Need to hide phone numbers

[Charles Lavin]

Hi --

I have a page containing descriptions and contact information for multiple
groups. The contact information is presented in a table, one table for each
group on the page. All the tables are identically styled.

The table data includes name, region, city, email address (link) and phone
number.

Right now, every table prominently shows everyone's phone numbers. I want
the page to render with the phone numbers masked, or invisible, or in some
other way not legible until the user does something (clicks on a button,
enters a password, or some as yet undecided action).

I've been trying to find pertinent information on Google, and I have read
many posts and articles on making table columns disappear, but I can't
figure out how to apply them to this.

Craigslist recently adopted a system to hide the contact email link in its
posts. But that involves a form with a submit button, that takes the user to
a page with a Captcha, that then takes the user to a page where the contact
link is available. I can have up to 100 phone numbers on one HTML page. I
need a way to quickly mask and unmask them all.

Does anyone have any suggestions on how to accomplish this?

Thanks,
CL

 

[Harlan Messinger]

Hi --

I have a page containing descriptions and contact information for multiple
groups. The contact information is presented in a table, one table for each
group on the page. All the tables are identically styled.

The table data includes name, region, city, email address (link) and phone
number.

Right now, every table prominently shows everyone's phone numbers. I want
the page to render with the phone numbers masked, or invisible, or in some
other way not legible until the user does something (clicks on a button,
enters a password, or some as yet undecided action).

I've been trying to find pertinent information on Google, and I have read
many posts and articles on making table columns disappear, but I can't
figure out how to apply them to this.

Craigslist recently adopted a system to hide the contact email link in its
posts. But that involves a form with a submit button, that takes the user to
a page with a Captcha, that then takes the user to a page where the contact
link is available. I can have up to 100 phone numbers on one HTML page. I
need a way to quickly mask and unmask them all.

Does anyone have any suggestions on how to accomplish this?

If the number has already been delivered to the browser, then the user
can see it in the source, regardless of how you might mask it in the
display. Further, if the qualification test were to be performed in the
browser, the user would be able to see how the test works, or could
replace the test with his own code, and could therefore circumvent it.
The only secure alternative is to check that user's qualification on the
server and to deliver the data from the server when the conditions have
been satisfied.

 

[Charles Lavin]

Hi --

I'm more concerned with bots harvesting these phone numbers than with
someone trying to hack the page to get them. I want to make them relatively
easy to access by humans, and nearly impossible to access by bots.

I figured that at some point, server scripting would be involved. My concern
is that I have several hundred phone numbers scattered across at least eight
pages. This needs to be simple to set up and simple to maintain.

Thanks
CL

 

[Adrienne Boswell]

Gazing into my crystal ball I observed "Charles Lavin" <[email protected]> writing
in

Please do not top post. See below.

Hi --

I'm more concerned with bots harvesting these phone numbers than with
someone trying to hack the page to get them. I want to make them
relatively easy to access by humans, and nearly impossible to access
by bots.

I figured that at some point, server scripting would be involved. My
concern is that I have several hundred phone numbers scattered across
at least eight pages. This needs to be simple to set up and simple to
maintain.

This is very simple. I have a document that I include in all pages.
This is a snippet from that page.

<?php
//file name = defaultinclude.php
session_start();
if(isset($needslogin))
{
//check that the user is logged in
if(!$_SESSION['loggedin'])
{$_SESSION['returnto'] = $_SERVER['SCRIPT_NAME'];
header('Location:login.php');
exit;
}
}


On all the pages that have phone numbers:

<?php
$needslogin = true;
require "defaultinclude.php";

//run your sql to get the records and loop through as usual

?>

Then on your login page, after verification, you can do something like:

<?php

$_SESSION['loggedin'] = true;
if(isset($_SESSION['returnto']))
{header('Location:$_SESSION['returnto'];}
else
{header('Location:menu.php';}
?>

 

[Charles Lavin]

OMG!!!!!!

I just built something very similar on my own ...

I'm hooking it into a reCaptcha call that will toggle a session variable on
to enable the phone numbers to be displayed.

I recoded the phone numbers on the page like this:

<?php phone("305-555-1212");?>

With the function:

<?php
session_start();
function phone($number){
if ($_SESSION['DISP_PHONE'] == "ON") {
echo $number;
}
else {
echo "<a href=\"mincap.php\">Click here</a>";
}
}
?>

I had it working with two dummy PHP pages to toggle the session variable,
and now I'm trying to work the reCaptcha call into this.

Thanks!

CL

Gazing into my crystal ball I observed "Charles Lavin" <[email protected]> writing
in
Please do not top post. See below.

Hi --

I'm more concerned with bots harvesting these phone numbers than with
someone trying to hack the page to get them. I want to make them
relatively easy to access by humans, and nearly impossible to access
by bots.

I figured that at some point, server scripting would be involved. My
concern is that I have several hundred phone numbers scattered across
at least eight pages. This needs to be simple to set up and simple to
maintain.

