Hi,
Our very simple email contact form was working great for a while.
But more recently, I noticed that sometimes I'd get this error after submitting:
"you are not allowed to access this url"
The only thing I can think of that may have changed was a couple of months ago when we changed over to SEF urls.
But I would've thought this problem would've surfaced sooner if that's what caused it.
And I don't understand why this would only happen about 50% of the time.
The rest of the time, it works fine.
Any help appreciated, as always.
we're running chrono contact 3.0 STABLE 17.09.2008
site is j1.5.8
Our very simple email contact form was working great for a while.
But more recently, I noticed that sometimes I'd get this error after submitting:
"you are not allowed to access this url"
The only thing I can think of that may have changed was a couple of months ago when we changed over to SEF urls.
But I would've thought this problem would've surfaced sooner if that's what caused it.
And I don't understand why this would only happen about 50% of the time.
The rest of the time, it works fine.
Any help appreciated, as always.
we're running chrono contact 3.0 STABLE 17.09.2008
site is j1.5.8
Hi cra2,
I think this is most likely due to expired sessions - Joomla/ChronoForms store a session token when the form is opened and then check it when the form is submitted, You get this error if the token isn't found :-(
Bob
I think this is most likely due to expired sessions - Joomla/ChronoForms store a session token when the form is opened and then check it when the form is submitted, You get this error if the token isn't found :-(
Bob
Hi cra2,
They have a time limit - set in the site Global Configuration. I think the default is 15 minutes.
Bob
They have a time limit - set in the site Global Configuration. I think the default is 15 minutes.
Bob
ahhh.. well that can't be it then.
the form is only a few lines long and doesn't take 5 minutes to fill out, much less 15.
Have any other ideas?
thanks,
Cra2
the form is only a few lines long and doesn't take 5 minutes to fill out, much less 15.
Have any other ideas?
thanks,
Cra2
Hi Cra2,
the message happens all the times now or randomly ? can I see the form somewhere ? can you disable SEF for a few minutes and run a quick test ?
Regards
Max
the message happens all the times now or randomly ? can I see the form somewhere ? can you disable SEF for a few minutes and run a quick test ?
Regards
Max
the form is located at:
http://www.orlandopaintingcompany.com/contact.html
it seems random.
(though I'd swear it does it more when I test with Internet Explorer than with Firefox.)
feel free to fill out a sample entry, just use "test" in the body somewhere.
what kind of test did you want me to run?
http://www.orlandopaintingcompany.com/contact.html
it seems random.
(though I'd swear it does it more when I test with Internet Explorer than with Firefox.)
feel free to fill out a sample entry, just use "test" in the body somewhere.
what kind of test did you want me to run?
Hi cra2,
The form code all looks good but I got this error every time with three or four tests in tests in FireFox. It looks as though the session tokens aren't being saved correctly. This may have something to do with the particular set up of your site.
There is a work-around though it reduces the security of your form. Open components/com_chronocontact/chronocontact.php and look for this code around line 113
Bob
The form code all looks good but I got this error every time with three or four tests in tests in FireFox. It looks as though the session tokens aren't being saved correctly. This may have something to do with the particular set up of your site.
There is a work-around though it reduces the security of your form. Open components/com_chronocontact/chronocontact.php and look for this code around line 113
// Block SPAM through the submit URL
if(!JRequest::checkToken()){
echo "You are not allowed to access this URL";
return;
} // Block SPAM through the submit URL
//if(!JRequest::checkToken()){
//echo "You are not allowed to access this URL";
//return;
//}Bob
I used to get this error occasionally too (well, two or three times). But not recently (not that I've heard about anyway).
I just tested your form: from Firefox, 1st ever access to the site, got the form filled in in about 30 seconds...and received the error upon pressing Submit.
I will note 2 things in my environment that are not typical of the day to day user: I had used a Chronoforms form, from one of my own sites, a few minutes earlier; and, I had a Joomla site administrator session open. These might not be contributing factors but who knows?
I had speculated that it happened if I had multiple forms open at once but was not able to prove that scenario.
I just tested your form: from Firefox, 1st ever access to the site, got the form filled in in about 30 seconds...and received the error upon pressing Submit.
I will note 2 things in my environment that are not typical of the day to day user: I had used a Chronoforms form, from one of my own sites, a few minutes earlier; and, I had a Joomla site administrator session open. These might not be contributing factors but who knows?
I had speculated that it happened if I had multiple forms open at once but was not able to prove that scenario.
Hi, @cra2, Can you try to edit this file :
components/com_chronocontact/chronocontact.html.php
find :
replace it with :
and let me know!
Regards
Max
components/com_chronocontact/chronocontact.html.php
find :
<?php echo JHTML::_( 'form.token' ); ?>replace it with :
<?php echo JUtility::getToken(true); ?>and let me know!
Regards
Max
Hello all
Just updated my Joomla 1.5.9 installation with ChronoForms V3.0 Stable. I've now the same error in my form as discribed. I've tested it with IE 7.0, Firefox 3.0.6 and Opera 9.63 - in every browser the message "You are not allowed to access this URL" appears after clicking on the submit button. It takes about 20 seconds to fill in the form and then submit it.
To edit the chronocontact.html.php file doesn't changed anything in my environment.
Regards
Markus
Just updated my Joomla 1.5.9 installation with ChronoForms V3.0 Stable. I've now the same error in my form as discribed. I've tested it with IE 7.0, Firefox 3.0.6 and Opera 9.63 - in every browser the message "You are not allowed to access this URL" appears after clicking on the submit button. It takes about 20 seconds to fill in the form and then submit it.
To edit the chronocontact.html.php file doesn't changed anything in my environment.
Regards
Markus
Good morning
I've tested something yesterday evening and hope that I've found the solution. I use the mambot (plugin) of chronocontact to display the form in one of my article. So first I haven't updated the mambot to version 0.6. After updating the mambot it seems to work now. Means that the message don't appear any more.
But if I enter an incorrect validation code and try to resend the form, the message still appears - but only "randomly" :? Someone fill in the form and enter the validation code - incorrect unfortunately. So then the message "you have entered a incorrect validation code..." appears. Retypeing the validation code and resending the form now provoke that the "you are not allowed to access this URL" message is displayed. After refreshing the browser, the message "you have entered a incorrect validation code..." is still displayed (red background color). But now, the sending of the form works (if the validation code is correct).
The link to my form: http://www.tritten-nuetzi.ch/kontakt.html
Feel free to send some test messages.
Thanks for the help and nice day to everyone
Regards
I've tested something yesterday evening and hope that I've found the solution. I use the mambot (plugin) of chronocontact to display the form in one of my article. So first I haven't updated the mambot to version 0.6. After updating the mambot it seems to work now. Means that the message don't appear any more.
But if I enter an incorrect validation code and try to resend the form, the message still appears - but only "randomly" :? Someone fill in the form and enter the validation code - incorrect unfortunately. So then the message "you have entered a incorrect validation code..." appears. Retypeing the validation code and resending the form now provoke that the "you are not allowed to access this URL" message is displayed. After refreshing the browser, the message "you have entered a incorrect validation code..." is still displayed (red background color). But now, the sending of the form works (if the validation code is correct).
The link to my form: http://www.tritten-nuetzi.ch/kontakt.html
Feel free to send some test messages.
Thanks for the help and nice day to everyone
Regards
Hi Fellyboy,
You can't use mambot V0.6 with V3.0 of chronoforms, you need the V0.8 mambot!
the incorrect code message issue is here:
http://www.chronoengine.com/forums/index.php?option=com_chronoforums&cont=posts&f=3&t=11843
I suggest you wait for the V3.1 which will come out soon (by the weekend I hope) and will have many fixes!
Regards
Max
You can't use mambot V0.6 with V3.0 of chronoforms, you need the V0.8 mambot!
the incorrect code message issue is here:
http://www.chronoengine.com/forums/index.php?option=com_chronoforums&cont=posts&f=3&t=11843
I suggest you wait for the V3.1 which will come out soon (by the weekend I hope) and will have many fixes!
Regards
Max
Oh sorry - I made a mistake. I've installed V0.8 of the mambot. So anyway... seems that I have to wait for V3.1
Hi cra2,
The form code all looks good but I got this error every time with three or four tests in tests in FireFox. It looks as though the session tokens aren't being saved correctly. This may have something to do with the particular set up of your site.
