We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
  • Quote from: web_designer at Aug 10, 2006, 02:24 PM

    OFF TOPIC:
    I’m still working on the drop down. I’ve got it working on safari 1.3.2 (OSX 10.3.9 - Panther) but it won’t work on the new version in Tiger (I forget the version number)... No, I haven’t registered in Apple’s bugtracker... Slap my hand!
    I’m going to crack it and then I’ll be famous all over the internet!.. LOL... well I know many people will want to use my code

    FYI, the latest nightly build of Webkit fixes the Safari/Flash rendering bug! Get it here: http://webkit.opendarwin.org/
      Ryan Thrash, MODX Co-Founder
      Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
      • 31654
      • 238 Posts
      I’ve been using the FormProcessor for a few weeks now and I really like it apart from it SPAM secuity... It doesn’t have any!
      I’m receiving loads of SPAM from hackers which means my website is sending loads of SPAM aaaaagh

      Can some work out how to get the following code to work in the snippet. It needs to go just before the form is posted
      <?php
      // First, make sure the form was posted from a browser.
      // For basic web-forms, we don't care about anything
      // other than requests from a browser:    
      if(!isset($_SERVER['HTTP_USER_AGENT'])){
         die("Forbidden - You are not authorized to view this page");
         exit;
      }
      
      // Make sure the form was indeed POST'ed:
      //  (requires your html form to use: action="post") 
      if(!$_SERVER['REQUEST_METHOD'] == "POST"){
         die("Forbidden - You are not authorized to view this page");
         exit;    
      }
      
      // Host names from where the form is authorized
      // to be posted from: 
      $authHosts = array("domain.com", "domain2.com", "domain3.com");
      
      // Where have we been posted from?
      $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
      
      // Test to see if the $fromArray used www to get here.
      $wwwUsed = strpos($fromArray['host'], "www.");
      
      // Make sure the form was posted from an approved host name.
      if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){    
         logBadRequest();
         header("HTTP/1.0 403 Forbidden");
             exit;    
      }
      
      // Attempt to defend against header injections:
      $badStrings = array("Content-Type:",
                           "MIME-Version:",
                           "Content-Transfer-Encoding:",
                           "bcc:",
                           "cc:");
      
      // Loop through each POST'ed value and test if it contains
      // one of the $badStrings:
      foreach($_POST as $k => $v){
         foreach($badStrings as $v2){
             if(strpos($v, $v2) !== false){
                 logBadRequest();
                 header("HTTP/1.0 403 Forbidden");
                     exit;
             }
         }
      }    
      
      // Made it past spammer test, free up some memory
      // and continue rest of script:    
      unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
      ?>


      I would also like to add a CC on all emails but I can’t see anything about it in the doc’s

        Web Development, Web Hosting & Search Engine Marketing by:

        Vitalized | UK
        w. www.vitalized.co.uk

        Website Design | Search Engine Marketing (SEM) | UK MODx web hosting, secure, fast & 100% MODx compatible

        Vitalized | Australia
        w. www.vitalized-australia.com.au

        Website Design | Search Engine Marketing (SEM) | Australian MODx web hosting, secure, fast & 100% MODx compatible
        • 31654
        • 238 Posts
        Is anyone able to get the SPAM code to work?
          Web Development, Web Hosting & Search Engine Marketing by:

          Vitalized | UK
          w. www.vitalized.co.uk

          Website Design | Search Engine Marketing (SEM) | UK MODx web hosting, secure, fast & 100% MODx compatible

          Vitalized | Australia
          w. www.vitalized-australia.com.au

          Website Design | Search Engine Marketing (SEM) | Australian MODx web hosting, secure, fast & 100% MODx compatible
          • 22815
          • 1,097 Posts
          Can you please tell us where the anti-spam code is from? I don’t want to touch it until I’m certain of the licences etc. But you should be able to put it in after
          if(isset($form['send_to']) && $form['send_to'] == 'FormProcessor') {

          (around line 525).

          Oh, and regarding your other issue : you want to add a value to the form, but there’s already a value="[+eMail-value+]".
          That’s a placeholder. So just set it to what you want in the snippet: ie
          $modx->setPlaceholder("eMail-value", "Enter your eMail here");
          

          in the line before the // If we are sending a form (around 524). This setting should get overwritten if there’s a form being submitted, because the following section goes through registering those values.

