Web Analytics Made Easy -
StatCounter Secure Form - CodingForum

Announcement

Collapse
No announcement yet.

Secure Form

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure Form

    I created a couple forms that sends the results via email. But I Keep getting these empty form results. As if the user just clicked submit without entering any information.

    I added a check empty field script that pops up a message saying "please enter...blah blah"

    But I still get these empty messages....And occasionally I'll get a result like this:

    Code:
    Below is a completed Basketball Camp Registration Form form ryanmartinbasketball.org. 
    
    Athlete_Full_Name = utzbtfoelm
    Age = rs
    Date_of_Birth = vFjKUs  <a
    Address = http://mhmsxgaulnns.com/
    Address_Line_2 = http://mhmsxgaulnns.com/
    City = New York
    State = NY
    Zip_Code = 78229
    Country = USA
    Phone_Number = 2953428456
    Email = [email protected]
    Medical_Condition = vFjKUs  <a href=\"http://rjkpihihhzca.com/\">rjkpihihhzca</a>, xeyfajauweig, [link=http://szohsqthtoei.com/]szohsqthtoei[/link], http://nizrltbrmwas.com/
    Parent_Name1 = utzbtfoelm
    Parent_Name2 = [email protected]
    
    
    THE TIME AND DATE THE FORM WAS COMPLETED: 03:35 AM Thursday July 28th, 2011


    I thought about adding a captcha security image...Would this help? Any thoughts?

  • #2
    Link

    LINK TO TEST PAGE:


    http://www.rossow-web.com/test/test2/contact.html

    Comment


    • #3
      This is a different form than the one you are talking about. Does this one work? Can you post the code to the form you are having problems with? the HTMl and the javascript check.

      I see you are also using formmail.php. Did you configure it correctly?
      WordPress Designer and theme developer. KlongDesigns - helping bloggers and non-technical folks claim their space on the internet.

      Comment


      • #4
        Yes it is a different form....

        I have currently two forms. They both use the same formmail.php script.

        They both work, just it seems it isn't secure enough. Users are able to submit blank forms. They are able to submit forms with junk characters. I don't know how they are able to since I have a field check in there, as you can see in the code.

        I was just showing the junk emails I get from one of the forms.

        I am having the same problem with both forms. One form is a bit more complex. I figure they just need to be secured some how. I didn't think it a problem with the form cause its pretty straight forward. Or maybe I am wrong...


        Here is the simple form html:

        Code:
        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        
        <meta name="description" content="The website and portfolio of  – Figure painting, Figurative painting, Figurative style, Figure in surroundings, Spatial painting, Floating, Painting of Swimming, Swimming figures, Swimming paintings, Water motif, Figure in water, Realistic, Realism, Figuration, Representationalism, New england art, Life painting, Painting from life, Observational art, Observational painting, Painting from observation "/>
        
        
        <title> | ARTWORK</title>
        
        <link href="css/global_style.css" rel="stylesheet" type="text/css" />
        <link href="css/contactform.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" href="css/font_stylesheet.css" type="text/css" charset="utf-8" />
        
        <script type="text/javascript">
        function validateForm()
        
        {
        var x=document.forms["myForm"]["Full_Name"].value
        if (x==null || x=="")
          {
          alert("Full Name must be filled out");
          return false;
          }
        
        var x=document.forms["myForm"]["Email"].value
        var atpos=x.indexOf("@");
        var dotpos=x.lastIndexOf(".");
        if (atpos<1 || dotpos<atpos+2 || dotpos+2>=x.length)
          {
          alert("Not a valid e-mail address");
          return false;
          }
        
        
        var x=document.forms["myForm"]["Comments_Questions"].value
        if (x==null || x=="")
          {
          alert("Please leave a comment.");
          return false;
          }
        
        }
        
        </script>
        
        </head>
        
        <body>
        
        <div id="container">
          
           <div id="header">   
          <center><a href="index.html"><img src="images/title.jpg" width="502" height="82" alt="_title" border="0" /></a>
          </center></div>
        
        <div id="navbckgrnd">
        
        	<div id="nav_menucontainer">
        <ul id="navmenu">
                    <li><a href="paintings.html" >Paintings</a></li>
                    <li><a href="bio.html" >Biography</a></li>
                    <li><a href="contact.html" >Contact</a></li>
                </ul>
        
        	</div>
             
        </div>
        
        <div id="sitemap"><a href="index.html">home</a> | contact</div>
        
        <div id="formwrap">
        <form name="myForm" onsubmit="return validateForm()" action="formmail.php" method="post">
        
        <fieldset>
        <div class="row"><label class="col1">Full Name:&nbsp;&nbsp;</label>
          <span class="col2">
          <input name="Full_Name" class="input" type="text" id="First Name" size="20" tabindex="1" style="font-size:17px;"  />
          </span></div>
        
        
          <div class="row"><label class="col1">Mailing List:&nbsp;&nbsp;</label>
          <span class="col2">
        
        <input name="Mailing List" type="checkbox" value="Please add me to the mailing list." />
        <font size="2">Please add me to the mailing list.</font>
          </span></div> 
        
        <div class="row"><label class="col1">Email:&nbsp;&nbsp;</label>
          <span class="col2">
          <input name="Email" class="input" type="text" id="Email" size="20" tabindex="2"  style="font-size:17px;"/>
          </span></div>
          
        
        <div class="row"><label class="col1">Comments:&nbsp;<br />Questions&nbsp;&nbsp; </label>
        
          <span class="col2">
          
          <textarea name="Comments_Questions" class="input" type="text" id="comments" cols="18" rows="5" tabindex="2" style="font-size:17px;"/></textarea>  
            
          </span></div>
          
            
              <div id="formbuttonsContainer">
              <input type="submit"  class="submitButton"/>
            </div>
          
          
         </fieldset> 
        </form>
        </div>
        
                <div id="footer">
                <div class="copyright" >© 1999-2011 test. All Rights Reserved.</div>
                </div>
        </div>
        
        
        </body>
        </html>



        I thought I configured the formmail.php script correctly....maybe not?

        Comment


        • #5
          When I tried it the error checks worked (got a popup error on submit). However, if I turned of Javascript, then the form submitted with the errors because the javascript wasn't fired.

          If you're going to do form checking, it might be better to actually do it with server side code so it can't be bypassed.
          WordPress Designer and theme developer. KlongDesigns - helping bloggers and non-technical folks claim their space on the internet.

          Comment


          • #6
            ok great... i'll look into server side validation.... but how do i make sure its a human and not a web robot? would i still need a captcha?



            do i have to contact the service provider for the server side form validation? or is that something i can do myself?
            Last edited by rastacssforum; Aug 31, 2011, 12:04 PM.

            Comment


            • #7
              You can add a captcha, which will stop the bots. formmail integrates recaptcha into itself rather nicely.
              WordPress Designer and theme developer. KlongDesigns - helping bloggers and non-technical folks claim their space on the internet.

              Comment

              Working...
              X