An modifed AUTHOR replacement tag with email address.

GreenNuggs · Post by **GreenNuggs** » Tue 20. Apr 2004, 03:17

Wassup people! I had to modify the AUTHOR replacement tag because I wanted to also display the email address with the author. I hadn't seen this posted here before, so I'll post it for any newbies that might be looking to do the same thing. Hell, I'll post it because its my first mod!

In the file: include/inc_front/content.func.inc.php, in between the code for the {AUTHOR} and {RELATED} replacement tags, I added:

Code: Select all


// -------------------------------------------------------------

// AUTHORANDEMAIL replacement tag: by Adam Marcionek, inspired by Magnar Stav Johanssen
if( ! (strpos($content["all"],'{AUTHORANDEMAIL}')===false)) {
		$authorandemail = get_author_and_email($content["articles"][$aktion[1]]["article_username"],$db);
		$content["all"] = str_replace('{AUTHORANDEMAIL}', $authorandemail, $content["all"]);
}

Then in the file: include/inc_front/front.func.inc.php, before the get_new_articles function, I put:

Code: Select all


// -------------------------------------------------------------

function get_author_and_email($article_username, $dbcon) {
	// find keyword for current article used for AUTHORANDEMAIL replacement tag
	// prepared by Adam Marcionek, inspired by Magnar Stav Johanssen.
	$author_and_email ="";
    $sql = 'SELECT usr_email FROM '.DB_PREPEND.'phpwcms_user WHERE usr_name="'.$article_username.'"';
	
	if($result = mysql_fetch_row(mysql_query($sql, $dbcon))) {
		$usr_email = $result[0];
		$author_and_email .= 'Email: <a class="AuthorAndEmail" href="mailto:'.$usr_email;
    	$author_and_email .= '">'.$article_username.'</a>';
	}
	return $author_and_email;
}

Then just use the {AUTHORANDEMAIL} replacement tag and it'll return a mailto link to the author's email address with the authors name as the link.

Additionally, I've included a separate CSS tag should you want to display that link differently than others on the page. Just add a style "AuthorAndEmail" to your frontend.css document. Eg:

Code: Select all

 .AuthorAndEmail {
	font-family: Verdana, Helvetica, Arial, sans-serif;
	font-size: 12px;
	font-weight: bold;
	color: #FF0000;
}

And if anyone has any suggestions on how to write it better, I'd be happy to hear them.

Oh yeah, here's an example: http://www.dogwoodpapers.com/index.php?id=13,19,0,0,1,0 Its the red The Fenlenium link at the bottom of the page.

Ibis Fernandez · Post by **Ibis Fernandez** » Wed 30. Jun 2004, 18:22

I would strongly advise against this particular method, you are just begging to have your authors emails harvested by spam robots.

A better method would be to have the authors email link, point to a mail form. Perhaps one that is dynamically customised to send mail to the author the reader clicked on. I think phpWCMS may alearady have this in there just a matter of waking it up.

1. That way neither the public not the span robot have imediate access to the email address.

2. The user has to visite your site in oder to mail the author. (traffic).

3. Only real people not spambot will have access to the authors email, in the event the author should respond to the reader.

brans · Post by **brans** » Tue 15. Feb 2005, 22:17

I have combined this tag with the no-spam one from marcus@localhorst:
you will now have only email-adresses in your source, that are unreadable for spambots.

--...--/index.php/topic,69.0.html

Ibis Fernandez · Post by **Ibis Fernandez** » Tue 15. Feb 2005, 23:08

There has to be a better way. The mere fact that the email is encrypted means that it can be decrypted thus its not really a safe solution. Seems a good temporary solution though. Most mail harvesting robot have a knack for adapting and evolving much like the flu virus or the Borg.

brans · Post by **brans** » Tue 15. Feb 2005, 23:25

ok lets collect the best methods to achieve such security then!

maybe we can develop a "totally" secure email-link inside our all loved phpwcms:

http://philringnalda.com/blog/2002/06/a ... oofing.php

http://www.phpwcms.de/forum/viewtopic.php?t=4819
(see the mod_rewrite way to do it

)

Ibis Fernandez · Post by **Ibis Fernandez** » Wed 16. Feb 2005, 00:16

I think it can be done simply by generating an email form on the fly using the authors details that are already on the database without ever exposing even in an encrypted form the actual details.

