it on your own risk, but I think it is quite safe, it works for me quite fine.

Regards, Thomas

P.S.: Christian, when you verify the modified class, could you create a new package (maybe v.0.31)?



[gelöscht durch Administrator]

[Mr._T]

Got the reason why it does not work. As long as you do not specifiy the same email address again between the anchor tag, it works, if you specify an email address, it will match rather also something with the second one.

So, we can say, this works:

Code Select Expand

<a class="someclass" href="mailto:some.one@onthe.net">Mailme</a>
<a href="mailto:some.one@onthe.net" class="someclass">Mailme</a>

This will not work:

Code Select Expand

<a href="mailto:some.one@onthe.net?subject=hello" class="someclass">Mailme</a>
<a href="mailto:some.one@onthe.net">some.one@onthe.net</a>

I think I'll take some time and rework the patch, I think we can change it a little bit to get it working.

Regards, Thomas

[Mr._T]

You're right, this one does not work:

aaa.bbb@somewhere.net?subject=Mailme

This is a problem anyway, this looks then like javascript:mdscr(...)?subject=Mailme. JS does not accept this. But this ones should work, I got this working on a customer's website with the file I posted:

aaa.bbb@somewhere.net
aaabbb@somewhere.net

Will take a look on the regex later on.

Regards, Thomas

[doc]

Hello,

tested your fix, but it does not work for me:

Code Select Expand

<a href="mailto:bbb.ccc@web.de?subject=test" class="test">bbb.ccc@web.de</a>
<a class="test" href="mailto:bbb.ccc@web.de">bbb.ccc@web.de</a>

Both times the link is broken (with Javascript), the result is:

Code Select Expand

<a href="javascript:mdcr('ocknvq%3Ccddd0eeeBygd0fg')bbb.ccc<img src="http://localhost/include/mdcr/at.gif" border="0" ...

So I will wait for a regexp which matches all the possible solutions 

Regards Christian

[Mr._T]

Fixed that issue, modified the code in frontend.functions.php a little bit. You'll find it attached. At least it solved the issue, that classes, added with FCKEditor, are kept as they are.

Find it attached here and make a new package.

Regards, Thomas

Modification of frontend.functions.php on 2007-12-07:

I modified the pattern and the result code now so, that also classes and other stuff after the link is left as it is.

This mod now matches those email anchors:

Code Select Expand


<a href="mailto:someone@onthe.web" class="someclass">Email me</a>
<a class="someclass" href="mailto:someone@onthe.web">Email me</a>



[gelöscht durch Administrator]

[doc]

Hello Thomas,

yes that is right. Klasses can not be used with the current implementation. If someone find a regular expression which can be used to fix this, please let me know 

Regards Christian

[Mr._T]

The spam protection does not work, if you define a class for a link.

Example:
<a class="email" href="mailto:my@email.com">It's me</a>

This is written by FCKEditor, whenever you specify a dedicated class for links. Currently looking for an expressing, which skips the part between a and href...

Regards, Thomas

[doc]

Hello,

could not reproduce the error. My mail link looks correct.

Code Select Expand

<a href="javascript:mdcr('rfnqyt%3Ffggg3hhhE%7Cjg3ij')">bbb.ccc<img src="http://localhost/webserver/wb267_blank/include/mdcr/at.gif" border="0" alt="@" />web<img src="http://localhost/webserver/wb267_blank/include/mdcr/dot.gif" border="0" alt="." />de</a>


config.php

Code Select Expand


<?php
define('SPAM_PROTECTION_MODE', '1');
define('SPAM_PROTECTION_AT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/at.gif" border="0" alt="@" />');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/dot.gif" border="0" alt="." />');
?>


Checked with Firefox and WB 2.6.7.

Regards Christian

[elbview]

Hi

After playing around with the spam-protection snippet I found an error in the example 2 method (replacing @/. with graphics). Please see below the html-code which is produced by website-baker 2.6.7:

Code Select Expand

<p><span style="font-weight: bold;"><br />
E-Mail: <a href="javaacriptt:mdcr('xyz')"> bbb.ccc <img src="http://xxx<img src="http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de/cms/include/mdcr/at.gif" border="0" alt="@" />web<img src=" http://xxx.de/cms/include/mdcr/dot.gif" border="0" alt="." />de</a></p>


Where:
my email is: bbb.ccc@web.de
my domain is: http://xxx.de
website baker is installed in http://xxx.de/cms

According to my understanding the code is wrong as the code tries to load the dot.gif (after bbb.ccc) although the at.gif would be required. And the Internet explorer displays bullshit.