          You would then just need to use
                <input type="text" id="your_email" size="27" class="[+eMail-required_class+]" name="eMail" value="[+eMail-value+]" onfocus="if(this.value=='Enter your eMail here')this.value=''" />
          

          in your form.
            No, I don&#39;t know what OpenGeek&#39;s saying half the time either.
            MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
            Forum: Where to post threads about add-ons | Forum Rules
            Like MODx? donate (and/or share your resources)
            Like me? See my Amazon wishlist
            MODx "Most Promising CMS" - so appropriate!
            • 31654
            • 238 Posts
            This is the website for the script.
            http://www.alt-php-faq.org/local/115/

            It looks ok to use!

            I can’t get it to work though and I know nothing about PHP so if anyone gets it working I and many others would be very happy!
              Web Development, Web Hosting & Search Engine Marketing by:

              Vitalized | UK
              w. www.vitalized.co.uk

              Website Design | Search Engine Marketing (SEM) | UK MODx web hosting, secure, fast & 100% MODx compatible

              Vitalized | Australia
              w. www.vitalized-australia.com.au

              Website Design | Search Engine Marketing (SEM) | Australian MODx web hosting, secure, fast & 100% MODx compatible
              • 31654
              • 238 Posts
              Also is there a way to setup CC in the form?
                Web Development, Web Hosting & Search Engine Marketing by:

                Vitalized | UK
                w. www.vitalized.co.uk

                Website Design | Search Engine Marketing (SEM) | UK MODx web hosting, secure, fast & 100% MODx compatible

                Vitalized | Australia
                w. www.vitalized-australia.com.au

                Website Design | Search Engine Marketing (SEM) | Australian MODx web hosting, secure, fast & 100% MODx compatible
                • 22815
                • 1,097 Posts
                I can’t see why pasting that code into the snippet wouldn’t work. All it takes is missing the <?php bits out and adding your details in the $authHosts bit. Possibly also skip the logBadRequest(); bits.

                Did the placeholder stuff work for you?

                Do you need it to be a CC or can you just put 2 addresses in the TO field?
                  No, I don&#39;t know what OpenGeek&#39;s saying half the time either.
                  MODx Documentation: The Wiki | My Wiki contributions | Main MODx Documentation
                  Forum: Where to post threads about add-ons | Forum Rules
                  Like MODx? donate (and/or share your resources)
                  Like me? See my Amazon wishlist
                  MODx "Most Promising CMS" - so appropriate!
                  • 20765
                  • 90 Posts
                  myfriendscallmebill Reply #18, 17 years, 7 months ago
                  What might be the best approach for doing data validation (is the data reasonable, not just has some data been provided) on fields in a FormProcessed form?
                    • 31654
                    • 238 Posts
                    I’m sorry I don’t understand the question huh
                      Web Development, Web Hosting & Search Engine Marketing by:

                      Vitalized | UK
                      w. www.vitalized.co.uk

                      Website Design | Search Engine Marketing (SEM) | UK MODx web hosting, secure, fast & 100% MODx compatible

                      Vitalized | Australia
                      w. www.vitalized-australia.com.au

                      Website Design | Search Engine Marketing (SEM) | Australian MODx web hosting, secure, fast & 100% MODx compatible
                      • 20765
                      • 90 Posts
                      myfriendscallmebill Reply #20, 17 years, 6 months ago
                      To explain data validation....

                      Let’s say I want someone to suppy an American Social Security Number (SSN).

                      (no, I’m not suggesting that something so sensitive be sent via insecure email, but it’s a simple example of data I might want to have validated).

                      The SSN is always in the format 000-00-0000.

                      Let’s say that there’s no point in my recieving the email at all unless I recieve a correct SSN to work with.

                      Let’s say I want to prevent a sender from filling in the SSN field with either intentional garbage or with a mistyped number.

                      So how would I insure that the form won’t post unless the data entered into this field is exactly: three numerals, a hyphen, two numerals, a hyphen, and four numerals.

                      Now often this is done with JavaScript associated with the form. The submit button is set up to invoke a script that checks all the field data and displays a popup alert message when it finds an error.

                      But this is inelegant, whereas FormProcessor has a very nice way of generating error message and error class placeholders for each required field.