Unfortunatelly Im no php programmer, although Im not too shabby at Flash

brans · Post by **brans** » Wed 16. Feb 2005, 09:46

ok but then every contacted person would have to stored inside the database... I think it would be even better to <from method="post" >
the part infront of the @ and the one behind. This will then only be set together inside a php script, for processing the form (so no spambot will ever have access to all this data.)

what do you think ? And this should be easily realizable by just modifying the phpwcms core a very little bit.

Ibis Fernandez · Post by **Ibis Fernandez** » Wed 16. Feb 2005, 10:26

Wait are you reffering to the author of a comment in the guestbook or an author of an article....

Aticle arthors and their emails are already stored in the database. It wouldnt really be going out to great leghts for such a thing in that respect...

Actually come to think of it even posters and their emails (if provided) are also aready stored in the database...

the issue is not wether they would have to be stored in the DB, because truth is that they already are.

Im not sure how to go about doing this in PHP but in flash we have something called an object....anyways an object could be an author for example and this author entry can vave bvarious proppreties such as

author.name
author.email
author.id

etc... basically an unlimmited variety of propperties for that one object... This data is basically called up simply loading up the object "author" and the specific information can be retrieved by calling the propperty directly such as

on(Press){
getURL("mailto:author.email");
}

So I think of we could have a way to have this object connetion to the DB ready to be called on, but not directly available from the loaded page, our chances for security would be a bit better. Im not sure if this translates to anything related to PHP, hopefully it does....

hey what about having the email be split into threeor four parts. and then upon the actual emailing have the three parts compiled into a sigle email for the end user... dont think spam bots are smart enough to piece together three or four separate variables on their own...

in actionscript this would look like:

Code: Select all

//establishes the three important parts of the authors email.

author.name ="ibis";
author.domain = "cinestarfilmworks";
author.domainExtension = "com";

// pieces together the email and initiates email client on the user side.
function sendMail(){
 etURL(author.name+"@"+author.domain+"."+"author.domainExtension)
}

// Script, pressing the button named "myButton" launches the send Mail function.

myButton.onPress = function(){
     sendMail();
}

Mind you this is actionscript. If a span harverting robot were to scan this text the would only harvest what is left and right of the "@" and "."... which are variable names.... not the actual values.

The parts with the values as far as the bot is concerned are just regular words.

But its notuntil the end usr initiates the request to email that actual values be pieced together... I dont know, it might work... what do you think?

brans · Post by **brans** » Wed 16. Feb 2005, 12:07

hmm yes the problem about this is the following:

Ok whe are talking about completely different things:

it really was absolutely no problem to create a dynamic form, where the email adress is not shown anywhere but only called by the "form-processor-php-script" as recipient. But the simple point is:

every email would have to be sent via a form.

I really think this is a good idea

I will think about a solution for this.
I think it was necessary to send a confirmation to the sender's adress too
(eg.: you have sent en email to max@example.com, containing the following data:
text tex text)

On the other hand there would be a possibility to abuse these forms... everyone could just send some emails from the web to whoever has made an entry into the guestbook.

Karla · Post by **Karla** » Wed 16. Feb 2005, 12:16

Ibis Fernandez wrote:There has to be a better way. The mere fact that the email is encrypted means that it can be decrypted thus its not really a safe solution. Seems a good temporary solution though. Most mail harvesting robot have a knack for adapting and evolving much like the flu virus or the Borg.

Well if marcus@localhorst says it produces this code:

Code: Select all

<a href="mailto:%6D%61%69%6C%40%61%64%72%65%73%73%2E%74%6C%64">mail<span>@</span>adress<span>.</span>tld</a>

Then going to a place like below, will show it "decrypted":
http://jamesrking.com/left_brain/online ... ripper.asp
PASTE and SEE

You ~MUST~ also replace the @ and . with another combination (ie: not OPTIONAL)

Ibis Fernandez · Post by **Ibis Fernandez** » Wed 4. May 2005, 23:04

Thats one of the reasons why I personally would love to have some kind of integration between PHBBB and phpwcms so that only registered users can post to the various guestbooks. Also increases the quality of the posting by not allowing just anyone to post.

One of the things I would also really like to see is for people who post a comment on an article etc, to also be allowed to "subscribe/unsubscribe" to that guestbook. This means that when ever a new comment or question is posted, the users are notified by the system and they can visit the site again and follow up if they want to.

At the very least it should notify the site admin of any new replies. I run a site with tutorials and stuff and many times people post questions which I often miss simply cause I just dont have the time to be sorting through all the tutorial pages searching for new comments and questions etc...