FYI: I just downloaded the doc's zip-file and followed all instruction in the file. And of course I use the original code in the config.php (not the modified one which used two posts above, as it creates the same wrong code).

The second strange thing is that method 1 of the spam-protection snippet (replacing @ with (at) and . with (dot) works fine, although it basically uses almost the same code (to replace the @ and . ).

Any ideas what is wrong?

Regards

Elbview

[doc]

Hello,

as noted in the comment line, this is only an example. Of course you need to adapt the settings according your needs. It is also possible to use own images placed in the media directory or ...

Regards Christian

[elbview]

Hi doc

Thanx for the nice snippet "spamprotection". I just had to adjust the "example 2" in the config.php from your solution to

Code Select Expand


// example 2: replace "@" and "." with a user defined image
define('SPAM_PROTECTION_AT_REPLACE', '<img src="/include/mdcr/at.gif" border="0" alt="@" />');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="/include/mdcr/dot.gif" border="0" alt="." />');


The likely reason for my error with the original version was that I did not install WebsiteBaker into the standard directory but used an extra subdirectory. Now it works perfectly.

Ciao Elbview

[Waldschwein]

Hello!

I use your spamprotection quite a while now and I think it works bugfree and very good.
I would recommend to built it in WB2.7 (of course with an option), or at least recommend it to many users.

Regards Michael

[doc]

Hello,

this post shows a solution to protect mail addresses typed into WYSIWYG pages/sections without adding any code stuff around.

The mechanism used is included in the following two core files of WB:

• /framework/frontend.functions.php
• /frameworks/class.frontend.php

The aim of the function is to protect email addresses shown at the WB frontend (WYSIWYG pages) from beeing harvested by spam robots without additional interaction by the user. The idea is based on something I found in Typo3.

The function extracts <a href="mailto:name@domain.com> and name@domain.com addresses before beeing displayed and replaces the two parts "@" and "." (only top level domain) with the values specified in the config.php via:

Code Select Expand


<?php
// enable/disable frontend email spam protection (0.. off, 1.. on)
define('SPAM_PROTECTION_MODE', '1');

// example 1: replace "@" with (at) and "." with (dot); highlight replacements with different colors
define('SPAM_PROTECTION_AT_REPLACE', '<em style="color:blue;">(at)</em>');
define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<em style="color:red;">(dot)</em>');

// example 2: replace "@" and "." with a user defined image
//define('SPAM_PROTECTION_AT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/at.gif" border="0" alt="@" />');
//define('SPAM_PROTECTION_TLD_DOT_REPLACE', '<img src="' .WB_URL .'/include/mdcr/dot.gif" border="0" alt="." />');
?>


All mailto: references are encrypted via a Javascript function using the simple caesar encryption algorithm. Hence mailto: references are clickable if the user has Javascript enabled. The mail address itself is human readable in any case.

One need to add the follwoing line between the <head></head> section in the index.php file of your template.

Code Select Expand


  <script type="text/javascript" src=" <?php echo WB_URL; ?>/include/mdcr/mdcr.js"></script>


The attached zip package contains all required files. You can test the new function on basis of a WB v2.6.7 installation. Simply download the zip file and overwritte the existing files on your server. The original WB 2.67 core files are included in the package with the extension: _wb267.php Detailed information can be found in the README.txt file contained in the package.

You need to add the define commands to config.php file to enable the routine.

Have fun Christian

[gelöscht durch Administrator]

[Hans]

I thought it could be made possible with conditional CSS?
http://creativebits.org/webdev/ie_conditional_css

Hans

[kweitzel]

There are ways around that transparent PNG support in Versions of IE earlier than 7 ... but none of them do work 100%.

1) A Javascript: http://homepage.ntlworld.com/bobosola/pnghowto.htm
2) AlphaImage Loader: http://koivi.com/ie-png-transparency/
3) Another JS: http://www.twinhelix.com/css/iepngfix/

But, like said, it doesn't work on all Versions. My W2K with the latest IE6 (2900) does not work with ANY of the found solutions.

cheers

Klaus

[BerndJM]

Hi Alexander,

But I thought that also with png format a transparent background is possible.

It's possible, but not supported in IE <7

Regards Bernd

[spawnferkel]

Yes, thanks I've found the option in create_img.php. But I thought that also with pgn format a transparent background is possible.

Alexander