Obfuscate String

cgiObfuscate

The cgiObfuscate procedure encrypts a text string for CGI output.

The cgiObfuscate procedure is used to convert a plain text string into an obfuscated string. An obfuscate is a term used in CGI programming to weakly encrypt text so that email "sniffer" programs cannot locate information, such as email addresses that are written to web pages. The browser correctly translates obfuscated strings back into plain text when viewed by the end-user or sent to CGI programs. 

count cgiObfuscate( 
 szInString        512A    Const VARYING
 nOption            10I 0  Const OPTIONS(*NOPASS)
)

See also: cgiSetVar

Parameters

szInString
[input VChar(512) const]  A string identifying the plain text that will be obfuscated. Up to 512 bytes may be obfuscated at one time. If a string is longer than 512 bytes, it must be broken up and passed in to this procedure, then concatenated together. Trailing blanks on the input string are ignored and not obfuscated.
nOption [ Optional ]
[input Int(10i0) Const]  By default, this procedure obfuscates only email addresses. If an @ (at sign) is not detected in the string, the original input value is returned to the caller. By specifying a value on this parameter, the procedure will obfuscate strings other than email addresses.
 
Pass a value of 1 for this parameter to cause the procedure to obfuscate all text, not only email addresses.
Pass a value of 0 or avoid passing this parameter to return an empty string when the string does not contain an @ (at sign) in the text.

Return Value

If the function succeeds, the return value is the numeric/decimal form of the text. Each character in the input string is converted into the following pattern:

#xxx;

Where the # and ; are constants and the xxx is the decimal representation of the original character. Therefore, each input character is returned as up to 5 output characters. Make sure your return variable is long enough to receive the entire obfuscated string.

If the function fails, the original input text is returned to the caller unmodified.

Remarks

cgiObfuscate converts the input string by first converting it from EBCDIC to ASCII. Then it converts the ASCII characters (one at a time) to the decimal representation of the ASCII character. It inserts that decimal value between a # and ; and then continues to the next character.

Example

In this example the cgiObfuscate procedure is called to obfuscate the email address 'bob@xyz38.net'

.....DName+++++++++++EUDS.......Length+TDc.Functions+++++++++++++++++++++++++
 
      /INCLUDE XTOOLS/QCPYSRC,cgi
 
     D EMAIL           S             30A   Inz('bob@xyz38.com')
     D szOMail         S            100A   Varying
 
.....C..n01..............OpCode(ex)Extended-factor2++++++++++++++++++++++++++++
     C                   callp     cgiInit()
     C                   callp     cgiWrtSection('*TOP')
              
     C                   eval      szOMail = cgiObfuscate(email)
 
     C                   callp     cgiSetVar('EMAIL': szOMail)
 
     C                   callp     cgiWrtSection('CLIENTINFO')              
     C                   callp     cgiWrtSection('*FLUSH')