Jump to content


Photo

Module want: form builder


  • Please log in to reply
110 replies to this topic

#101 mr-fan

mr-fan

    Sr. Member

  • Members
  • PipPipPipPip
  • 328 posts
  • 341

  • LocationBavaria, Near Munich

Posted 07 September 2014 - 07:29 AM

so far i get the spam field showed up and checked if ti was emty....so i handle the sendMail and save only if the spamfields are empty....

 

i dig deeper now to get the "hardcoded" field into the array setting for the module....;)

 

i like PW  because for my limited time i could even dig trought to find out how it works without look in 1xxxx lines of code!!

 

Thank you adrian and soma for the hints and push ^-^

        //testcheck
        echo $this->input->post->spam;

        $spamfield = $this->input->post->spam;

        if(empty($spamfield)) {
            echo "spam is blank";
        } else {
            echo "spam exists";
        };

excuse($user->bad->English | code | style) ......just learning the ease of PW


#102 mr-fan

mr-fan

    Sr. Member

  • Members
  • PipPipPipPip
  • 328 posts
  • 341

  • LocationBavaria, Near Munich

Posted 07 September 2014 - 09:25 AM

Great so far!

 

I've got it working with a visible field with label like "Show your are a human leaf this field blank"

and my check i could simply prevent the sending and saving of the form.

 

Next step will be adding a hidden field (honeypot) for double check to bots.

 

One Question about something that is not easy for me since i'm not good in "advanced security" things:

 

the Token from the $form is setting with the FormProcessor like:

<input type="hidden" value="6c7936d25985fbe72c8bfd7698f8c0a20e412c188ed20f504e99ecc4535232b6" name="TOKEN1942360421" id="_post_token">

I know this is build in CSRF protection.

 

One question on this: check this token the timestamp, too?

 

i mean simple spamprotection via a sessiontoken with timestamp from building the form to submitting the form...

 

Such a time validation would be a perfect additional spamprotection to honeypotfields.

 

I don't now if this is already build in the core token, or this is only a token to validate the indentity of the present form?

 

regards mr-fan


excuse($user->bad->English | code | style) ......just learning the ease of PW


#103 adrian

adrian

    Hero Member

  • PW-Moderators
  • 3,377 posts
  • 3456

  • LocationCanada

Posted 07 September 2014 - 09:44 AM

"Using $form->processInput($input->post) will prevent CSRF attacks and the form will append a hidden field automatically."

 

https://processwire....orms-using-api/



#104 mr-fan

mr-fan

    Sr. Member

  • Members
  • PipPipPipPip
  • 328 posts
  • 341

  • LocationBavaria, Near Munich

Posted 07 September 2014 - 11:56 AM

CSRF is known.

But keeps the token attention on the time between building the form and the submit action?

That's a way to prevent spam with a token and timestamps.... I will search in the core for this...

excuse($user->bad->English | code | style) ......just learning the ease of PW


#105 mr-fan

mr-fan

    Sr. Member

  • Members
  • PipPipPipPip
  • 328 posts
  • 341

  • LocationBavaria, Near Munich

Posted 08 September 2014 - 05:50 AM

So here i'm finished for now since i've not the time to get this even further...but it works and i share it.

(it is only hardcoded in the FormTemplateProcessor)

 

1. call the form like it is described

 

2. i've changed the __buildform() - to get a hidden field !!don't ignore the CSS

		// set a random name to the submit button so that this form doesn't process
		// any submissions without first receiving a rendered form. This isn't
		// necessary, but it may help to reduce automated spam to the form.
		$submit->name = "submit";
		$submit->value = 'Submit';

//Changes for better Spamprotection with a hidden additional field as a honeypot
		// create a text input a hide it via CSS .Inputfield_name2 display:none - see CSS example on the end of this module
		$field = $this->modules->get("InputfieldText");
		$field->label = "Name2";
		$field->attr('id+name','name2');
		$field->required = 0;
		$form->add($field); // append the field to the form
//end changes	
		
		// add the submit button the the form
		$form->add($submit);

so a field for a honeypot is added to the form - use in your frontend CSS

.Inputfield_name2 { display:none; }

honeypot.png

 

2. next step i added a check for a field called "quest" as additional spamdetection used as a "don't fill this field" check with a visible field!

quest.png

quest-frontend.png

 

3. check if the hidden or the visible field was empty and sendMail or save to a page....if fields are not empty show a error and do nothing

	/**
	 * Render a form or process it's input
	 *
	 * @return string Output of the form or success message upon completion.
	 *
	 */
	public function ___render() {

		if(!$this->contact->template) throw new WireException("You must specify a Template");

		$form = $this->buildForm();

		// if the form hasn't been submitted, then just return the rendered form.
		if(!$this->input->post->submit) return $form->render();

