Bob Marion carried a news item yesterday entitled PHPNuke Spam Assassin. FhfGhost has written a short script that masks the email address by converting the email address to an encoded ascii character representation of the string, using the PHP ord() function. Actually, the code was not written by him, but was copied from the user notes at php.net. What he has added is a couple of examples of how to use it in some nuke code. Using the straight ord() function is a step in the right direction, but it is predictable and could easily be reverse-engineered using the chr() function. So, I took that as a challenge and went hunting. Read on for my findings and enhancements and also a link to test with :).Security through obscurity is only a bandaid, but even bandaids help to keep many of the germs out. In this case, the germs are the email bots. I found another script by Scott Reilly that offered a variation on a theme. So, without violating any copyrights, I have come up with a little script that is a tad bit stronger than the original code from php.net. I have already incorporated it into several scripts on my site. For example, if you click on the email icon from a News item on your site, to mail it to a Friend and look at the page source, you will see your email address just begging to be harvested. Using my script you will see nothing that even remotely resembles an email address but yet it displays perfectly! And the codes are randomized.

See the Email Encoder in action. Just copy and paste the function for your own use.