ONE TYPO - DEILVERY (how boring am I)
will try to get my form live tomorrow. so probably asking other problematic questions.
SECURITY RISK - I left my DB details on the file. Went back to check later and were on display...My fault though.(password not on show I know but 4/5 answers for hackers) Thought I would share that though.
Otherwise LOVED IT....10/10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your work on this project is admirable. It's cool and the improvements are significant over the previous version. Here are my observations/experiences with one run at using it:
1) I created a form using the email delivery method. No email ever came through. Uploaded files were placed in the Files folder, though.
2) Edited the same form to use a MySQL table. That works just fine, the uploaded files are placed in the Files folder and form data in the SQL table, however, the connection between the uploaded file and the form data is lost (the data in the SQL table does not indicate which file was uploaded with the form data), and the SQL fields are named Field_1, Field_2, etc., instead of having the proper field names.
3) Edited the same form to use the File delivery method. After a LOT of fuddling around, finally figured out that the data file needs to be in the root folder for the form, not in the Files folder. That surprised me. Finally, the form worked that way, but the same disconnect between form data and uploaded files still exists.
4) The lack of the previously available Admin features makes extracting data from submitted forms tedious if using SQL or File, and seems like a step backward.
5) I would really like to be able to use more than one delivery method. I might like to receive email AND have the data stored in either SQL or flat file, or both.
And lest you think I'm only complaining: I REALLY like the fact that forms are now editable after creation, the ability to adjust look and feel is a great idea, addition of pre-populated and live validating fields is great, and the new point-and-click interface is brilliant.
Work out the bugs that I and others have reported here and this tool stands to save a lot of time and effort for your users. Once it's working, available for download, and you can ensure continued development and support, I for one would be happy to encourage your efforts financially. Keep up the good work!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Great form generator thanks for spending the time doing it.
I noticed that during use one improvement would be to give the info images a z-index below that of the info boxes to stop the images showing through the boxes. Easy to do. I could show you what i did but you are a way too good programmer to see my basic efforts.
I also noticed that having sent the form you could use the back arrow and send the form again. This is not a good idea as spammers will use this to send multiple forms with ease. They do on another of my sites using a slightly different form.
Is there a way to cause a refresh of the captcha or to use a time delay before another could be sent?
Blanking off all the fields might be the way to go?
Thanks again for a great resource.
Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is the form not working properly? You can ignore notices, in fact on a production server / website notices should be turned off.
Also, I notice you have a "powered by...". Although we don't require you keep the "powered by phpFormGenerator" message, its not very ethical to slap some other organization's name on someone else's product.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How can you modify the field placment? Instead of all fields and names all bedown one side would like to be able to put side by side. If have to stay on one side how can input a picture to right side useing frontpage. I have tried to find in the code where can move fields ove but cannot. I am not a programmer but like the gernerator for createing contact forms and being able to add the capcha.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Using Frontpage you can edit the form.html to look any way you want it to. You don't need to be a programmer to use Frontpage. Be sure to make a backup copy of the original in case you make any mistakes.
Post again if you are really stuck.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been trying to get the fields to move but everything I do it stays the same. Was trying to put like first name and last name on same line. have to edit the code to do it but I am missing something?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks You for the link to the tutorial. I do not see nay of these tags in the code to modify in the form. I created the form via the generator them uploaded to site. I open the form.html but do not see anything in there to modify a table. Do I need to create one?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's in there. You just haven't found it yet. If you would like additional help, send me your form.html file in an email and I will highlight the areas that need to be changed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
They are not in the form.html page. Did a search and it come up with nothing. Is there soemthing that I forgot to check when created the form via the website. http://phpformgen.sourceforge.net/
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I sent you an email with the file included. Did you copy the data into a new form.html file? Did you install the new file on your site? Search for just the text "table". It is in the file I sent you. If you have published this new form file on your site, give me a pointer to it so I can verify you have the right file in place.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok I pasted the code you sent and it does show now and see the tables. Whay doesn't the form generator create those from the website? The only thing wrong is the words cover a radio button. I will email the link.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Several posts have correctly shown how to have the emails with a user entered subject or return address.
My question is: Are the variables SPAM injection safe? That is if a spammer puts the correct tags into the subject or return fields will they be passed through to the mail function and allow them to send their crud to thousands of victims getting your server blacklisted?
For the first part I never allow the user to provide the email subject header and instead modify processor.php to provide my fixed subject that my client filters on. But I am not sure if the return address (Reply-To: and From:) headers could be exploited if the input fields are not somehow scrubbed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The subject and from fields are not populated by default with any form fields. The user can of course modify the processor.php to do anything they desire.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Agreed, but for the the novice that can just make the changes to populate the from and subject fields how do they make sure or scrub the form fields to prevent injections?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's up to the user to make sure the modifications they provide for themselves work the way they intend them to. I am happy to help and can provide some input but this is a FREE program! Anyone using it can not expect the designer to be responsible for custom additions.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi guys, I just made a form with v3.0! I downloaded is as usual and then I just copied the tags in an existing .html file.I put in on the server and you can fill in everything but when I click on the "submit" button there are two errors...
Warning: move_uploaded_file(./files/file_10_17190125012008.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/w20197/html/formtest/processor.php on line 10
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/home/w20197/phptmp/phpMWi0m0' to './files/file_10_17190125012008.jpg' in /home/w20197/html/formtest/processor.php on line 10
File Picture1.jpg was not uploaded.
Additional information: I use the "Email" delivery method and I want to upload a picture from my home computer and then send it with the email to the mail receipient...
Love it...
realy simple
ONE TYPO - DEILVERY (how boring am I)
will try to get my form live tomorrow. so probably asking other problematic questions.
SECURITY RISK - I left my DB details on the file. Went back to check later and were on display...My fault though.(password not on show I know but 4/5 answers for hackers) Thought I would share that though.
Otherwise LOVED IT....10/10
Your work on this project is admirable. It's cool and the improvements are significant over the previous version. Here are my observations/experiences with one run at using it:
1) I created a form using the email delivery method. No email ever came through. Uploaded files were placed in the Files folder, though.
2) Edited the same form to use a MySQL table. That works just fine, the uploaded files are placed in the Files folder and form data in the SQL table, however, the connection between the uploaded file and the form data is lost (the data in the SQL table does not indicate which file was uploaded with the form data), and the SQL fields are named Field_1, Field_2, etc., instead of having the proper field names.
3) Edited the same form to use the File delivery method. After a LOT of fuddling around, finally figured out that the data file needs to be in the root folder for the form, not in the Files folder. That surprised me. Finally, the form worked that way, but the same disconnect between form data and uploaded files still exists.
4) The lack of the previously available Admin features makes extracting data from submitted forms tedious if using SQL or File, and seems like a step backward.
5) I would really like to be able to use more than one delivery method. I might like to receive email AND have the data stored in either SQL or flat file, or both.
And lest you think I'm only complaining: I REALLY like the fact that forms are now editable after creation, the ability to adjust look and feel is a great idea, addition of pre-populated and live validating fields is great, and the new point-and-click interface is brilliant.
Work out the bugs that I and others have reported here and this tool stands to save a lot of time and effort for your users. Once it's working, available for download, and you can ensure continued development and support, I for one would be happy to encourage your efforts financially. Keep up the good work!
Great form generator thanks for spending the time doing it.
I noticed that during use one improvement would be to give the info images a z-index below that of the info boxes to stop the images showing through the boxes. Easy to do. I could show you what i did but you are a way too good programmer to see my basic efforts.
I also noticed that having sent the form you could use the back arrow and send the form again. This is not a good idea as spammers will use this to send multiple forms with ease. They do on another of my sites using a slightly different form.
Is there a way to cause a refresh of the captcha or to use a time delay before another could be sent?
Blanking off all the fields might be the way to go?
Thanks again for a great resource.
Neil
Its a great tool, but having some problems here, getting a
Notice: Undefined offset: 1 in c:\program files\easyphp1-8\www\form\processor.php on line 6
Notice: Undefined offset: 1 in c:\program files\easyphp1-8\www\form\processor.php on line 9
There is something with the Checkbox handling, its like there is something that don't exist. But what ?
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
// Checkbox handling
$field_9_opts = $_POST['field_9'][0].",". $_POST['field_9'][1];
// Checkbox handling
$field_10_opts = $_POST['field_10'][0].",". $_POST['field_10'][1];
include("config.inc.php");
$link = mysql_connect($db_host,$db_user,$db_pass);
if(!$link) die ('Could not connect to database: '.mysql_error());
mysql_select_db($db_name,$link);
$query = "INSERT into `".$db_table."` (field_1,field_2,field_3,field_4,field_5,field_6,field_7,field_8,field_9,field_10,field_11) VALUES ('" . $_POST['field_1'] . "','" . $_POST['field_2'] . "','" . $_POST['field_3'] . "','" . $_POST['field_4'] . "','" . $_POST['field_5'] . "','" . $_POST['field_6'] . "','" . $_POST['field_7'] . "','" . $_POST['field_8'] . "','" . $_POST['field_9'] . "','" . $_POST['field_10'] . "','" . $_POST['field_11'] . "')";
mysql_query($query);
mysql_close($link);
mail("m.h.samarbaksh@hetnet.nl","MFC-Assurantien","Klant afspraak:
Naam: " . $_POST['field_1'] . "
Waar wilt u een afpraak voor maken ?: " . $_POST['field_8'] . "
Adres: " . $_POST['field_2'] . "
Postcode: " . $_POST['field_3'] . "
Woonplaats: " . $_POST['field_4'] . "
E-mail: " . $_POST['field_5'] . "
Telefoonnummer: " . $_POST['field_6'] . "
Gewenste datum: " . $_POST['field_7'] . "
Gewenste tijdstip: " . $_POST['field_11'] . "
Wanneer moet de afspraak zich plaats vinden: $field_9_opts
Waar moet de afspraak zich plaats vinden: $field_10_opts
powered by MFC-Assurantien.
");
include("confirm.html");
?>
Is the form not working properly? You can ignore notices, in fact on a production server / website notices should be turned off.
Also, I notice you have a "powered by...". Although we don't require you keep the "powered by phpFormGenerator" message, its not very ethical to slap some other organization's name on someone else's product.
when i add a new checkbox, i'm unable to pick 'yes' or 'no' for 'Field options required'
also, i get an error message 'every multiple option field should have at least one option' when i click 'click here when done'.
How can you modify the field placment? Instead of all fields and names all bedown one side would like to be able to put side by side. If have to stay on one side how can input a picture to right side useing frontpage. I have tried to find in the code where can move fields ove but cannot. I am not a programmer but like the gernerator for createing contact forms and being able to add the capcha.
Using Frontpage you can edit the form.html to look any way you want it to. You don't need to be a programmer to use Frontpage. Be sure to make a backup copy of the original in case you make any mistakes.
Post again if you are really stuck.
I have been trying to get the fields to move but everything I do it stays the same. Was trying to put like first name and last name on same line. have to edit the code to do it but I am missing something?
This is simple html table management. Here is a simple tutorial.
http://www.w3schools.com/html/html_tables.asp
Thanks You for the link to the tutorial. I do not see nay of these tags in the code to modify in the form. I created the form via the generator them uploaded to site. I open the form.html but do not see anything in there to modify a table. Do I need to create one?
It's in there. You just haven't found it yet. If you would like additional help, send me your form.html file in an email and I will highlight the areas that need to be changed.
Did you get the emial I had sent you? I wll send it it again.
No.
The email I got back did not have any highlights. Did you highlight the tags that needed to be changed?
Search for <table, <tr, <td
<table> = begining of table
<tr = begining of row
<td = begining of column within a row
They are not in the form.html page. Did a search and it come up with nothing. Is there soemthing that I forgot to check when created the form via the website. http://phpformgen.sourceforge.net/
I sent you an email with the file included. Did you copy the data into a new form.html file? Did you install the new file on your site? Search for just the text "table". It is in the file I sent you. If you have published this new form file on your site, give me a pointer to it so I can verify you have the right file in place.
Ok I pasted the code you sent and it does show now and see the tables. Whay doesn't the form generator create those from the website? The only thing wrong is the words cover a radio button. I will email the link.
Several posts have correctly shown how to have the emails with a user entered subject or return address.
My question is: Are the variables SPAM injection safe? That is if a spammer puts the correct tags into the subject or return fields will they be passed through to the mail function and allow them to send their crud to thousands of victims getting your server blacklisted?
For the first part I never allow the user to provide the email subject header and instead modify processor.php to provide my fixed subject that my client filters on. But I am not sure if the return address (Reply-To: and From:) headers could be exploited if the input fields are not somehow scrubbed.
The subject and from fields are not populated by default with any form fields. The user can of course modify the processor.php to do anything they desire.
Agreed, but for the the novice that can just make the changes to populate the from and subject fields how do they make sure or scrub the form fields to prevent injections?
It's up to the user to make sure the modifications they provide for themselves work the way they intend them to. I am happy to help and can provide some input but this is a FREE program! Anyone using it can not expect the designer to be responsible for custom additions.
Use this as a Google search string and educate yourself.
php prevent form field injection
Hi guys, I just made a form with v3.0! I downloaded is as usual and then I just copied the tags in an existing .html file.I put in on the server and you can fill in everything but when I click on the "submit" button there are two errors...
Warning: move_uploaded_file(./files/file_10_17190125012008.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/w20197/html/formtest/processor.php on line 10
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/home/w20197/phptmp/phpMWi0m0' to './files/file_10_17190125012008.jpg' in /home/w20197/html/formtest/processor.php on line 10
File Picture1.jpg was not uploaded.
Additional information: I use the "Email" delivery method and I want to upload a picture from my home computer and then send it with the email to the mail receipient...
Here is my processor.php-code
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
session_start();
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {
// File upload handling
if($_FILES['field_10']['name']!=''){
$field_10_filename = "file_10_".date("sihdmY").substr($_FILES['field_10']['name'],strlen($_FILES['field_10']['name'])-4);
// the if line is the line 10!
if(!move_uploaded_file($_FILES['field_10']['tmp_name'], "./files/".$field_10_filename)){
die("File " . $_FILES['field_10']['name'] . " was not uploaded.");
}
}
appreciate the help