Forums

Form submitted without required fields?

tonalt 06 May, 2012
Hi. I'm using 4.0 RC3.21 on Joomla! 2.5.4.

I created succesfully form with ChronoForms and it works great when I test it. There is some required fields etc. and it doesn't allow to send the feedback unless the required fields are fulfilled.

But today I received strange feedback:


Name 		{input_text_1}
Email * 		{input_text_2}
Phonenumber  		{input_text_3}
Feedback: * 		{input_textarea_8}


Submitted by 69.84.207.147


So it seems that user (or bot?) was able to submit feedback without fulfilling the required fields? Because the values are the template names (e.g. {input_text_1}), not the values user typed.

Any idea what is going on here?
GreyHead 06 May, 2012
Hi tonalt,

Client side validation (the version with the pretty balloons that show error messages) is dependent on JavaScript. If you browse - as most spam bots and spammers of - with JavaScript turned off then it does nothing.

Think of client side validation as being there to help the user to complete the form correctly, not to validate all inputs. To do that you need to add server-side validation that uses PHP, runs on the server and is applied to all form results.

Bob
tonalt 06 May, 2012
Can you point me to direction where to put server-side validation code? I put this code to "Custom code - Before Email(s)" but nothing happens, it submits form normally.


<?php
$form->validation_errors[] = "Required field.";
return false;
?>
GreyHead 06 May, 2012
Hi tonalt,

Please use the Custom Serverside Valdiation action from the Validation actions group.

Bob
tonalt 06 May, 2012
Didn't realize I had to press "Edit in advanced mode" -button first.

The automatic server-side validation did the job.

Excellent software, I see there's been lot of progress in past few years.

Thanks!


Post Scriptum:

After automatic server-side validation (when there was validation error), email-textbox field got following value:

<script type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy71165 = 'blaa' + '@'; addy71165 = addy71165 + 'blaa' + '.' + 'com'; document.write('<a ' + path + '\'' + prefix + ':' + addy71165 + '\'>'); document.write(addy71165); document.write('<\/a>'); //-->\n </script><script type='text/javascript'> <!-- document.write('<span style=\'display: none;\'>'); //--> </script>This email address is being protected from spambots. You need JavaScript enabled to view it. <script type='text/javascript'> <!-- document.write('</'); document.write('span>'); //--> </script>


So maybe the automatic server-side validation is not compatible with Joomla! email spambot protection?
GreyHead 06 May, 2012
Hi tonalt,

You have the Joomla! Email Cloaking Plug-in enabled and it is trying to cloak the sample e-mail in the ChronoForms validation message. Disable the plug-in temporarily to check this is the problem. If you need the plug-in change the plug-ins order so that Email Cloaking runs before ChronoForms.

NB These are Joomla! plug-ins that you manage from Site Admin | Extensions | Plug-in Manager

Bob
This topic is locked and no more replies can be posted.