Forums

I have a form that is being used as a content mambot for Sobi2 directory component and everything is working as desired except for one thing. I need to protect the email address that I am pulling from the Sobi2 directory service. Currently a copy of email goes to administrator which is default email configuration and I have a BCC using "special fields" that is pulled from the Sobi2 component. I am using a hidden field which any decent email harvester will be able to find. Any advise on how I can hide this information and maybe pass the variable directly to the special fields or email system?

Sample code is below, any help would be much appreciated 😀

<div id="test">
<?php // "getinfo" is very bad name. It is very probably that someone has defined function with this name before
function getMySobiSpecData() {
//  global $database;
// do not use global - it is dangerous  
$config =& sobi2Config::getInstance();
$db =& $config->getDb();
$sid = (int) sobi2Config::request( $_GET, 'sobi2Id', 0 );
$sql = "SELECT data_txt FROM #__sobi2_item AS sitem, #__sobi2_fields_data AS sdata WHERE ( sitem.itemid = {$sid}  AND sdata.itemid = {$sid} AND (sdata.fieldid = 7 ) )";
// this query gives only one result
$db->setQuery( $sql );
$result = $db->loadResult(); 
if ( $db->getErrorNum() ) {
echo $db->stderr();
}
return $result;
}
getMySobiSpecData();
?>
</div>
<input name="sobivendor" type="hidden" id="hiddenField" value="<?php echo getMySobiSpecData(); ?>" />

Hi amadorj23,

Leave a hidden field with no value in the form html; then do the lookup in the OnSubmit before box. Set the value of the hidden field using JRequest::setVar() Then the email is never visible on the client side.

Bob

PS What's dangerous about 'global'? Just curious.

PS What's dangerous about 'global'? Just curious.

Those are notes left from one of the Sobi2 developers advising me on how to improve on my original code. He mentioned that when you use Global variables that they are easy to hack and use for SQL injection attacks.... lol now what that means exactly I'm not sure but it sounds scary... hahahaha He showed me how to accomplish same code results without using global.

Jrequest::setVar()? Not familar with this... Chronoform object? any examples on how to use? Is that how I would call it

<?php JRequest:;getVar('??variablename??'); ?>

or

<?php JRequest:;getVar('??hiddenfieldname??'); ?>

Hi amadorj23,

two of the objects can only be called from within the sobi2 Component

Somehow I doubt that; but who knows what SOBI2 can do. I don't usually have any problems extracting SOBI2 data into ChronoForms. It may be that you need another line or two of code to initialise the object. I'll take a look at your code and see what happens.

Are you using Joomla 1.5 legacy or Joomla 1.0?

JRequest::setVar() is the standard Joomla 1.5 code for setting a value in one of the REQUEST arrays. In Joomla 1.0 you can just set the $_POST value.

$database is an object so I don't think there's any problem in using it as a global on the server, though the J1.5 code is slightly different.

Bob

In Joomla 1.0 you can just set the $_POST value.

I am using 1.0.15

So I would do the following?

<input name="sobivendor" type="hidden" id="hiddenField" value="<?php echo $_POST["getMySobiSpecData()"]; ?>" />

Hi amadorj23,

In the form html include a hidden field:

<input type="hidden" name="sobivendor" value="" />

The value is empty because we are going to look that up server side after the form is submitted.

Your code also uses a GET variable so we'll need to capture that in the data the form submits with a second hidden field

<input type="hidden" name="sobi2id" value="<?php echo $_GET['sobi2id']; ?>" />

In OnSubmit Before include this code:

 <?php
global $database;
$sid = (int) $_POST['sobi2id'];
$sql = "
    SELECT data_txt 
        FROM #__sobi2_item AS sitem, #__sobi2_fields_data AS sdata 
        WHERE sitem.itemid = '$sid'  AND sdata.itemid = '$sid' AND sdata.fieldid = 7 ";
// this query gives only one result
$database->setQuery( $sql );
$result = $database->loadResult();
if ( $database->getErrorNum() ) {
    echo $database->stderr();
}
// Put the result back into the POST array
$_POST['sobivendor'] = $result;
?>

I've simplified this a bit:[list]

removed the function, you only need this as a function if you are going to look up more than one value, in which case you need to pass the function a parameter = '7' in this case.

I've switched back to Global $database as that's exactly what SOBI does if you use their object call.

We don't need the sobiconfig object any more as it just replicates standard Joomla functionality

[/list]

Bob

Hi amadorj23,

<input type="hidden" name="sobi2id" value="<?php echo $_GET['sobi2id']; ?>" />

Had to make one change to code, not sure why, and worked like a charm. Also you helped me with a second issue and thats how to associate the email to Sobi Id🙂 now evey email and database entry will have it listed which will make my reports much easier to create.

Changed code:

<input type="hidden" name="sobi2id" value="<?php echo mosGetParam( $_GET, 'sobi2Id' ,0); ?>" />

Thanks for the help I will be upgrading as soon as my site is fully released.

Any Sobi2 users this works like a charm for:
1.0.15 (Joomla)
RC 2.8.6 (Sobi2)

Sobi2 Details code to call Chrono

<?php echo HTML_SOBI::execMambots( "{chronocontact}contact_form{/chronocontact}" ); ?>

Good luck and thanks again. You will be getting 5 star review from me, I love active communities. 🤣