Juergen

Hello @Peter Knight To be clear, FrontendForms doesn't send any form data by default – it just checks whether a form is valid or not. Inside the isValid() method, you can send form data — or do whatever you want (e.g., store the values on a page). So it's not a "Email Form" module by default. Informing about what went wrong So in this case, it's a bit more complicated. The validator can only set the form validation to true or false (without sending information to an administrator). Of course, it could happen that a real person uses some characteristics of a SPAM text and the text is therefore declared as SPAM. This risk always exists, but it is very low. For this reason, it is necessary to inform the user about which mechanisms were responsible for the failure of validation. But I agree with you: too much detailed information (e.g., word 1 and word 2 are SPAM words) could give a human spammer too much information. My Opinion: In this case you have to make a compromise. You can't stop SPAMMERS completely. If it's a bot, it should post a fixed text in a text box – it will fail and can't react the way it changes the SPAM text it's going to pass. When you have real human SPAMMERS, it becomes much harder to stop them, because they can react much different than a bot. At the moment, the information in the error message is very general and doesn't contain too much detailed information. Yes the danger is always there, especially with AI - so I guess I leave it general. You can also change the error message to your own by asking the user to call you by phone if the message fails validation. Another option would be to set the threshold lower (e.g. from 50 to 30) so that more SPAM properties are accepted and the entered text is more likely to pass validation. I don't know what the "best practice" scenario is in this case. Maybe someone has an idea how best to deal with messages that have been falsely declared as SPAM, even though they are not.

Hello @Peter Knight At the moment, it stops the successful form submission like any other validator and an error message will be displayed to the user under the inputfield, that the text looks like SPAM with a hint to prevent using to much links to write to much words in uppercase letters using typical SPAM words and so on If a form has too much failed attempts, it will be logged, with timestamp and IP if this security measure was not disabled manually, but not with detailed information. So at the moment it only stops the successful form submission. Maybe the error message is written generally. This could be improved to give more information of what went wrong. Idea: Could be done only via a session I think but I have to try it.

Version 2.3.16 comes with a very powerful new validator called "checkContentForSpam" for checking a text for SPAM content. This was the first time I've used AI to develop a new functionality, and it was a pleasure. 😀 In a nutshell: By default the validator can check a text entered inside a form field for the following characteristics: Presence of STOP/SPAM words (compares it to a list of over 60 000 SPAM words) Capital letters of over 50% inside the text More than 2 Links inside the text Repeated usage of special characters ($,!,# and ?) Excessive usage of exclamation signs in a row (> 5) Short text with less then 50 characters and with various suspicious keywords in it Every characteristic found adds a specific amount of points to the SPAM score. If the max SPAM score is reached, then the validator returns false. Please read the full description in the docs for more detailed information.

Version 2.3.15 includes 9 new validation rules for ZIP folders and a new possibility to remove automatically added notes on certain validation rules (if needed). You will find more information about these changes in the CHANGELOG.md.

Good morning @da² I have wrapped my head around your problem and I have found a possibility to check file uploads against the value of an input field by using a custom validation. In the following example you have 2 form fields: Field 1 is a text input where you have to enter the name of a file (for example "myfile") without the extension Field 2 is the file upload field where you upload a ZIP folder with different files. Validation check In this simple example it will be checked if there is a file with the filename entered in field1 present inside the files uploaded in field 2. In other words: Check if the uploaded ZIP folder contains a file with the filename for example "myfile" in this case. If yes, then the form submission is successful, otherwise an error will be shown at field 1. This is only a simple scenario to demonstrate how a custom validation could be done. You have to write your own validation rules. Now lets write some code for this example: The first one is the custom validation rule. Please add this code to your site/init.php. If this file does not exist, please create it first. <?php namespace ProcessWire; \Valitron\Validator::addRule('checkFilenameInZip', function ($field, $value, array $params) { $fieldName = $params[0]; // fieldname of the upload field $form = $params[1]; // grab the form object // get all the files from the given ZIP folder as an array $zipfiles = $form->getUploadedZipFilesForValidation($fieldName); // now start a validation rule with the value of this input field ($value) and the files inside the ZIP folder if (!is_null($zipfiles)) { $fileNames = []; foreach ($zipfiles as $zipfile) { $fileNames[] = pathinfo($zipfile, PATHINFO_FILENAME); } return in_array($value, $fileNames); } return true; }, 'must be a wrong filename. The ZIP folder does not contain a file with the given name.'); I have named the validation rule "checkFilenameInZip" in this case. The important thing is that you have to add 2 values to the $params variable: The name of the file upload field The form object itself To get all the files that were uploaded via the upload field, you can use one of these methods of the form object. getUploadedZipFilesForValidation (outputs only files of a ZIP file) getUploadedFilesForValidation (outputs all files of a file upload field) Important: To use these 2 new methods you have to update to the latest version of FrontendForms (2.3.14)! All ZIP files will be extracted automatically. Nested ZIP files are supported too. Now lets create the form $form = new \FrontendForms\Form('testform'); $form->setMaxAttempts(0); // set 0 for DEV $form->setMaxTime(0); // set 0 for DEV $form->setMinTime(0); // set 0 for DEV $form->useAjax(false); // set false for DEV // input field containing a filename $filename = new \FrontendForms\InputText('filename'); $filename->setLabel('Name of file'); $filename->setNotes('Please enter the name of the file without extension.'); $filename->setRule('required'); $filename->setRule('checkFilenameInZip', 'fileupload1', $form);// here is the new custom validation rule: Enter the name of the file upload field as the first parameter and the form object as the second parameter $form->add($filename); // the file upload field $file1 = new \FrontendForms\InputFile('fileupload1'); $file1->setRule('required'); $file1->setLabel('Multiple files upload'); $form->add($file1); $button = new \FrontendForms\Button('submit'); $button->setAttribute('value', 'Send'); $form->add($button); if ($form->isValid()) { // do what you want // $extractedFiles = $form->getUploadedFiles(true); // returns all uploaded files including extracted ZIP folder files // $nonExtractedFiles = $form->getUploadedFiles(); // returns all uploaded files but Zip files are not extracted // $values = $form->getValues(); // returns all submitted form values } echo $form->render(); Copy this code and paste it inside a template for testing purposes. Upload a ZIP folder and add the name of a file inside the "filename" input field. If the file exists in your ZIP folder you will succeed. Please note: The extraction of the ZIP files is done only once during the validation process. You can get the extracted files afterwards inside the isValid() method via the getUploadedFiles() method from the temporary upload folder. Use the return of this method to do some more work with the uploaded files. Take this example as a starting point for your own validation rules and let me know if it works for you. I think this is the only possibility to get what you need. Another hint: User browser validation in FrontendForms to make client side validation first by enabling it in the backend.

Hello @da² Thank you for your detailed explanation! Now I know what your goal is. The first problem by doing additional validations inside the "isValid()" method after all form values are valid is that the form has "status valid" and therefore the form values will be emptied to prevent double form submission. That is the reason why the form is empty. This can be prevented by adding the useDoubleFormSubmissionCheck() method with value false to the form object. The second problem is that the validation of max attempts (if enabled) will be reseted if the form is valid, but it would take further attempts if you are doing additional validations inside the isValid() method. So the max attempts validation in this case does not work. But this can be disabled by using the setMaxAttempts() method and setting the value to 0. So adding additional validations inside the isValid() method is a very dirty solution and the module is not developed to support such a scenario. So the goal you want to achive is very difficult to achive. I am afraid that the module will not be able to solve your problem, but I will wrap my head around it and maybe I have an idea.🤔

Hello @da² I have added a new validation rule that could be interesting for your usecase: uniquestringvalueofpwfield It checks for the uniqueness of a value inside of a specific ProcessWire field. Lets assume you have stored your gaming usernames inside the PW field with the name "gamer_name" which you have added to the user template. Then you could validate the gaming username with the new validator like this: $gamername = new \FrontendForms\InputText('gamername'); $gamername->setLabel('Gamer name'); $gamername->setRule('required')->setCustomFieldName('This gamer name'); $gamername->setRule('uniqueStringValueOfPWField', 'gamer_name', ['user']); $form->add($gamername); As you can see, you have to add the name of the PW-field (= gamer_name) as the first parameter. The second parameter (= the name of the template") is not mandatory, but it makes sense in this case to restrict the search only for entries in the user template. Add this as an array, because it also possible to search in multiple templates). Otherwise the search will be globally on all templates where this ProcessWire field is added. To use the new validator please update to 2.2.13 Best regards Jürgen

