Forums

How to set field validation to restrict certain email addresses

sjkelley 25 Sep, 2019
I have a site that uses CFv6 for several forms. Lately we've seen an uptick in the amount of Russian-language spam form submissions (despite having a ReCaptcha v2 field set up on the form).

I'd like to set up a server side validation rule to restrict any email address entered into the form's "Email" text field that ends in ".ru".

How do I do this?
healyhatman 26 Sep, 2019
https://www.chronoengine.com/forums/posts/t106813/validate-data-action-and-settings

Could use the doesntContain orregex options, or use PHP
sjkelley 12 Oct, 2019
I added a doesntContain rule on the "Email" form as you suggested. When I test the form myself I can see the validation is working (i.e. if I try to put an email ending in .ru in the field) it is not accepted.

However I am still receiving junk/spam emails containing .ru email addresses. See the screen grabs below.

The spammers are somehow circumventing the field validation. What other methods could I try to stop this?






healyhatman 12 Oct, 2019
You need server validation as well. In the action tab.
sjkelley 12 Oct, 2019
I already have a "Field Validation" action on the Setup tab. See below. Or are you referring to something else?

healyhatman 12 Oct, 2019
You have an event load in the fail event of that action? Or Use validate data action and put the validation rule in it
sjkelley 12 Oct, 2019
OK, I've added it. The Validate Data action has a "Fields Setup" area. So in my case I would put in there:

email/doesntContain[.ru]

^^^ is that the correct formatting?
sjkelley 12 Oct, 2019
OK, I just did. According to a CF tutorial (https://www.chronoengine.com/faqs/74-chronoforms/chronoforms6/5293-validating-fields) it looks like the Validate Data action doesn't require an event load action in its fail event.

We've been getting a lot of these spam .ru emails recently. So I guess I will know if this works if they stop!
sjkelley 12 Oct, 2019
OK, I just added one. The weird part is that it appears that the field validation based on that rule has always been working. You can see for yourself.

If you go to https://mission-bbq.com/contact and try to put any email address with an ".ru" in the Email field, it doesn't allow you to do so.
healyhatman 12 Oct, 2019
If you're talking about the validation on the form, it's JavaScript so can be easily deactivated. That's why you need the server validation too
sjkelley 13 Oct, 2019
Unfortunately adding the Validate Data action broke the form. When that action is added I get a "Call to undefined action" error message in the browser tab.

The incorrect part was putting the following...

email/doesntContain[.ru]

... in the "Fields Setup" portion of the Validate Data action. So that formatting is incorrect.
sjkelley 13 Oct, 2019
Also: I see you actually posted a useful list of how to use the Validate Data action at:

https://www.chronoengine.com/forums/posts/t106813/validate-data-action-and-settings?keywords=

And that post shows the formatting I tried using. So it's like "doesntContain[.ru]" is working in the validation settings of the text field itself, but that same rule isn't working when put in the Validate Data action.
healyhatman 13 Oct, 2019
email/doesntContain[.ru]:Message to show if wrong
Works for me
sjkelley 14 Oct, 2019
Unfortunately it does not for me. Using the above rule gives an "Error 0 Call to undefined action".

Aha, I am using ChronoForms version 6.0.19. I just updated it to 6.1.2 and now it works!🙂
This topic is locked and no more replies can be posted.