CSSProtector - a PHP class from Peter Klauer
2005-05-07
DISCLOSURE:
THERE IS NO WARRANTY OF MERCHANTABILITY, NO WARRANTY OF FITNESS FOR A
PARTICULAR USE, AND NO OTHER WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
REGARDING THE INFORMATION OR ANY ASPECT OF THIS CLASS.
Protecting email addresses is a very important thing to be done these days.
When your page shows email addresses from clients who committed them to you,
then you are responsable to take any care that those addresses are not taken
from spam bots.
You owe your clients a means of protection.
CSSProtector may be one of the possible options when it comes to decide which
protection to take. There are more ways to protect strings and there will be
more, what is a good thing because it makes the life of spam bots more
complicated.
I have heared about spam bots that even can crack email addresses on images
by using CRS. Maybe this is only a rumour, but I did not yet hear about a bot
that cracks CSS fonts. In my opinion the CSSProtector is a sort of
"lightweight protection scheme" that will not be too hard to crack.
This class protects strings from being read by simple email harvesters (spam bots)
that look for certain patterns like "mailto:*@" in the page html.
The main purpose is to protect email addresses from being stolen easily and
to show your customers that you take care.
Another possible use of CSSProtector may be to issue a bot blocking but human
readable, randomly generated phrase which the user has to enter into a field to
reach the next step of processing.
(=start the download or get forgotten pw sent or something else)
CSSProtector randomly renames the css classes which are used for the output, so the
same phrase is looking different in the page source whenever it is protected again,
but looks the same for the user.
Mozilla will render the CSS font just fine.
Opera and IE will display garbage in quirks mode.
For that reason the doctype DTD of the page using cssprotector *MUST* be set to STRICT.
Strict DTD:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
Using the class: Please refer to the example file "example.php":
**********************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>CSSProtector Example</title>
<?PHP
include 'class_cssprotector.php';
$cp = new cssprotector();
$cp->head();
?>
</head>
<body>
<h1>CSSProtector Example</h1>
The sourcecode of this page looks different whenever it is reloaded.
<?PHP
$cp->write('some@email-address.hmpf');
?>
</body></html>
**********************************************************************
Function parameters
**********************************************************************
function cssprotector( $size=0.25, $unit='ex', $color='#000', $coloredges='#ccc' )
This is the class constructor which is called with "NEW". Leave the
parameters empty to have the default font, which is sizeable when the
user changes the font size in his browser.
$size is the size of one dot of the font
$unit is the measuring unit. Keep in mind that mm, px and pt are
not resizable in IE and therefore should be avoided.
$color the foreground colour of the font
$coloredges the colour of the corner points
**********************************************************************
function head()
No parameter at all. This function has to be placed into the <head>
section of the page.
**********************************************************************
function write( $s )
Output the protected string as CSS font.
$s is the string to be written as css font
**********************************************************************
Internal functions, you will never need to call them, but they are
listed here, anyway.
**********************************************************************
function sizefunc( $x = 1 )
Calculates the new size of a div tag attribute
$x value to be multiplicated with cssprotector::size
**********************************************************************
function generatekey()
Generates new names for div-classes.
No parameter required.
**********************************************************************
|