1
sensei88
Hide email from spiders/spam
  • 2005/4/8 9:44

  • sensei88

  • Just popping in

  • Posts: 4

  • Since: 2005/4/8 8


I had searched the support forums high and low for some fix that would block anonymous users (possible spam crawlers) from reading e-mail addresses in the user information section. Even with the no anonymous access to the Members module, they were still able to see the e-mail addresses of those who had checked to share their e-mail. What I wanted was for those members to be able to share their e-mail addresses with other members, not with anonymous browsers. To fix this I went in to the code of userinfo.php. A rough edit can be made so that only members can view e-mail addresses. Admins/Webmasters of course can still see everyone's email address.

The changes start on line 131 and are in red.

if (is_object($xoopsUser)){
if ($thisUser->getVar('user_viewemail') == 1) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
if (is_object($xoopsUser)) {
// All admins will be allowed to see emails, even those that are not allowed to edit users (I think it's ok like this)
if ($xoopsUserIsAdmin || ($xoopsUser->getVar("uid") == $thisUser->getVar("uid"))) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
$xoopsTpl->assign('user_email', ' ');
}
}
}
} else {
$xoopsTpl->assign('user_email', ' ');
}


This of course will only hide e-mails on the users info page. If anyone has put their e-mail address in a forum/news post, it will still be visible to crawlers. In order to avoid this, javascript must be used to create encoded mailto: links.

This requires that the person not use the email button in the submit form and that the e-mail address not be included in the description of the link. This site provides an excellent way to create these encrypted links:
http://w2.syronex.com/jmr/safemailto/

html also as to be enabled for posts.

I would eventually like to see system-wide email encoding in place where XOOPS uses the javascript encoding by default. Also it would be nice if there was an option in the administration menu to turn off the viewing of e-mail adddresses by anonymous users instead of the the current hack.

If anyone knows of a better way to go about doing this, please share, this is just the quickest and most effective way I have found so far.

2
wtravel
Re: Hide email from spiders/spam

Thanks for sharing. I think I will use it as well on my site, because I would hate to see users will get more spammail after registering on my site while having the the 'visible to others' box checked.

Martijn

3
indream
Re: Hide email from spiders/spam
  • 2005/4/8 13:18

  • indream

  • Not too shy to talk

  • Posts: 170

  • Since: 2004/9/21


:) thanks for sharring

and

$xoopsTpl->assign('lang_icq', _US_ICQ);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_icq', $thisUser->getVar('user_icq'));
} else {
$xoopsTpl->assign('user_icq', ' ?');
}

$xoopsTpl->assign('lang_aim', _US_AIM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_aim', $thisUser->getVar('user_aim'));
} else {
$xoopsTpl->assign('user_aim', ' ?');
}

$xoopsTpl->assign('lang_yim', _US_YIM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_yim', $thisUser->getVar('user_yim'));
} else {
$xoopsTpl->assign('user_yim', ' ?');
}

$xoopsTpl->assign('lang_msnm', _US_MSNM);
if (is_object($xoopsUser)){
$xoopsTpl->assign('user_msnm', $thisUser->getVar('user_msnm'));
} else {
$xoopsTpl->assign('user_msnm', ' ?');
}


and pm

(_SENDPMTO,$thisUser->getVar('uname'))."\" />");
} else {
$xoopsTpl->assign('user_pmlink',' ?');

4
mactoeknee
Re: Hide email from spiders/spam
  • 2005/4/8 13:53

  • mactoeknee

  • Just popping in

  • Posts: 75

  • Since: 2005/2/26


The ability of anonymous users to see registered user info, not just e-mail addresses, is why I removed the "top Posters", "new users" "recent forum posts" and all blocks like that from my main page for anonymous users. I would love it if XOOPS could display usernames without them being hotlinked to the profile for such cases.

With all the spam we get nowadays, this is crucial. Thanks for the workaround, but XOOPS needs a fix.

Mac T

5
sensei88
Re: Hide email from spiders/spam
  • 2005/4/9 19:05

  • sensei88

  • Just popping in

  • Posts: 4

  • Since: 2005/4/8 8


A similar code modification can be made to modules/news/article.php to remove the link to the posters profile. You could remove the link all together, or like the code I will show below, make it so that only users can see the link, anonymous viewers will see just the name.

on line 214 change it to look like this:
if ( $story['poster'] ) {
    
$story['posterid'] = $article->uid();
    [
b][color=CC0000]if (is_object($xoopsUser)){[/b][/color]
        
$story['poster'] = '.XOOPS_URL.'/userinfo.php?uid='.$story['posterid'].'">'.$story['poster'].'';
[
b][color=CC0000]    } else { 
        
$story['poster'] = $article->uid();  //a little redundant, but I don't like empty brackets
    
}[/b][/color]
} else {


Now in testing this I noticed that it only worked when viewing the article itself, so on the main news page where it lists several articles, this doesn't work.

the news_item.html template uses the variable lang_postedby to grab the link to the profile.

Index.php under the news module contains a line that passes the posters profile link to the template,

$xoopsTpl->assign('lang_postedby', _POSTEDBY);

but I can't find where lang_postedby gets assigned. If someone knows, please share. Can just make a change so that it doesn't contain the link portion.

6
Dave_L
Re: Hide email from spiders/spam
  • 2005/4/9 19:20

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


I think a simpler solution is to restrict viewing of user profiles to logged-in users:

https://xoops.org/modules/smartfaq/faq.php?faqid=282

7
knoedel
Re: Hide email from spiders/spam
  • 2006/12/10 23:51

  • knoedel

  • Just popping in

  • Posts: 7

  • Since: 2005/10/14


Thanks.. this was very helpfull.

I think it is a bit odd that it isn't possible to hide the email-field for anonymous users, the same way as the rest of the fields... i.e.: via the profile admin options...

Regards,
Knoedel

8
Cuidiu
Re: Hide email from spiders/spam
  • 2006/12/11 7:02

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


I found this odd too. Finally, I was forced to hack the one of the files in the profile module to only show emails if the person viewing was an admin, otherwise, the email does not show. I have also checked no to "allow others to see my email" as the module's default and hidden that field from view in the member's profile. This is with XOOPS 2.2.4. Oh the things one can do with 2.2.4!

Currently, the profiles are viewable to the public and public can contact the member via another hack that will send an email out from the system - never exposing the member's email. Works great. Everybody except the email harvesting bots are happy. I wouldn't begin to know how to hack 2.0.16 though. But I've learned that just about anything is possible with XOOPS.


Quote:

knoedel wrote:
Thanks.. this was very helpfull.

I think it is a bit odd that it isn't possible to hide the email-field for anonymous users, the same way as the rest of the fields... i.e.: via the profile admin options...

Regards,
Knoedel
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Who's Online

236 user(s) are online (173 user(s) are browsing Support Forums)


Members: 0


Guests: 236


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits