Forums

Hidden field "1cf1" ?

polderguy 18 Dec, 2011
Hi,

Don't really have a problem. Just wondering something ...
Ever noticed below hidden form field at the end in chronoforms ?

<input type="hidden" value="3ad22cf1829c1416faca59d86eee3b7e" name="1cf1">

At first I thought this hidden field is related to the checkToken
parameter. But disabling (OFF) the checkToken setting in the General tab
does not make any difference. The hidden field is still there.
(I believe the checkToken setting is related to the Joomla native token).

So I started digging through the code ...
And I found the following relevant lines in chronocontact.html.php file:

<?php echo JHTML::_( 'form.token' ); ?>
<?php if($MyForm->formparams('enablecftoken', 1)){ ?>
<input type="hidden" name="1cf1" value="<?php echo $MyForm->generateCFToken($MyForm->formrow->name); ?>" />
<?php } ?>

hmmm ... enablecftoken ? What's this ?

A search through all chronoforms files for "1cf1" returned only 2 hits.

chronocontact.html.php and
chronoform.php

So I looked in chronoform.php and found "1cf1" is used in the
function checkCFToken().

Ok, so where is this function used ? Nowhere !
So if this hidden field is never checked or used what's the
purpose ?

Ok. I saved enablecftoken=0 in the parameters using phpMyAdmin.
And checked the form. Looks good. The hidden field is gone and
the form can be submitted. No problem ...

Cluttering from previous ChronoForms releases ?
Anyone who knows tell me. I'm in the dark ...

Oh allmost forgot. I noticed this hidden field does not exist by
default in a v4 (r2.0) form ... Makes me wonder ...

PolderGuy
GreyHead 19 Dec, 2011
Hi Polderguy,

Interesting. I had wondered why we'd never had any problems with that part of the code - but had never wondered enough to find out it wasn't used :-)

There were quite a few problems with the Joomla Security Token a while back and I imagine that Max started to implement a ChronoForms version of it but the code was never completed.

Bob
This topic is locked and no more replies can be posted.