This is very simple. I have a document that I include in all pages.
This is a snippet from that page.

<?php
//file name = defaultinclude.php
session_start();
if(isset($needslogin))
{
//check that the user is logged in
if(!$_SESSION['loggedin'])
{$_SESSION['returnto'] = $_SERVER['SCRIPT_NAME'];
header('Location:login.php');
exit;
}
}


On all the pages that have phone numbers:

<?php
$needslogin = true;
require "defaultinclude.php";

//run your sql to get the records and loop through as usual

?>

Then on your login page, after verification, you can do something like:

<?php

$_SESSION['loggedin'] = true;
if(isset($_SESSION['returnto']))
{header('Location:$_SESSION['returnto'];}
else
{header('Location:menu.php';}
?>
--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

 

[Harlan Messinger]

> Hi --
>
> I'm more concerned with bots harvesting these phone numbers than with
> someone trying to hack the page to get them. I want to make them relatively
> easy to access by humans, and nearly impossible to access by bots.
>
> I figured that at some point, server scripting would be involved. My concern
> is that I have several hundred phone numbers scattered across at least eight
> pages. This needs to be simple to set up and simple to maintain.

Since bots see the pure source, not what the page looks like in the
browser, anything in the source that associates phone numbers with
individuals will be visible to the bots regardless of any masking you
employ on the graphical page.

 

[Raymond Schmit]

Hi --

I'm more concerned with bots harvesting these phone numbers than with
someone trying to hack the page to get them. I want to make them relatively
easy to access by humans, and nearly impossible to access by bots.

Put the information in a picture "page1.jpg" per example. Human can
read it, bots cannot read it.

 

[Harlan Messinger]

Put the information in a picture "page1.jpg" per example. Human can
read it, bots cannot read it.

*Most* humans can read it.

 

[Adrienne Boswell]

Gazing into my crystal ball I observed Harlan Messinger

*Most* humans can read it.

Not to mention, some phones understand a text phone number, and will
allow you to call it. They would not be able to do that with a graphic.
It goes without saying that a speaking browser would not be able to
speak it at all.

 

[Jukka K. Korpela]

I'm more concerned with bots harvesting these phone numbers than with
someone trying to hack the page to get them. I want to make them
relatively easy to access by humans, and nearly impossible to access
by bots.

Irony has become impossible, it seems.

Years ago, when it many people eagerly asked how to reduce the usefulness of
their pages and cause problems to other people, especially disabled people,
I used to say that "spam-protecting" email addresses was comparable to the
idea of munging phone numbers...

 

[Charles Lavin]

I can't do anything that will break accessibility. And making those phone
numbers graphics breaks accessibility. Plus, it makes maintenance of that
set of pages a nightmare every time someone needs to change a phone number.

The people who would want to have access to this data already do, so I'm not
concerned with someone already having access to this site harvesting
information that he already has access to. But these are people's home
numbers for the most part, and I just want to take every sensible precaution
to not leave them freely available to any Tom-bot, Dick-bot and Harry-bot
trolling in cyberspace.

The pages have been recoded in PHP, and what the default unauthenticated
page shows is a hyperlink where each phone number should go. If I'm not
mistaken, that should prevent crawlers from seeing the phone numbers at all,
because the page they receive from the server doesn't have them. If there's
a way for a crawler to get the raw PHP file, that's another thing ...

CL

 

[Raymond Schmit]

I can't do anything that will break accessibility. And making those phone
numbers graphics breaks accessibility. Plus, it makes maintenance of that
set of pages a nightmare every time someone needs to change a phone number.

The people who would want to have access to this data already do, so I'm not
concerned with someone already having access to this site harvesting
information that he already has access to. But these are people's home
numbers for the most part, and I just want to take every sensible precaution
to not leave them freely available to any Tom-bot, Dick-bot and Harry-bot
trolling in cyberspace.

The pages have been recoded in PHP, and what the default unauthenticated
page shows is a hyperlink where each phone number should go. If I'm not
mistaken, that should prevent crawlers from seeing the phone numbers at all,
because the page they receive from the server doesn't have them. If there's
a way for a crawler to get the raw PHP file, that's another thing ...

Could you show us a very small example ?
I think that evenwhile the php contains the phone numbers, he will do
an echo on the html page. Therefore a bot read the sensible info
easely.

 

[Adrienne Boswell]

The pages have been recoded in PHP, and what the default
unauthenticated page shows is a hyperlink where each phone number
should go. If I'm not mistaken, that should prevent crawlers from
seeing the phone numbers at all, because the page they receive from
the server doesn't have them. If there's a way for a crawler to get
the raw PHP file, that's another thing ...

I don't know if I would want to do that. Bots will want to follow those
hyperlinks, and they could be doing that for a very long time (probably
not smart bots, but others who are the sharpest tool in the shed).
Perhaps one link in the caption element that would be to a login page,
eg: <caption>List of Names <?php if(!isset($loggedin)){?><a
href="login.php">Login to view phone numbers</a><?php }?></caption>