Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Jun 2010
    Posts
    278
    Thanks
    63
    Thanked 8 Times in 8 Posts

    Robust way of hiding phone number, email, etc?

    It's the bane of the web developer's life, trying to hide phone numbers and email addresses from low-lifes who write robots to harvest contact information for spamming purposes.

    So I came up with the following function which hides email, phone, etc, inside a bit of javascript, as follows:

    PHP Code:
    function hideIt($string)
    {
        
    $chars str_split($string);

        
    $data "";
        foreach (
    $chars as $char)
          
    $data .= '\\x'.sprintf("%02X"ord($char));

        
    $javascript "<script><!-- document.write(\"$data\"); --></script>";

    And so for example,

    hideIt("me@mydomain.com");

    returns

    <script><!-- document.write("\x6D\x65\x40\x6D\x79\x64\x6F\x6D\x61\x69\x6E\x2E\x63\x6F\x6D"); --></script>

    Would that be enough to deter robots? Or do you suppose that the lowlife scum spammers would actually go out of their way to write code to try to read that? (which, admittedly, is not hard to do!)

    The other alternative is to use an image, but that is a pain in the arse and not easily modifyable.

  • #2
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Is this a user based system? If it is, you could just hide phone and email information from public use.

    If that's not the case, it's obviously a bit harder :P . I like the idea of your method - hope someone will comment about it.
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  • #3
    Regular Coder
    Join Date
    Jun 2010
    Posts
    278
    Thanks
    63
    Thanked 8 Times in 8 Posts
    Yeah, it's a user-based system, hence the problem!

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Quote Originally Posted by XmisterIS View Post
    Yeah, it's a user-based system, hence the problem!
    I don't see a problem here. Just don't display it. Problem solved.
    Use forms instead for any contact required.
    As for Javascript, I guess that simply depends on how sophisticated the bots are. If its part of the HTML, it can be pulled out even if the JS is required to be parsed. If you want the data to remain public, use images like a captcha instead, although some of those are starting to get pretty good at identifying glyphs too.

  • #5
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by XmisterIS View Post
    Yeah, it's a user-based system, hence the problem!
    Like Fou-Lu said - why not have the contact information hidden for non-registered users?
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  • #6
    Regular Coder
    Join Date
    Jun 2010
    Posts
    278
    Thanks
    63
    Thanked 8 Times in 8 Posts
    Certainly I can do that with email addresses, but phone numbers do need to be displayed. I won't go into why, by suffice it to say that phone numbers do need to be displayed. I think the javascript solution is probably OK, anything can be cracked if the lowlife scum really want to, depends how much they want to though, I suppose!

  • #7
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,456
    Thanks
    0
    Thanked 632 Times in 622 Posts
    Of course it isn't really hidden using JavaScript. Some of the lowlives simply hire a few million peasants from some fifth world country for a few pennies a week to go through all the pages and so will obtain the version visible in the page regardless of how it is encoded.

    A more secure way would be to display it as an image rather than using JavaScript. At least then it can't be broken by those not employing peasants who rely on automated processes to crack your script.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •