I am making a simple form with a submit button inside of it. In order to do this I used a shortcode which returns the form. I would like to prevent the user from submitting the form multiple times. However, the answers I have found tend to rely on disabling the button using javascript in some way. If I understand correctly this has two problems.
If the user stops the page, the button will be permanently disabled.
The client code can be changed manually by the user to send multiple requests even if the button is disabled.
I was wondering if there is some way to handle this on the server side in php?
The main problem I am having is that the shortcode needs to return something. It is possible to store a unique code using a nonce, the database or other methods to uniquely identify the submission. However, I can't find a way to cancel execution before the shortcode starts.
Also, when I was trying things I found that if I sleep the function so I can spam the submit button, only the final shortcode submission is returned. So I can't simply return a working copy of the form either.
It seems this would be a standard problem, so am I missing something?
Related
I'm having a problem trying to submit the form automatically using php-webdriver client, everything went fine until one day my script was no longer able to submit the form. The process of filling form is really simple:
I have my fields that I want to populate in that form and click submit button with attribute name="submit". Everything worked fine but now the same code somehow doesn't cut it.
$input = $this->driver->findElement(WebDriverBy::name('first_name'));
$input->sendKeys('Example');
$submit = $this->driver->findElement(WebDriverBy::name('submit'));
$submit->click();
This is pretty much what my script does it finds a few fields and sends some values after that I simply click the submit button. After the submission, I checked what response I get using getPageSource() method, and surprisingly it showed me different page, but in the right circumstances it should be on the same page. If I delete every line of code that uses sendKeys() method then it stays on the same page which is the correct behavior. But I'm not understanding why sendKeys in combination with $submit->click() causes something like 'redirect' it redirects to index page which is initial website page and it used to work correctly, I checked everything many times and it looks that I provide all required fields correctly and able to submit the form. But instead of successful form submission response, I see that I'm on the index page.
Maybe there are known issues with this but I'm just not aware of it? Some advice, ways of how could I debug it would be really helpful because now I'm clueless, there's simply no indication of what went wrong.
I currently have two PHP files set up, one that functions as the form and the other that functions as the processor of the information provided. They are linked together like so:
<form action="processing.php" method="POST" enctype="multipart/form-data">
When I hit submit, the page switches to the 'processing.php' file. I recently implemented required fields that users must enter, but they cannot see this warning because the page switches. I am testing this in WAMP.
I think a solution may be to include the processing script in the same file as the actual form, but the script is pretty long and I'd really like it to stay in two separate files for readability.
Is there a way that I can prevent the page from switching to the page indicated in the action tag?
The HTTP POST from a form goes to whatever form action you set. If you want logic applied that's in a different file, you need to restructure things so that your logic is in processing.php, or you need to change the form action.
If you want to prevent page refresh all together, you need to use ajax.
If you only want to prevent the page switch if the required fields aren't properly filled, you need to create an onSubmit javascript call, then return false if field validation fails.
I run a website which includes several radio streams. I have set up icecast to request .htaccess account in order to authenticate and start streaming. There is the same account for all streams. I submit the form (it is hidden via css) with jquery once the page loads so the user does not have to know the account nor submit the form.
The problem is that form information are being revealed if user views source. Is there any way to hide these information? Searching the internet what most people say is that this is not possible because browser needs to be able to clearly read these information in order to function properly. Anyone know any way, if it is possible?
I ended up creating the form (document.createElement) on page load with jquery, submitting it (.trigger("click")) and then removing it (.remove()). In addition I obfuscated the jquery code with the tool found here Crazy Obfuscation as #André suggested. That way user cannot see the htaccess username and password in Page Source nor find it using "inspect element" or firebug.
Personally, I need a bit more information to clearly deduct a solution for your issue, I hope you can give me that.
However, have you tried simply .remove()ing the form after submission? That way it gets submitted on page load and then gets removed so by the time the page loads and the user clicks view source, he will not be able to see it. He can, of course, disable JS for example, or any other workaround, but this is a very quick fix with the amount of information we have.
You can not directly hide values in 'view source'. Similarly when the form is being submitted, using tools like 'fiddler' the user could view the values. If you want to really hide them what you can do is never have those values show in the form. You could try techniques like encrypting those values on server or something if it never needs to be displayed to the user in the web page.
I'm trying to make an app on Android that send an URI that auto-populate the "RFC Emisor" and "RFC Receptor" of this web page:
https://verificacfdi.facturaelectronica.sat.gob.mx, if I'm correct those two inputs have the id of:
ctl00_MainContent_TxtRfcEmisor
ctl00_MainContent_TxtRfcReceptor
I already tried this but it didn't work:
https://verificacfdi.facturaelectronica.sat.gob.mx/&ctl00_MainContent_TxtRfcEmisor=123456789&ctl00_MainContent_TxtRfcReceptor=123456789
there is a way to achieve what I want?
The short answer is no. The browser won't automatically detect the URL parameter and pre-populate any form fields. A back-end PHP / ASP.NET page can read the value from the request and generate the HTML fields with the specified values. Alternatively, the page could use JavaScript to set the field values when the document finishes loading.
But all of this depends on changes to the target web page. If you do not have the ability to modify that page, I'm afraid there's very little you could do.
You might be able to duplicate the form on your own page, and send the form data to the target—effectively bypassing the form on the other page and 'faking' your own, but if the target system does some kind of validation to prevent posting forms across domain names, this probably won't work either. You may have create the form and process it yourself, replicating the entire form interaction programmatically when a user submits a form to your server. In any case, none of these options are particularly graceful.
I'm having some trouble implementing a bit of custom functionality in the Contact Form 7 plugin for Wordpress.
What I want to do is pretty straightforward. The contact form in question is a normal contact inquiry form, so I need to retain the usual functionality (mailing the data). However I also have a checkbox on the form that allows the sender to choose whether to subscribe to the client's mailing list in addition to mailing the contact inquiry.
The client uses Bronto for their mass mailing (similar to CC or Mailchimp). Bronto has a "direct add" feature (more info here) that allows you to send parameters to add contacts to the Bronto account by embedding an image whose url contains the requisite parameters (email address, list to subscribe to, etc).
I can construct the image url with the contact form parameters no problem, but actually getting the image request sent is a different matter. I am over my head both in PHP and JS here and not sure what course to take.
Currently I'm using the wpcf7_before_send_mail php hook built into CF7 and this appears to allow me to collect the form data and build the URL. However, since the plugin uses AJAX and doesn't actually redirect to another page on form submission it seems I can't successfully use any kind of php output (echo, alert, even error_log), presumably because the server doesn't know what it's supposed to write to.
In functions.php:
add_action( 'wpcf7_before_send_mail', 'bronto_contact_add' );
function bronto_contact_add( $cf7 ) {
$emailcf = $cf7->posted_data['email'];
echo $emailcf;
}
This is just a test to see if echo works - it does not. Instead the form just hangs on submission and I see the rotating loading gif forever.
What I need to do is build the image url using parameters from the cf7 object (which I can do no problem) and then somehow send that image request to the Bronto server (this is the part I am confused about). If this was a normal form that redirected to another php page upon submission I would have no problem doing this at all, but it uses AJAX which I don't know much about so I'm pretty lost now.
Can anybody help shed some light on how the best way to accomplish this might be?
If the submit is hanging after you attached your function, at least you know that it had an effect. I'm not terribly familiar with Contact Forms 7, but this is probably not the proper place for an echo, and my guess is that it is hanging because you are writing to the buffer and then it is trying to do a redirect (check your error logs). If you want to see the contents of $cf7, a better way to do it would be:
// first option, using print_r()
error_log(print_r($cf7, true));
// second option, using var_dump() if you need the additional output
ob_start(); // start buffer capture
var_dump($cf7); // dump the values
$contents = ob_get_contents(); // put the buffer into a variable
ob_end_clean(); // end capture
error_log($contents); // log contents of $cf7
The contents of the $cf7 variable will then be in your PHP error log, which will tell you how to access the different components.
I came across your thread while looking for a similar solution to the same problem with CF7 - a hang on submission when trying to pass info to my own database on the back-end for a CRM.
I did not see an answer to this issue anywhere on the web in relation to CF7 integration, so thought I would post here what I found was the problem and how it was fixed. I'm no pro, but the solution works in testing, if anyone has anything to add to this solution please chime in
Basically, if you are using Wordpress and trying to pass the info into a CRM database, I am going to assume your database tables are not on the same database as your Wordpress site database. What you are then trying to do is establish two database connections simultaneously, but the reference ID is being reused for your Wordpress database when trying to connect to your CRM. I found this was the root cause of the hang on submission during testing.
I used a deprecated command from PHP 4 that still works in PHP 5, mysql_connect, :
mysql_connect('localhost', 'root', '', true);
By passing 'true' as your fourth parameter you are able to keep the connection separate from the one running for your Wordpress site. Did this and the CF7 submission doesn't hang, it submits to the CRM and sends it out as an e-mail simultaneously, no problem.
Note too though, if something is wrong with your syntax for the CRM data submission i.e. misnamed variable, etc.. it will also hang. If passing 'true' doesn't work check your code first to make sure it's clean.
If anyone reading this has an equivalent solution for this with 'mysqli' commands I'd be interested to know it, I tried it using mysqli and couldn't get it working.
Is there some reason why you can't just prefix the table names and add them to the same database? It seems that would be a better solution and would work fine with mysqli as opposed to using archaic, insecure drivers.....
I guess, I just don't see the point of using two databases in this case... I would try using one.