Hello @da² looks like it is not so difficult 🙂. First of all I would take a look at the following Inputfield: https://processwire.com/modules/fieldtype-text-unique/ This looks interesting and if it fits to your needs, than add it to the user template in the backend as the field containing the gamer name. Second, take a look at the uniqueEmail or uniqueUsername validators, which are already included in FrontendForms. These validators could be used as a starting point for your own validation rule. Take them as an example to create your own custom rule for gaming names.

After taking a look at the code, I guess the best approach would be to go with a custom validation rule, because there is so much going on inside the isValid() function that must be checked in the setErrorMessageToField() method too. Can you explain which kind of validation you need in this case. Maybe I can help you to create the custom rule. You can also send me a PM with the code you have so far.

OK, the things will get more complicated as I thought first, because I have to care about maxAttempts too if used. I will experiment with sessions instead and try to find a solution.

This is caused by the TracyDebugger - I have forgotten to remove this call after Debugging. Please go to the Form.php and find the following line and remove it: bd($this->formErrors); Then this error will be gone. I have removed the TracyCall on Github too. This is strange, because it has nothing to do with the PHP code. Please take a look at your CSS classes. On my site the color is white. Yes, this is a browser security behavior and independent which browser you will use - file upload fields will always be empty after submission (whether successfully or not). I will test it with file upload fields and see if I can reproduce the issues. For now, please remove the bd() call first.

Yes, that is the purpose of this variable: To add additional values to the validator. You can add several values as an array to the validator. To get a specific value from this array, you only have call it by its key (fe $params[2] will return the array value on the position with the key 2). You will find a lot of examples on how to write custom rules inside the CustomRules.php file. There you can study how to use the $params variable to test conditions with it.

Hello @da² I have added a new method to trigger an error message to a field manually: setErrorMessageToField() Here is a small example on how to use it: $form = new \FrontendForms\Form('testform'); $form->setMaxAttempts(0); $form->setMaxTime(0); $form->setMinTime(0); $firstname = new \FrontendForms\InputText('firstname'); $firstname->setLabel('Firstname'); $firstname->setRule('required')->setCustomFieldName('The first name'); $form->add($firstname); $button = new \FrontendForms\Button('submit'); $button->setAttribute('value', 'Send'); $form->add($button); if ($form->isValid()) { $form->setErrorMessageToField($firstname, 'This is my custom message'); } echo $form->render(); If the "default validation" was successful, then the error message will be displayed under the "firstname" field in this case. You can use it to make another validations inside the isValid() function to check the submitted form values against other conditions. If the conditions fail then you can output this manually triggered error message like written above. To use the new method, you have to replace the file site\modules\FrontendForms\Formelements\Form.php with the one from Github or you simply add the new function to your Form.php. Please let me know if this helps.

Hello @grewr11 Thanks for pointing out this issue. I have removed the sanitizer for names on the "Name" field, because usernames are allowed to have numbers in it. This was a thinking mistake. Now it should work as expected. Please replace the following file to get it working: https://github.com/juergenweb/FrontendComments/blob/main/FrontendCommentForm.php I have discovered another issue, with WireMail and localhost, so please replace the following file too: https://github.com/juergenweb/FrontendComments/blob/main/Notifications.php You will find all information about the changes in the changelog.md. I haven't worked on this module in a long time, so there could be more problems. Please report any problems, I will try to solve them as soon as possible. Jürgen

Hello @ttbb I have tried to reproduce the issue you had described, but in my case everything works as expected. I have used Bootstrap 5 and 2 contact forms side by side using the "row" and "col" classes. This works as expected as long as the errors are form errors (wrong or missing input data). But I have discovered an issue by showing the alert box if the form has been submitted too fast. In this case it did not jump to the top of the form properly to show the alert box that informs the user that the form has been submitted too fast. Therefore I have made some changes to make this work properly. Take a look here at the changelog file. So please update to the latest version 2.3.11 and let me know if there are some problems left. Best regards Jürgen