There is a work-around though it reduces the security of your form. Open components/com_chronocontact/chronocontact.php and look for this code around line 113
// Block SPAM through the submit URL
if(!JRequest::checkToken()){
echo "You are not allowed to access this URL";
return;
} // Block SPAM through the submit URL
//if(!JRequest::checkToken()){
//echo "You are not allowed to access this URL";
//return;
//}Bob
Hi Bob,
I have the same problem with my website (only using IE7): how you suggested above, I modify the code and now works fine.
My question is: which is the security risk now?
Than you very much!
Andrea
Hi Andrea,
The risk is pretty low unless your site is a hacker target for some reason. IIRC the security token is to prevent an open session being highjacked by another second user on another computer. For most sites the risk is tiny.
Bob
The risk is pretty low unless your site is a hacker target for some reason. IIRC the security token is to prevent an open session being highjacked by another second user on another computer. For most sites the risk is tiny.
Bob
Thank you for the answer, Bob.
I will use the form without security token.
Bye!!!
I will use the form without security token.
Bye!!!
Gosh -
It seems like many are running into this. I'm using Joomla 1.5.9 and 3.0 Stable.
I thought I had it worked out - but I'm still fighting with it in IE.
The form : http://www.terryaultmanlpc.com/index.php?option=com_chronocontact&Itemid=116
Works great in FF3 - I have debug turned on and can view it - but I get no where in IE.
I've :
Removed <form> </form> tags
Edited CHRONOCONTACT.PHP @ lin 227 :
// Block SPAM through the submit URL
// if(!JRequest::checkToken()){
// echo "You are not allowed to access this URL";
// return;
// }
Edited chronocontact.html.php :
<?php echo JHTML::_( 'form.token' ); ?>
Changed the Joomla Global Configuration to handle sessions with and without the database - but am scratching my head.
Any insights would be most appreciated.
mm
It seems like many are running into this. I'm using Joomla 1.5.9 and 3.0 Stable.
I thought I had it worked out - but I'm still fighting with it in IE.
The form : http://www.terryaultmanlpc.com/index.php?option=com_chronocontact&Itemid=116
Works great in FF3 - I have debug turned on and can view it - but I get no where in IE.
I've :
Removed <form> </form> tags
Edited CHRONOCONTACT.PHP @ lin 227 :
// Block SPAM through the submit URL
// if(!JRequest::checkToken()){
// echo "You are not allowed to access this URL";
// return;
// }
Edited chronocontact.html.php :
<?php echo JHTML::_( 'form.token' ); ?>
Changed the Joomla Global Configuration to handle sessions with and without the database - but am scratching my head.
Any insights would be most appreciated.
mm
Hi greenkoi,
There's a JavaScript error showing in the status bar in IE7 and I can't even get the form to submit. Try switiching temporarily to a basic template without RokBox and see it that fixes it.
Bob
There's a JavaScript error showing in the status bar in IE7 and I can't even get the form to submit. Try switiching temporarily to a basic template without RokBox and see it that fixes it.
Bob
Bob -
Thanks for your reply.
I was able to see the error in IE 7 and 8 you mentioned. Dunno how I missed that. So I took your advice and tried a different template-the JA Purity, but no change.
I went a step further and disabled the offending RokBox plugins - but the form still isn't submitting.
EEk. I'm pulling my hair out on this one.
Thanks in advance for any insights.
Thanks for your reply.
I was able to see the error in IE 7 and 8 you mentioned. Dunno how I missed that. So I took your advice and tried a different template-the JA Purity, but no change.
I went a step further and disabled the offending RokBox plugins - but the form still isn't submitting.
EEk. I'm pulling my hair out on this one.
Thanks in advance for any insights.
Hi greenkoi,
Aha . . . you have a <form> tag in your form html - just before the Depression checkbox. That's probably it.
Bob
Aha . . . you have a <form> tag in your form html - just before the Depression checkbox. That's probably it.
Bob
FYI. I hit this issue as well and ended up commenting out the Session Token as suggested to get it to work.
Joomla 1.5.10 / ChronoForms_V3.1_RC4.11 / WAMP Server
Joomla 1.5.10 / ChronoForms_V3.1_RC4.11 / WAMP Server
Hi demo,
I'm investigating this issue and will find a solution!
Regards,
Max
I'm investigating this issue and will find a solution!
Regards,
Max
This topic is locked and no more replies can be posted.
