E-mail form hack, to make it more secure from robots

Post custom hacks and enhancements for phpwcms here only. Maybe some of these things will be included in official release later.
Post Reply
GTakacs
Posts: 3
Joined: Fri 8. Oct 2004, 20:40
Location: Fort Worth, TX
Contact:
Contact GTakacs

E-mail form hack, to make it more secure from robots

Post by GTakacs »

Call me paranoid, but I just hate to have robots collect my e-mail address off of my website.

I first though I would just post my e-mail address as a picture via the GT mod, but that wasn't perfect, so I had to fix that ( http://www.phpwcms.de/forum/viewtopic.php?t=3919 )

Then I figured to be safe yet convenient to my visitors I will use the e-mail form content so people can e-mail me straight from the website but I would be safe from robots. Well that wasn't all that easy/safe either.

First of all, the e-mail form that is built into phpwcms will use a hidden field to pass the recepient e-mail address via POST from the e-mail form content to the formmailer. So the problem is if a robot visits your page, it will see your e-mail address in its entirety in the following part of the code (just view the generated source of your own page):

Code: Select all

<input type="hidden" name="recipient" value="bob@nowhere.com" />
It is very easy to harvest your e-mail address from this code, which makes me disappointed, as I was going to use formmail to avoid just that!

So I figured I will fix this problem, rather than whine about it... I hope others will find it useful too.

With my modified code the generated HTML code will look like the following:

Code: Select all

<input type="hidden" name="user" value="bob" />
<input type="hidden" name="server" value="nowhere.com" />
So now the robots will have a lot harder time (I'd say impossible) to actually figure out that there is an e-mail address stored right there.

To get the above hack working you'll need to do the following:

Code: Select all

# 
#-----[ OPEN ]------------------------------------------ 
# 
/include/inc_act/act_formmailer.php
# 
#-----[ FIND ]------------------------------------------ 
# 
if(isset($_POST["recipient"])) {
	$recipient = trim($_POST["recipient"]);
	unset($_POST["recipient"]);
}
# 
#-----[ AFTER ADD ]------------------------------------
# 
if(isset($_POST["user"]) && isset($_POST["server"])) {
	$recipient = trim($_POST["user"])."@".trim($_POST["server"]);
	unset($_POST["user"]);
	unset($_POST["server"]);
}
# 
#-----[ OPEN ]------------------------------------------ 
# 
/include/inc_front/content/cnt10.article.inc.php
# 
#-----[ FIND ]------------------------------------------ 
# 
$content["main"] .= "<input type=\"hidden\" name=\"recipient\" value=\"".$cform[2]."\" />";
# 
#-----[ REPLACE WITH]----------------------------------
# 
list($user, $server) = explode("@",$cform[2],2);
$content["main"] .= "<input type=\"hidden\" name=\"user\" value=\"".$user."\" />";
$content["main"] .= "<input type=\"hidden\" name=\"server\" value=\"".$server."\" />";
That should be it!

I'd appreciate if I'd get some feedback on this one!

Have fun!
That's my story and I'm stickin' to it!
Top
spirelli
Posts: 996
Joined: Tue 27. Jul 2004, 13:37
Location: London

Post by spirelli »

Perfect. Simple changes. I've tried and tested and it seems to be workin great. This was exactly what I was hoping to find somewhere, and I think it should be included in phpwcms!
Last edited by spirelli on Thu 4. Nov 2004, 21:52, edited 1 time in total.
Top
jimtomas
Posts: 25
Joined: Mon 29. Mar 2004, 01:33

Post by jimtomas »

Simple and effective, this is long overdue.

Why on earth the formmail doesn't already have something like this already is beyond me.

-Jim
Top
Post Reply

Return to “hacks & enhancements”