Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1513 2015-05-19 10:07:01

candyman
Member
From: Italy
Registered: 2006-08-08
Posts: 684

Re: zem_contact_reborn 4.0.3.20

The problem is that I’ve three different pages that the user have to read: legal stuff, privacy and cookie policy (never mentioned before ‘cause I thought was not important). All with links to their own page.

With the last method is not possible :(

My actual code:

<txp:zem_contact_checkbox label="I've read the " required="1" /><a href="http://mysite.it/disclaimer">legal stuff</a>, la <a href="http://mysite.it/privacy">Privacy Policy</a> and the <a href="http://mysite.it/cookie">Cookie Policy</a> and I accept all their>terms and conditions.<br /><br />

Anyway, if is not possible, I’ll link only the Legal one. Thanks for your precious help!

Last edited by candyman (2015-05-19 10:19:05)

Offline

#1514 2015-05-19 10:28:37

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: zem_contact_reborn 4.0.3.20

Maybe try setting up the label text in a variable in advance:

<txp:variable name="link_text">I've read the <a href="http://mysite.it/disclaimer">legal stuff</a>, la <a href="http://mysite.it/privacy">Privacy Policy</a> and the <a href="http://mysite.it/cookie">Cookie Policy</a> and I accept all their>terms and conditions.</txp:variable>
<txp:zem_contact_checkbox label='<txp:variable name="link_text" />' required="1" />

Or wrap <txp:zem_contact_checkbox label="I've read the stuff" /> in <txp:rah_replace /> and get it to replace the string “stuff” with the link markup?

Offline

#1515 2015-05-19 10:34:03

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.20

That wouldn’t work for the error message. You could do this by modifying the plugin.

At the end of the zem_contact_checkbox function, change this line:

'<label for="'.$name.'" class="zemCheckbox '.$zemRequired.$isError.' '.$name.'">'.htmlspecialchars($label).'</label>';

Into:

'<label for="'.$name.'" class="zemCheckbox '.$zemRequired.$isError.' '.$name.'">'.$label.'</label>';

You do have to make sure that the label is valid HTML.

Offline

#1516 2015-05-21 09:42:10

Zanza
Plugin Author
Registered: 2005-08-18
Posts: 699
Website

Re: zem_contact_reborn 4.0.3.20

Hello, I’ve noticed through some monitoring tool that a user of mine experimented the zem_contact_form_expired message after submission in 2’:10’‘. I noticed there’s an “expired” attribute set to 600, but it’s quite undocumented. How does it work? How can one extend the default limit? Should one change the source code value or use expire=“1000”? What are the risks?

Z-

Offline

#1517 2015-05-21 10:43:09

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: zem_contact_reborn 4.0.3.20

Gallex wrote #290511:

could i create so called “safety question” with this plugin?

Apologies for missing your query … I think the answer is possibly “yes”. <txp:adi_contact_validate/> can validate that two fields are equal, so you could ask a question & compare the answer with a hidden field value. If you want to give it a go, call me on the adi_contact forum thread.

Offline

#1518 2015-05-21 10:51:05

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: zem_contact_reborn 4.0.3.20

Zanza wrote #290961:

a user of mine experimented the zem_contact_form_expired message after submission in 2’:10’‘.

Very odd. The default expiry time in both v4.0.3.20 and v4.5.0.0 is 600 (seconds), a.k.a. ten minutes. The difference is that in 4.5.0.0. you can (sort of) alter that via the expire attribute.

The trade-off to extending or shortening the expiry time is that people / bots get more or less time to fill in the form. If you are expecting someone to enter a lot of textarea content, for example, lengthening the expiry time might be prudent. But if it’s a tiny survey form with a couple of checkboxes and an email field, you could get away with a shorter time.

Note that under 4.5.0.0, the expire isn’t well-implemented yet. It still deletes forms that are over 10 minutes old which could, potentially, expire a form before the actual time has been reached depending on the activity of other users or bots. I made a note in the code to revisit this.

