Gostovanje na Windows strežnikih, ponudba webhosting, ASP.NET, PHP, MySQL


Windows technical support
Podporni forum za uporabnike storitev spletnega gostovanja
Reply to topic
Skrivanje e-mail naslova pred SPAM roboti
Pico
Site Admin

Joined: 18 Jan 2004
Posts: 250
Location: HostMachine.net
Reply with quote
Po instalaciji novega phpBB2 foruma sem videl, da je zadeva v resnici zelo ranljiva in ima cel kup varnostnih lukenj v osnovi. Zato sem forum predelal in odpravil varnostne luknje, poleg tega pa sem na hitro sprogramiral še en MOD za phpBB2, ki ga pred objavo na uradnih straneh predstavljam tukaj.

MOD odpravi pomankljivost phpBB foruma, ki javnosti in vsem neregistriranim uporabnikom razkrije e-mail naslove vseh sodelujočih. To pomankljivost izkoriščajo SPAM roboti, ki skenirajo forume in iščejo e-mail naslove.
PHP MOd, ki je pravzaprav dodatna funkcija, pa odpravi to pomankljivost tako, da e-mail naslove spremeni v ASCII kodo in jih kot takšne izpiše v izvorni kodi.
Brskalnik sam zna te naslove lepo prikazati, vendar če pogledamo v izvorno kodo, ne bomo nikjer našli niti enega samega e-mail naslova Mali vragec

MOD sem prilagodil tudi za uporabo v vaših programih, kjer lahko uporabite 3 načine kodiranja e-mail naslovov.
Code:
function encode_mail($input_email,$type,$input_email_text="",$at_str="AT",$dot_str="DOT") {
#############################################################################
# Function "encode_mail"
# USAGE:
#       encode_email("e-mail address", output_type, "e-mail text",  [@-text], [DOT-text])
#
# EXAMPLES:
#       encode_email("[email protected]",1);
#     will print clickable link [email protected], but will be hidden in source code
#
#       encode_email("[email protected]",1,"foobar");
#     will print clickable link foobar, which is also hidden in source code
#
#       encode_email("[email protected]",2,"","AT","DOT");
#     will print foo AT bar DOT com
#
# PARAMETERS:
#       "e-mail address" is TEXT type
#                     this is e-mail address which we will encode
#
#       output_type is NUMERIC type
#                     1 - output JavaScript clickable HyperLink
#                     2 - output e-mail in format "your_name AT domain DOT com"
#                     3 - output pure ASCII encoded string
#
#       "e-mail text" is TEXT type and is OPTIONAL parameter
#                     this is text to be shown instead of e-mail address
#                     only for output_type 1
#
#       @-text is TEXT type and is OPTIONAL parameter
#                     this is replacement for "AT" text for output_type 2
#
#       DOT-text is TEXT type and is OPTIONAL parameter
#                     this is replacement for "DOT" text for output_type 2
#
# Author: Andrej Pirman - Pico alias Labsy
# Originally programmed for PHPBB2 as a MOD, but can be used anywhere.
# Copyright notice: You may use and modify this function as far as your
#                   imagination goes. You do not need to keep all this
#                   copyright bullshit here. :))
#                   Just, please, throw a ThankYou note on my forum at
#                   http://forum.hostmachine.net/viewtopic.php?t=60

#############################################################################

# First, we cleanup input e-mail address of forbidden characters
   $input_email = preg_replace("/[^a-zA-Z0-9.@\-_]/", "", $input_email);
   
# Then, we encode e-mail address into CHR ASCII values
      $trans_array = array();
      for ($i=45; $i<123; $i++) $trans_array[chr($i)] = "&#" . $i . ";";
      $email_encoded = strtr($input_email, $trans_array);

# Here we check if e-mail text is passed as an optional parameter   
   if($input_email_text!="") $email_text = $input_email_text;
   else $email_text = $email_encoded;
   
# Finally, we output desired e-mail format, as specified in function call
   if($type == 1)
      $output = "<script language=\"JavaScript\" type=\"text/javascript\">
      <!--
      var cc = '<a hr'; var dc = 'ef=\"';
      var fc = 'ma'; var gc = 'il';
      var hc = 'to:';   var ic = '\">';
      var jc = '</a>';
      var gobi = '".$email_encoded."';
      var gogi = '".$email_text."';
      document.write(cc+dc+fc+gc+hc);
      document.write(gobi);
      document.write(ic);
      document.write(gogi);
      document.write(jc);
      // -->\n</script>";

   else if($type == 2){
      $at = " ".$at_str." ";
      $dot = " ".$dot_str." ";
      $email_nospam = str_replace( "@", $at, $input_email);
      $email_nospam = str_replace( ".", $dot, $email_nospam);
      $output = $email_nospam;
      }

   else if($type == 3)
      $output = $email_encoded;

return $output;
}

Zadevo enostavno vključite v svojo PHP kodo, potem pa znotraj HTML ali PHP datoteke prikazujete e-maile na sledeč način:
Code:
Znotraj HTML kode, na primer:
<?=encode_mail("vaš[email protected]",1,"Ime za prikaz");?>

Znotraj PHP kode, na primer:
echo encode_mail("vaš[email protected]",2,"","AFNA","PIKA");


Last edited by Pico on 26.6.2009, 19:42; edited 1 time in total
View user's profileSend private messageVisit poster's websiteMSN Messenger
Guest


Reply with quote
stari o čem ti to??????
Pico
Site Admin

Joined: 18 Jan 2004
Posts: 250
Location: HostMachine.net
Reply with quote
Anonymous wrote:
stari o čem ti to??????
Stari, če poskeniraš člansko stran foruma, boš za vse člane, ki imajo objavljen e-mail, lahko v izvorni kodi prebral njegov e-mail.
Torej, pošlješ robota na Google, naj išče phpBB forume in iz članskih strani pobere vse e-mail naslove. Pa si tako narediš bazo veljavnih e-mail naslovov. Za pošiljanje reklam ali kakega drugega SPAM-a. Je tko? Je! Very Happy

Ok, tale moja koda pa naredi čarovnijo, da e-mail naslov NI napisan nikjer, razen na pikah na ekranu! Ni ga v izvorni HTML kodi strani, niti se ga ne da z roboti potegnt vn.

O tem jaz to. Wink

_________________
Site admin alias Labsy
Vsi nasveti in tehnične rešitve so podani v dobri veri in za ljudi z razčiščenimi pojmi o veljavni zakonodaji.
Odgovornost prevzemam izključno in samo za tiste posege, ki jih opravim lastnoročno.
View user's profileSend private messageVisit poster's websiteMSN Messenger
Super
Inferrior


Joined: 30 Oct 2004
Posts: 18
Reply with quote
Ma stari to ti je supr, ravno to sem iskal te dni Yeah, dejmo blokirat te spame kol se la da, kr sami!

Še enkrat super koda Razz.
View user's profileSend private messageSend e-mailVisit poster's website
Skrivanje e-mail naslova pred SPAM roboti
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT + 1 Hour  
Page 1 of 1  

  
  
 Reply to topic