PHP Feedback Form action not secure

colinowen · October 27, 2008, 9:00am

HI, About a week ago I set up a feedback form using the PHP form feedback action. Today I received junk mail from the form. Am I missing something?
Colin.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · October 27, 2008, 9:20am

Colin, I am afraid I do not know if there is a way of making the PHP
Feedback form configuration more secure but if your server permits the
use of ioncube decoders then you can use the ‘PHP easiForm’ actions
for your form ($20 per domain).

Once you have set your form up with the actions then you can do the
following to make the forms even more secure:

Select ‘Disallow HTML’ from the ‘HTML Filter menu’
Set the ‘Block domain’ menu to ‘yes’
Set the action to ‘Advanced’ and there you can add badwords (I find
adding ‘http:,[url’ without the quotes to the badwords field tends to
block fairly much everything) but you can add/adjust these to suit
your needs.
If you have selected a confirmation to be sent to the sender then
enter the address of the web form into the ‘Footer email’ field and
not an email address.

If you want to go a little further then if you get the PHP easiForm
and PHP easuCaptcha bundle ($30 per domain) you can also add an image
or math question captcha to your form.

There is a tutorial on how to use these actions with your form in
Freeway here:
http://easibase.com/freeway/freeway_form.php

HTH

On Oct 27, 2008, at 10:00 AM, colinowen wrote:

HI, About a week ago I set up a feedback form using the PHP form
feedback action. Today I received junk mail from the form. Am I
missing something?
Colin.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

colinowen · October 27, 2008, 9:27am

Hi Mike, Thanks for that. I am aware of these actions and will give it some thought. I do actually have another PHP form system which works, but it writes its own page. I wanted the form to be part of my site looks wise…

Thanks again.
Colin.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · October 27, 2008, 9:37am

The PHP easiForm actions can generally fit in with the page design…
although if everything on the page is layered then the error text
output from the PHP easiForm Errors action when users do not fill in
required fields may overlap the other form items, this is why it best
to use non layered items for forms while using the actions although
this also depends on your forms design and that way the items below
the error text move down to compensate for this.

HTH

On Oct 27, 2008, at 10:27 AM, colinowen wrote:

Hi Mike, Thanks for that. I am aware of these actions and will give
it some thought. I do actually have another PHP form system which
works, but it writes its own page. I wanted the form to be part of
my site looks wise…

Thanks again.
Colin.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

colinowen · October 27, 2008, 9:56am

Yeah, understood.
Thanks,
Colin.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options