On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hi,

    I am using eForm for a fairly simple contact form on a webpage. On the form page I display two text template variables. The same page has a call to eForm. The whole page is as follows:

    <h1>[*pagetitle*]</h1>
    
    <p><b>[*haveYourSayTitle*]</b></p>
    <br/>
    <p>[*haveYourSayTopic*]</p>
    
    <br/><br/>
    
    [!eForm? &formid=`haveYourSayForm` &tpl=`haveYourSay-Form` &report=`haveYourSay-Email` 
    &to=`me@myemail.co.uk` &from=`no-reply@mysite.org.uk` &replyto=`no-reply@mysite.org.uk` 
    &subject=`Volunteer Have Your Say` &invalidClass=`invalidValue` &requiredClass=`requiredValue` 
    &cssStyle=`haveYourSay-Styles` &debug=`0` &thankyou=`haveYourSay-Thanks`!]
    


    I need the values of the two TVs (as displayed on the page) to be included in the resulting email.
    I have tried:

    1. placing the TV tags in the form (&tpl=`haveYourSay-Form` chunk) in hidden inputs (<input type="hidden" name="title" id="title" value="[*haveYourSayTitle*]" />), with [+title+] in the email template.
    In this case I get the following error on the form page and no email:
    Please correct your submission

    [undefined] » Tampering attempt detected!


    2. placing the TV tags straight into the email template (&report=`haveYourSay-Email` chunk).
    In this case I get the email but no output from the TV.

    I assume that if a page uses a template which has a TV, then any chunks or snippets used by that page should also have access to the same TV? (I take this from para 7 of http://sottwell.com/how-template-variables-work.html)

    I have tried using &sessionVars=`haveYourSayTitle` in the snippet call, with the but to no avail.

    Anyone out there able to tell me how to do this?

    Thankyou


    eForm 1.4.4
    MODx 0.9.6.1p2
    PHP 5.2.4-dev
    Apache 2.2.4
    Windows Server
    • Does nobody out there know the answer to this?

      OK, let me put it another way. Can anyone tell me how to put the value of a TV (template variable) into an email resulting from a form.

      If eForm can’t do this, can anybody recommend another form-to-email snippet that can do this?

      Cheers,

      Gav
      • Quote from: Gav at Dec 04, 2008, 11:51 AM

        placing the TV tags in the form (&tpl=`haveYourSay-Form` chunk) in hidden inputs (<input type="hidden" name="title" id="title" value="[*haveYourSayTitle*]" />), with [+title+] in the email template.
        In this case I get the following error on the form page and no email:
        [undefined] » Tampering attempt detected!

        Try adding eform validation control parameters to hidden field:
        eform="field_text::0:Id:0"

        Quote from: Gav at Dec 08, 2008, 09:31 AM

        OK, let me put it another way. Can anyone tell me how to put the value of a TV (template variable) into an email resulting from a form.

        Use eForm events:

        function efOnBeforeMailSent(&$fields) {
          ...
          $fields['field_name'] = $field_text;
          ...
        }
        
        • I would use an event function for this as well. You can do all sorts of cool processing if needed by using the events. There is some good documentation packaget together with the snippet assets/snippets/eform/docs that have a good example of using events.

          However, aternatively you can use a session var and declare it to use as a placeholder:
          &sessionVars (optional)
          Comma delimited list of $_SESSION variable names. These will be added to the list of field values before the form is displayed and can for instance be used to populate (hidden) fields. When using this parameter make sure you are not disclosing sensitive information from the session!! (a hidden field is not all that hidden afterall)
            [font=Verdana]Shane Sponagle | [wiki] Snippet Call Anatomy | MODx Developer Blog | [nettuts] Working With a Content Management Framework: MODx

            Something is happening here, but you don&#39;t know what it is.
            Do you, Mr. Jones? - [bob dylan]
          • Thanks Eol, I tried your "adding eform validation control parameters to hidden field" suggestion and it worked first time!

            hidden input now like:

            <input type="hidden" name="title" id="title" value="[*haveYourSayTitle*]" eform="field_text::0:Id:0" />

            The only remaining issue now are that the string (TV) I’m trying to display contains
            tags which are not handled at all in the email, and unslashed quotes. The TV only echos up to the first quote. Need to sort that and I’m fine.

            Thanks for your response too dev_cw. I think that events look worth investigating from what you say here.
            • Quote from: Gav at Dec 09, 2008, 04:01 PM

              Thanks Eol, I tried your "adding eform validation control parameters to hidden field" suggestion and it worked first time!

              hidden input now like:

              <input type="hidden" name="title" id="title" value="[*haveYourSayTitle*]" eform="field_text::0:Id:0" />

              Just a reminder that the above validation rule in reality means you are not validating the input for that field at all and anyone so inclined could change the value on the browser side at will. If this poses a security threat or is simply a nuisance depends on your form and your settings but generally it is not a good idea to leave posted values un-validated.

              Dev-cw’s suggestion of using events can give you a more secure solution. Have a look at examples for the eFormOnBeforeFormParse event. You can write a function that is triggered by that event which fetches the content of the TV’s (see the $modx->getTemplateVarOutput function), use htmlentities or htmlspecialchars to ’escape’ any special characters in the TV values and add them to the form template. How to do the latter you will be able to read about in the many examples for the eForm events in the forum or in the eform/docs/ directory.