Forums

Bug or not? From time to time I receive empty mails sent from a form. The corresponding log looks like this

GET /pagename?chronoform=formname&event=submit HTTP/1.1" 200 12144 "-" "Mozilla/5.0 (compatible; SemrushBot/3~bl; +http://www.semrush.com/bot.html)

I am wondering why a GET triggers the action and how can I prevent this behaviour?

Hi Joachim,
​
Adding a Captcha plus Serverside validation should block these.
​
Bob

A captcha is there, several fields are required and the action Validate Fields is used. I guess I am misunderstanding how the validation really works, first thought was that marking a field as required would be enough.
​
On the validation tab for a field I can enter validation rules. What validation rule I do have to enter, when the field e.g. surname is not allowed to be empty? TIA

Hi Joachim,
​
The Captcha should block any spam emails if it is configured correctly. The Check Captcha action should be the first action in the On Submit event and be set to re-load the form (or redirect) if the Captcha fails.
​
Bob

Setting something required works on the front end for users that don't disable JavaScript. You still need server side checks. You also need to check the recaptcha has been done properly, with the check recaptcha action or using the automatic check.

Try to access that url directly yourself, does it work ?

You still need server side checks.

That is my problem. How? The latest manual differs from the current version and to be honest, I could not find out how to add server side check and how they have to look like.

You also need to check the recaptcha has been done properly, with the check recaptcha action or using the automatic check.

Automatic check is enabled.

Try to access that url directly yourself, does it work ?

What do you mean? If I directly access the URL with the aforementioned GET parameters an empty Mail will be sent. In the meantime until I figure out how to set up a proper form, I blocked the bots with a htaccess. Thanks for your assistance so far.

If I directly access the URL with the aforementioned GET parameters an empty Mail will be sent.

This means something is wrong in your form, is this a v6 or v6.1 form ?
​
If its a v6.1 and you have the settings configured correctly and recaptcha enabled then this should not happen, can you remove sensitive data from your form then upload the form backup somewhere for checking the setup ?

It should be v6.1, see the link for the backup. TIA
​
https://send.firefox.com/download/37d89064415e83ec/#WvPS11QQ45D6tBcDbI9ANQ

i'm checking now and it says link expired, but if you have v6.1 form then do not use any "check" security actions on submit, just enable the settings for that in the form edit page.

There is no extra check on the submit button and settings are enabled (I believe). Here again the link:
​
https://send.firefox.com/download/0f9d9fe181d4f669/#x2Rw5qOtp6Q099jlnxOyyQ

Again it says the link has expired, under the form settings, does it have the "Check security fields" as enabled or not ?

Yes, Check security fields is enabled.[file=https://www.as-gmbh.de/Widerruf_19_Jul_2019_13_41_25.cf6bak]Widerruf-Backup[/file]

I'm not able to access the submit page directly under:

index.php?option=com_chronoforms6&cont=manager&chronoform=neuwiderruf-copy&event=submit

Is your form displayed inside an article ? if yes then do you use the v6 "content" or "system" plugin ? the content plugin has problems with caching

The form is displayed inside an article.

{chronoforms6}neuwiderruf{/chronoforms6}

And, do you have the v6 content plugin enabled under the joomla plugins manager ?

Sorry, yes I have it enabled.

please disable it and test the form again!

Disabled and it seems to work, because now the message is displayed, that the correct icon wasn't selected.

Great! so problem solved ?

Seems to be.😉 Just one question left: Why should I enable the content plugin if it is working without?

you should not, it has been replaced by the system plugin!

The plugin that creates problems with the empty forms is this one "ChronoengineGcore2" ?
That's the only plugin I can see related to Chronoforms. I don't see any "content" plugin.

Hello,
I think I may have the same issue. I have a v6 form, with required fields, captcha setup, working and active. Yet I still recieve a number of completely blank submissions on a daily basis.
​
I have the Chronofroms6 content plugin and a ChronoengineGcore2 system plugin. Do I need to disable BOTH of these plugins or just the content one?
​
Thanks
​
Lee

It is not just BOT sending empty emails, in my case never BOTs, but perfectly good clients who fill in the form correctly but I only receive an empty email, all I have to do is contact them back and say I received the email without any text. Not very professional but better than losing a contact. I have server validation activated but it doesn't seem to make a difference, still getting empty emails.