The problem, for the technically minded, is that every time ZCR is called on a page display, it flushes old nonces that control form validity. Assume person A loads a form with an expiry of twenty minutes and busily fills it out. Eight minutes later, person B visits the same contact page, completing the form in three minutes. When person B submits the form, ALL nonces older than ten minutes (including those of person A) are flushed, because 8 + 3 = 11 minutes have elapsed since person A loaded the page. Thus when person A comes to submit the form a minute later, they get an expiry message despite it only being 12 minutes since they started the process, and you set expire="1200".

Not sure of the best way round it besides the one I noted in the code comments, which isn’t ideal either. If anyone has any pearls of wisdom, I’d love to hear them.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#1519 2015-05-21 13:29:53

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.20

Bloke wrote #290966:

The problem, for the technically minded, is that every time ZCR is called on a page display, it flushes old nonces that control form validity. Assume person A loads a form with an expiry of twenty minutes and busily fills it out. Eight minutes later, person B visits the same contact page, completing the form in three minutes. When person B submits the form, ALL nonces older than ten minutes (including those of person A) are flushed, because 8 + 3 = 11 minutes have elapsed since person A loaded the page. Thus when person A comes to submit the form a minute later, they get an expiry message despite it only being 12 minutes since they started the process, and you set expire="1200".

I think I solved that problem by setting the timestamp of the nonce in the future (expire time minus 10 minutes) instead of setting it to the current time.

Offline

#1520 2015-05-21 18:04:03

Zanza
Plugin Author
Registered: 2005-08-18
Posts: 699
Website

Re: zem_contact_reborn 4.0.3.20

Thanks Bloke. The problem you mention could make sense, but I haven’t had any evidence of people accessing the same page and flushing old nonce around the same time. All I can think is that the user had the page loaded before the monitoring tool started to record, i.e., due to inactivity or other variables I should check. Actually, it could be the case, because I’m not seeing, at the beginning of the session recording, an event that I set in the first seconds after page loading and that in other sessions I can see.
So maybe the user landed on the page before, and the tool didn’t managed to capture that.

Now I set the expire to 2000, since it’s a textarea coming after a medium-long text, with average time on page > 3 min.

But I’m not sure how safe is to use Zem_contact_reborn at this point, or a third part service for managing forms, or, again, move the form to an entirely dedicated page using a link or a button at the end of the informative page, instead of placing the form there.

A little confused about the cause and the potential frequency of this problem.

Offline

#1521 2015-05-21 18:12:50

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.20

@zanza, which version of the plugin are you using?

Offline

#1522 2015-05-22 15:52:46

Zanza
Plugin Author
Registered: 2005-08-18
Posts: 699
Website

Re: zem_contact_reborn 4.0.3.20

Hi Ruud, i’m using 4.5.0.0. Any hint? BTW, I don’t know how to set a timestamp in the future… I barely know what that means… :)

Offline

#1523 2015-05-22 16:12:07

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: zem_contact_reborn 4.0.3.20

Edit the plugin. Look for this line:

safe_insert('txp_discuss_nonce', "issue_time = '" . $now_date . "', nonce = '$zem_contact_nonce'");

Try replacing that with:

safe_insert('txp_discuss_nonce', "issue_time = now() + interval ($expire - 600) second, nonce = '$zem_contact_nonce'");

… and let us know if that works.

Offline

#1524 2015-05-23 00:02:57

Zanza
Plugin Author
Registered: 2005-08-18
Posts: 699
Website

Re: zem_contact_reborn 4.0.3.20

Thanks, I suspected that was the line, but didn’t know what to write. I’ll let you know in the next days. At the moment I’ve not been able to replicate clearly what I saw from my user, so before editing the code I’d better understanding what happens in what conditions (I’m gonna change different expire setting and try myself).

Offline

Board footer

Powered by FluxBB