cforms II User Forum

Registration is currently disabled.
Guest

FAQs

Login form protected by Login LockDown.


Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Form Security
March 28, 2009
5:57 pm
Jeff
Guest

Hi Oliver,

I am trying to avoid the captcha and question means to prevent spam so as to not bother site visitors with it, so want to try the regular expression and honey pot methods.  They should prevent everything, really.

In another post, you make this statement for form security:

  1. Add a Question & Answer field
  2. Add a CAPTCHA image (with v7.2 you can design it)
  3. Add regular expressions for key fields
    1. e.g. a name field can only contain [A-Za-z .\\-]*
    2. a phone number only numbers [0-9 \\-\\+]*
    3. etc.
  4. Create a "honey pot"
    1. Add an single line input field with a regexp that only validates if the field is left empty!
  5. Via CSS set the above field to not show!

I have successfully implemented your suggestions above and elsewhere for the name and US only phone number.  They work as long as they are there and validate.

Problem is that I do not want to require a phone number, but if they DO put a phone number there, I want to test that it is a US phone number.  If I leave the phone number blank when completeing the form and do not require it in the form setup, the regular expression validates against "nothing" anyway and gives an error.

I am using this regular expression from you:

    Phone||^[\\(]?(\\d{0,3})[\\)]?[\\s]?[\\-]?(\\d{3})[\\s]?[\\-]?(\\d{4})[\\s]?[x]?(\\d*)$

Can I change this so that the regular expression only checks validation IF there is something in the field?  If the field is blank, it should not check for validation.

Do you recommend an email validation regular expression?  There are literally hundreds, and lots of disagreement on whats better.

For the honey pot, I asked elsewhere what the validation input would be for forcing the field to be empty.  You could address this here and delete my other question, I could not see how to delete it.

Finally, when an error is generated, I am getting this fatal error on the page:

    Warning: preg_match() [function.preg-match]: Compilation failed: unrecognized character after (? at offset 1999 in /home/jeffdcom/public_html/wp-content/plugins/cforms/lib_validate.php on line 191

Do you know the cause of this error or how I can correct it?

Thanks!

Jeff

March 29, 2009
9:05 am
Oliver
Munich, Germany
Admin
Forum Posts: 6400
Member Since:
March 6, 2005
Offline

the honeypot question I answered in the other thread

in terms  of regular expressions, like you said there are literally hundreds of sites and even more recommendations / possible solutions for a given problem.

Note that some regexp may not work with Javascript that otherwise would work in PHP (if you have one of those you may need to turn of Ajax or try a alternative regexp).

The email field is already checked against a relatively loose email address check, but it can be made more strictly.

I generally recommend making the form as least secure as possible but as secure as needen. Once you don't get spammed anymore, I wouldn't add more complexity.

June 24, 2009
11:22 am
Guest

I recently got flooded with spam through my cform, although I am using captcha to exactly prevent that. I could heavily reduce spam by creating a honeypot-field as suggested in this thread, however, CC-messages include an empty field with the honeypot-field's titel.

Is there a way to remove this from the cc-mails?

Thanks,

Michael

June 25, 2009
9:03 pm
Oliver
Munich, Germany
Admin
Forum Posts: 6400
Member Since:
March 6, 2005
Offline

mkalina said:

I recently got flooded with spam through my cform, although I am using captcha to exactly prevent that.

very odd. I never seen "spam floods" with forms using CAPTCHA. of course CAPTCHA doesn't stop a human from spamming you.

what's the URL of the form?

I could heavily reduce spam by creating a honeypot-field as suggested in this thread, however, CC-messages include an empty field with the honeypot-field's titel.

Is there a way to remove this from the cc-mails?

sure you just need to disable including the complete data block for the admin message and create your own admin template referencing all form required {form fields} specifically…this has been asked a few times before, might want to run a forum search on custom admin emails…

Thanks,

Michael

May 7, 2010
4:06 pm
Guest

Hi

Sorry to bring up such an old thread but i'm desperate to add a 'honeypot' to cForms. I have scoured the forum to try and find the 'other thread' where honeypot regular expressions are explained but I can't find it.

So could somebody please give me the regexp to add to my honeypot text field to ensure it only validates if left empty?

Thanks in advance

May 20, 2014
7:46 am
Steve d
Guest

As this thread is the top hit for Honeypot and cforms I thought a simple answer here might help people:

Just make a field (not required) with a common name like phone or first name, etc, give it a regular expression to reject anything being inside it (^$), and then set it to display:none; in your css.

eg.

Phone||^$|err:Please leave this field blank|html5:0¤0¤¤¤¤¤

Forum Timezone: Europe/Berlin

Most Users Ever Online: 959

Currently Online:
21 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tracedef: 43

mores: 21

Gyrus: 20

frozenwaste: 18

asuffredini: 15

photoworks: 14

Member Stats:

Guest Posters: 3760

Members: 1463

Moderators: 3

Admins: 2

Forum Stats:

Groups: 1

Forums: 4

Topics: 5358

Posts: 18738

Newest Members: juredujmovic, dreamkeeper, rajattyagi, wrokaa, lukass

Moderators: Paul (421), cnymike (8), sonika (95)

Administrators: Oliver (6400), Nicky (3)