		// variable to hold our output, which we will return
		$out = '';

		// now we assume the form has been submitted.
		// tell the form to process input frmo the post vars.
		$form->processInput($this->input->post);

//Set the Spamfilter and check if field quest or spam are blank!
		$questfield = $this->input->post->quest;
		$spamfield = $this->input->post->name2;

		if(empty($spamfield) && empty($questfield)) {
			echo "spam is blank sending mail";

		// see if any errors occurred
		if(count($form->getErrors())) {
			// re-render the form, it will include the error messages
			$out .= $form->render();

		} else {
			// successful form submission, so populate the new page with the new values.
			foreach($form as $field) {
				$this->contact->set($field->name, $field->value);
			}

			if($this->email) $this->sendEmail($form);
			//if($this->parent) $this->savePage($form);

			$out .= $this->successMessage;

		}

		return $out;
		} else {
			echo "You dirty Bot!";
		}
	}

So a basic Spamprotection with two methods is working.

This could be more professional with optional/individual names for the fields, and hiding the spamfields in the mail but in lack of skills i leave this as it is for now...

 

regards mr-fan


excuse($user->bad->English | code | style) ......just learning the ease of PW


#106 daniel.s

daniel.s

    Jr. Member

  • Members
  • PipPip
  • 17 posts
  • 3

Posted 20 October 2014 - 09:59 AM

I'm having a problem with the special characters "åäö" turning up strange when the content is emailed. Is there anyway to support Swedish letters when using the mailing function?



#107 Mats

Mats

    Distinguished Member

  • Members
  • PipPipPipPip
  • 170 posts
  • 132

  • LocationSweden

Posted 20 October 2014 - 03:12 PM

I never encountered this problem with FormBuilder. Does the characters work when sending mails not using FormBuilder?

Could be mail client not encoding the mail properly.



#108 daniel.s

daniel.s

    Jr. Member

  • Members
  • PipPip
  • 17 posts
  • 3

Posted 08 December 2014 - 08:59 PM

Hello! I'm having some trouble with the plugin. I've used Ryan's basic-form.php.txt file as a boilerplate and get the success message and all but it's seems i'm not receiving any mail to the linked email account. Tried 2 different accounts.

 

It's for a launched site and it would be unfortunate if sent mails got lost. Is there an easy way to save the form as a child page to the parent like with this code:

$form->parent = $page; // optional, saves form as page

I'm really stuck, been trying all night to get this to work. Help would be highly appreciated :)

 

Edit:

 

Solved it through changing from mail to wireMail and installing the Swift Mailer module.


mail($emailTo, $subject, $message, "From: $form[email]");

To

wireMail($emailTo, $form[email], $subject, $message);

Thanks!



#109 adrianmak

adrianmak

    Sr. Member

  • Members
  • PipPipPipPip
  • 186 posts
  • 21

Posted 14 January 2015 - 05:41 PM

the Form Template Processor module is developed for quit a long time. Does it work on pw 2.5 ?



#110 adrianmak

adrianmak

    Sr. Member

  • Members
  • PipPipPipPip
  • 186 posts
  • 21

Posted 15 January 2015 - 12:23 AM

Alchime, I actually have not tried out that tutorial yet, so need to take a closer look at that. However, attached is a template file (basic-form.php) that is ready to use as a basic contact form with the default site profile. Let me know if this is helpful?

attachicon.gifbasic-form.php.txt

Note that you'll have to rename this to basic-form.php, place in /site/templates/. If you want it to email to a specific address (rather than the superuser) than edit the file and enter your email address in at the top where it says to.

 

I'm sorry. I'm new on pw.

how to use basic-form.php?

I put basic-form.php under templates folder.

In back-end, added a new page called contact page, then, how to select this php template over here ? In the page settings, I could not see the contact form template in the Template select list



#111 bramwolf

bramwolf

    Jr. Member

  • Members
  • PipPip
  • 18 posts
  • 1

  • LocationThe Netherlands

Posted 28 March 2015 - 11:36 AM

Hey Guys!

 

 

Thanks for the script Ryan, it works great! The only thing I tried to add is a file upload function. I tried to implement that from different scripts in to this one but with no avail :( Could anybody help me out? That would be greatly appreciated! This script I'm using is pretty much exactly the one in the quote below.

 

Thanks in advance,

Bram Wolf

 

 

Alchime, I actually have not tried out that tutorial yet, so need to take a closer look at that. However, attached is a template file (basic-form.php) that is ready to use as a basic contact form with the default site profile. Let me know if this is helpful?

attachicon.gifbasic-form.php.txt

Note that you'll have to rename this to basic-form.php, place in /site/templates/. If you want it to email to a specific address (rather than the superuser) than edit the file and enter your email address in at the top where it says to.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users