cwsoft

Hello, quite new to PW. I have a project, which uses a frontend form build with basic fields (InputFieldForm) and no user registration or frontend login. What are the best or proposed strategies to secure the form from spam bots and malicious script kids using PW basic fields? Actual form has just build in CSRF protection, but no other stuff like honeypot fields or tracking of failed submits via Session tracking of IP etc. Form will be used by about 100-150 people, but once the stuff goes live, anybody knowing the Url can try to break things. My consideration so far. 1. Add honeypot fields (spam bots) and Captcha to make script attacks less likely 2. Track failed/double submits and ban IP for some increasing time 3. Switch to the free FrontendForms module by Jürgen listed in the PW repo 4. Hide the form behind a PW login page (means to add 1-100 Dummy users with same/individual credentials) What would you propose? Are there links or code snippets showing how to implement those stuff? Any thoughts, hints, tipps or links to resources highly appreciated. Cheers zx80

Hi, damn, data loss sucks. What PW version are you using? Do you have debug on/off? Had some similar issue yesterday but PW showed a warning that some fields/data will get lost and asked if I would like to proceed. Using the latest public release from last week, not the dev version. Have you noticed any warnings before? Cheers

Hi Bill, thanks for your suggestions, pretty much went your proposed way already. I wrote a PHP/PW console script, deleting and adding a page for each possible end user based on a given data template with BookingId, EventId and Last access time. Those fields gets updated based on the chosen form action. Rest was realized with default PW stuff like fields, templates and pages. The selector API you mentioned really makes it easy to find pages/fields, get/set/update field data on the fly and to sanitize user input. Quite impressing how far I got in two days from scratch with my very first PW project and some medium PHP level skills. Finished a working prototype this morning. Now need to add some security features to the form like IP reload/retry ban and Captcha. Will check out the API documentation and see how to implement those stuff.

Hi there, as I did not yet understand the repeater field options, I just created a booking container page holding the booking details in three fields on various child pages (one child page per MySql row). This approach seems to work. Are there any more advanced techniques I can use to accomplish the same task? Cheers

Good evening to all, watched a youtube video about Processwire a few days back from Bernhard Baumrock and thought I deep dive into this CMS/CMF and try to realize a new project with it. My project basically deals with the subscription to some events (10-20). Basic idea is that potential guests get an E-Mail with the Url and a random unique personalized GUID (40 chars) used to assign to free slots via a public Form without having access to the backend at all. Started with the Intermediate PW install and managed to setup an overview page showing a table with events pulled from it‘s child pages, a detailed page showing all infos for the actual event. Also managed to setup a custom form with three actions (subscribe, unsubscribe and check status of booking). For data storing I would like to create a settings page with text fields for the unique bookingID, a text field for linking a eventID to the bookingID and a datetime field to store the date of the submission. The bookingIDs will be available from start, where eventID and datetime are NULL first and get’s updated depending on the form action taken. I will have to store a table with about 100 entries (Sql rows) and 3 fields (Sql columns). Can this be realized with a repeater and the three custom fields? Should this page be a admin page, or a hidden frontend page? Are there any other options to store this values and access it via the PW API? Any hints would be highly appreciated. Cheers zx80