PHPEnkoder

PHPEnkoder is a port of the excellent Hivelogic Enkoder to PHP and, more specifically, to Wordpress. It is used to display text in a way that users can see and bots can’t.

The encoding system is directly and unabashedly stolen from the BSD-licensed source of Hivelogic Enkoder, which works by randomly encoding a piece of text and sending to the browser self-evaluating Javascript that will generate the original text. This works in two ways: first, a bot must first have a fairly complete Javascript implementation; second, the decoding process can be made arbitrarily computationally intensive. This is similar to the idea of charging computational payments to send e-mail, only this is actually implemented.

The code is released under the New BSD license, where I am the copyright holder, but the work is acknowledged as a derivative of the Hivelogic Enkoder. What this really means is that you can do whatever you want with the code so long as you leave the license and copyright information at the top.

New versions will be announced on the main site feed. The latest version is 1.6.

Download

Installation

To install, extract the archive in your wordpress directory (the one containing the directory wp-content). PHPEnkoder can then be configured in the PHPEnkoder subpage of the Options configuration menu; by default, it will mask plaintext e-mails in addition to explicit mailto: links. (Note that attributes of the mailto: links, such as title and class, work fine — the entire anchor element is encoded.) In RSS, it will replace e-mails with customizable text (by default, email hidden; JavaScript is required). There is a bug in excerpt behavior, please see below.

Alternatively, you can download PHPEnkoder from its home in the Wordpress plugin directory, in which case you should extract the zipfile in wordpress/wp-content/plugins and then proceed with configuration.

To request support, bug fixes, and features, please send e-mail to email hidden; JavaScript is required.

Change log

New in version 1.6

Martin Rees noticed that PHPEnkoder was making it hard to edit posts with comments containing e-mails. PHPEnkoder is now disabled on the administrative screens. The spans and functions being generated now have names that are more likely to be unique. The enkode shortcode was introduced, allowing for arbitrary enkoding to be done easily, like so: [enkode]this will be enkoded[/enkode].

New in version 1.5

Martin Rees noticed that PHPEnkoder’s settings panel was editable by any user. Now, the manage_options capability is necessary to change PHPEnkoder’s settings.

New in version 1.4

Gretchen Zimmerman noticed a bug that was causing funny output in some version of IE; this version fixes that bug.

New in version 1.3

Ron Blaisdell pointed out that my use of noscript elements wasn’t XHTML compliant. Instead of using noscript tags, each enkoded section is preceded by a span containing the “you don’t have JavaScript” message. When the dekoded text is written to the document, this span is deleted.

New in version 1.2

Steve Huston noticed a bug in a elements that had both a mailto: href and an e-mail address in the PCDATA; the problem is fixed in this version. Thanks Steve!

New in version 1.1

Apart from a few bugfixes in RSS handling, version 1.1 supports a configurable message for non-JavaScript capable readers, which (optionally) includes RSS. Message configuration is in the usual configuration menu.

Shortcode use

To enkode arbitrary text in a post or a page, you can use the enkode shortcode. Writing [enkode]your secret[/enkode] will enkode your secret in the published page. There are also three options, set like HTML attributes.

The text option sets the text displayed to non-Javascript browsers (and bots). For example, [enkode text="get with the times"]your secret[/enkode] will insult Mosaic users.

The passes option sets an upper bound on the number of enkoding passes. More passes makes dekoding take longer, at the expense of more enkoded text (i.e., a bigger download for the client). The default is 20.

The length option sets an upper bound on the length of the enkoded string. This can interact with the passes option, since enkoding increases the size of the text. If length is very low, not many passes will be run regardless of the passes setting.

Manual use

If you’d like to use the encoding functions in your own code, they are documented in the source file. For quick reference, here are their formal signatures:

PHP [Show Plain Code]:
  1. function enkode_mailto($email, $text, $subject = "", $title = "")
  2. function enkode($content, $max_passes = 20, $max_length = 1024)

$text is the text of the generated link. $title is the “title” attribute of the link; it will be turned into a tooltip. $max_passes is the maximum number of encodings to perform; $max_length is the maximum length (in characters) of the generated Javascript. To give a vague idea, about four passes encode a mailto: link into around 1000 characters. The constant cost of the Javascript is 157 characters.

And some examples of use:

PHP [Show Plain Code]:
  1. // generate a subject-less, title-less mailto link
  2. enkode_mailto("secret@email", "send the mail (link text)");

We can also encode arbitrary text:

PHP [Show Plain Code]:
  1. // up to (approximately) 1024 characters (usually about 4 passes)
  2. enkode("A little secret.  Any text, can <i>include</i> tags.");
  3. // up to 10K characters, a lot of passes (lots of client computation)
  4. enkode("A serious secret.  Shh!", 40, 10000);

Known bugs

Wordpress creates excerpts by simply stripping tags from truncated content. This results in some Javascript-protecting comments appearing in the excerpt text, as I haven’t found a convenient way to determine if content being rendered is meant for an excerpt or the page. For now, a customizable message appears; by default, it will be rendered as /* email hidden; JavaScript is required */. Any ideas for workarounds would be appreciated; please send them along.

In general, there’s a bug in Wordpress 2.0.2 and 2.0.3 (and possibly earlier) where RSS filters are called inappropriately. This can be fixed in one of three ways. The best option is to upgrade to 2.0.4 (or something much newer!). If you’re stuck with an older version, one option is to edit wp-rss2.php, changing the call to the_content (around line 45) to be a call to the_content_rss. Another is to use this patch; it can be applied by running patch </path/to/wp-rss_content-1.0.patch in your Wordpress root. It’s only been tested on 2.0.3.

*
Comments Off

a weasel in a hat