Page 1 of 1

Help w/ Email Encoder Needed

Posted: Sat Apr 07, 2007 10:09 am
by VmusicV
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,
I have some code below that is 'supposed' to encode a passed in email address. The problem is - if I test the output it's not really encoded, it's the same value I passed in. So for example if I pass in 'billyg@msn.com' - then the output should be some weird encoded string that IS NOT an email address and does not have the '@' character in it.

There's also a decode function, but I can't test it if the encode function isn't working.

[b]PURPOSE[/b] - I will use or run this script on it's own to generate the 'encoded' value. Then I'll store the encoded value as part of a mailer script with a contact form. SO when the users submit the contact form in the php code, the encoded value is stored - not an actual email address that can be harvested by bots. I will have the decode function then and call it encode to decode the encoded string but this will happen as the script executes so that the email address is never stored as a literal string in the mailer script.

I hope this is clear - 

[b]PROBLEM[/b] - So this encode_address function doesn't work - what I expect is that the value of the $output variable has the passed in email address encoded into some formatted ASCII characters.
[color=darkblue][size=150]Any ideas how to fix it ??? [/size][b][u]BUT PLEASE[/u][/b] it has to work such that decode function will be able to decode it[/color]

Thanks In Advance!!!

[i] Here's the encode function - I've added some debug code to test the output[/i]

Code: Select all

function encode_address($addr)
{
	echo "<br><br><br>\nInside the encode function, TO START the addy is " . $addr . "<br><br><br>\n";
    $output = "";
    for ($i = 0; $i < strlen($addr); $i++) {
        $output .= sprintf("&#x%X;", ord($addr{$i}));
    }
	echo "<br><br><br>\nInside the encode function, TO FINISH the addy is " . $output . "<br><br><br>\n";
    return $output;
}
Here's the decode function - It's supposed to be able to convert the output from above, back into the email address passed into as the $addr variable

Code: Select all

function decode_addr($addr)
{
    return preg_replace('/&#x([A-F0-9]{2});/e', ' chr(0x$1); ', $addr);
}

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Apr 07, 2007 10:37 am
by Oren
I'm not sure what you are trying to do, but I think you don't really need to encode it at all. Are you going to put the email address in some file on your server that the bots can access?
I believe that what you want to do is to put the email address in the form so if someone forget to fill some required field they will get an error message but they won't need to type everything again. <-- That's what you want to do? If so, don't worry, you can put a plain text address, no bot is going to find and cache it.

If that's not what you were trying to do and you still need encode/decode functions, check out this: http://us2.php.net/manual-lookup.php?pattern=encode

Not explaining this very well

Posted: Sat Apr 07, 2007 10:49 am
by VmusicV
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,
I'm sorry... OBVIOUSLY I'm not explaining what I'm doing. It's very frustrating because I get answers that just don't help.

I have a contact form - and below is the code that processes the data from the contact form. It emails the data from the contact form to an email address that has been encoded.

Please look at the variable $mail_to, you can see I've already encoded it. There's no way a bot or script can understand the value of the $mail_to variable.... yes, unless it happens to have the decode function, but they don't - so this is a 'safe way' to store this email address in a variable that can NOT be read off the php file or script

[b]PLEASE[/b] look at my other post - someone supplied with a function to encode and a separate function to decode email address, [u]but it doesn't work[/u]

This has NOTHING to do with encoding a input box from a form.

Thanks!!
VmusicV

Code: Select all

if( ($emailaddy != "") && ($fname != "") && ($lname != "") && (isset($emailaddy)) && (isset($fname)) && (isset($lname)) ){
	//we're processing a submitted form
	$mail_to = "j#asa&2lka1293-27lakmckja*uerq"; //no bots understand this
	$mail_from = $emailaddy;
	$mail_subject = "Web Site Inquiry";
	$mail_body = "This email comes from the contact form on the XYZ Web Site\n\n";
	$mail_body .= "It is from: "  . $fname . " " . $lname . "\n\n";
	$mail_body .=  "Their return email is: " . $mail_from . "\n\n";
	$mail_body .= "Their message is: \n" . stripslashes($msg);

	$mail_to = decode_addr($mail_to); //now I'll decode it in memory
    
	//mail it
	if(! mail($mail_to, $mail_subject, $mail_body, "From:$mail_from")){
		//set the thanks message for an error
		$txt_welcome = "&nbsp;&nbsp;&nbsp;&nbsp;There was an error sending your inquiry. The webmaster has been notified. <br><br><br>Thanks!!\n";
.... more code here etc.

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Apr 07, 2007 10:59 am
by Oren
I really don't get what you are trying to do :?
No bot can read you PHP code anyway, so no bot can read the value of $mail_to anyway unless you print it with echo(), print() or other friends.

Bots Can Read It

Posted: Sat Apr 07, 2007 11:13 am
by VmusicV
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,
 You are not correct at all - if I have the php code shown below, then bots CAN and DO read the php file on a web server and strip out an email address. It's easy because it's (usually) the only string in the file with the '@' character.

Sorry I'm not clear - I've posted this question on another forum

Thanks

Code: Select all

if( ($emailaddy != "") && ($fname != "") && ($lname != "") && (isset($emailaddy)) && (isset($fname)) && (isset($lname)) ){
	//we're processing a submitted form
	$mail_to = "billyg@msn.com"; //<-- Bots can EASILY read this in the php file and 
	$mail_from = $emailaddy;
	$mail_subject = "Inquiry From XYZ Web Site";
	$mail_body = "This email comes from the contact form on the XYZ Web Site\n\n";
	$mail_body .= "It is from: "  . $fname . " " . $lname . "\n\n";
	$mail_body .=  "Their return email is: " . $mail_from . "\n\n";
	$mail_body .= "Their message is: \n" . stripslashes($msg);

	$mail_to = decode_addr($mail_to); //now I'll decode it in memory
    
	//mail it
	if(! mail($mail_to, $mail_subject, $mail_body, "From:$mail_from")){
		//set the thanks message for an error
		$txt_welcome = "&nbsp;&nbsp;&nbsp;&nbsp;There was an error 
    ......etc. ...............

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Apr 07, 2007 11:40 am
by Oren
Look, if you don't want to listen then don't. I'm not going to tell you again that they can't.

Just to let you know:

If $x != '' then $x is set for sure and there is no point at doing: if ($x != '' && isset($x))

Posted: Sat Apr 07, 2007 2:17 pm
by aaronhall
VmusicV: bots cannot see PHP code unless they've logged into your server... they can only see the output generated by a PHP file. If the email address isn't being returned to the browser, a bot does not see it. Have a look at the source of an HTML document and let me know if you find any PHP code.

Posted: Sat Apr 07, 2007 7:06 pm
by thiscatis

Code: Select all

$mail_to = "billyg@msn.com"; //<-- Bots can EASILY read this in the php file and
No they don't

But bots will defo find /billyg@msn.com/ now ;)
Woops.

Posted: Sat Apr 07, 2007 7:27 pm
by aaronhall
thiscatis wrote:

Code: Select all

$mail_to = "billyg@msn.com"; //<-- Bots can EASILY read this in the php file and
No they don't

But bots will defo find /billyg@msn.com/ now ;)
Woops.
:rofl:

Posted: Sun Apr 08, 2007 11:58 am
by Chris Corbyn
I think I explained how that function works before. You can't decode it once it's been passed back from a web page. The browser decodes it, but a bot can only see hex in the source. The decode() function is useless. Only worry about encoding, there's no decoding for you to do.