cforms II User Forum

Registration is currently disabled.
Guest

FAQs

Login form protected by Login LockDown.


Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Where does the Q&A comparison takes place
January 16, 2008
10:42 am
Ann
Guest

Please replace the ??? with your data!

  • Your URL: http://???
  • The browser used: ???
  • cforms version: ???
  • Your Wordpress version: ???

Hi Oliver,
Thank you for your excellent plugin and continuous professionalism (you have helped me many times before :) ).

When having Q&A verification enabled, where in your code does the comparison between the answer and the userinput takes place?
I.e. where in your code do you have something like:
if ($_POST[‘cforms_a’.$no] ==  $_POST[‘cforms_q’.$no]) ….
Is it in cforms.php or cform.src.js ?

What I need to do is to add another md5() on the user input since it is compared to a custom WP-field (instead of cforms custom questions).
This field corresponds to a password and has been hashed for protection.
Your help is much appreciated.

January 16, 2008
7:41 pm
Oliver
Munich, Germany
Admin
Forum Posts: 6400
Member Since:
March 6, 2005
Offline

It happens in two areas. For JS in cforms.js and for non-JS (or nonAjax for that matter) in lib_nonajax.php.

My suggestion however would be to modify cforms.php instead, at the source (pun intended):

$qall = explode( "\\r\\n", get_option('cforms_sec_qa') );

Look for the above line and replace get_option('cforms_sec_qa') with your hashed value.

Second change would require the md5() to be removed, since the above value is already md5'ed:

$content .= $nttt .'<input type="hidden" name="cforms_a'.$no.'" id="cforms_a'.$no.'" value="' . md5(rawurlencode(strtolower($q[1]))) . '"/>';

Two relatively easy changes, and it should work.

January 22, 2008
10:10 am
Ann
Guest

Thanks, as always your suggestion is a working solution.
However the passwords, which are stored as custom wp-fields, will be shown (hashed) inside the page source code, which is not preferable.

In your opinion, do you think it is possible to create a custom function inside cform.php that compares user input (cform_q) with values inside the WP-database and then calls for cform.js for the displaying of error messages etc.
Alternatively is it possible to pass on the password as an argument to the verification-function in cform.js without it being shown in the page source code.

Which option do you think is most feasible or would you suggest another approach?
Perhaps it is not possible to use AJAX enabled forms and use custom wp-fields for verification.

January 22, 2008
11:01 pm
Oliver
Munich, Germany
Admin
Forum Posts: 6400
Member Since:
March 6, 2005
Offline

Ann said:

Thanks, as always your suggestion is a working solution.
However the passwords, which are stored as custom wp-fields, will be shown (hashed) inside the page source code, which is not preferable. 

In your opinion, do you think it is possible to
create a custom function inside cform.php that compares user input
(cform_q) with values inside the WP-database and then calls for
cform.js for the displaying of error messages etc.

Yes, very doable. With the limitation that it would have to happen in non-Ajax (lib_nonajax.php). 

Alternatively is it possible to pass on the password as an argument to
the verification-function in cform.js without it being shown in the
page source code.

 Nope. The only way you could have Javascript (which runs locally on your browser) read any server data is by having somewhere in the HTML source code.

Which option do you think is most feasible or would you suggest another approach?
Perhaps it is not possible to use AJAX enabled forms and use custom wp-fields for verification.

Correct. I would then suggest to simply use a single line input field (textfield), and add a 'special case' to the error routine in the non ajax llibrary (see above) for textfields to check it against your custom password.

Check lines 72-88, it would have to go in there for special treatment (validation).

Forum Timezone: Europe/Berlin

Most Users Ever Online: 959

Currently Online:
30 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tracedef: 43

mores: 21

Gyrus: 20

frozenwaste: 18

asuffredini: 15

photoworks: 14

Member Stats:

Guest Posters: 3757

Members: 1463

Moderators: 3

Admins: 2

Forum Stats:

Groups: 1

Forums: 4

Topics: 5355

Posts: 18732

Newest Members: juredujmovic, dreamkeeper, rajattyagi, wrokaa, lukass

Moderators: Paul (421), cnymike (8), sonika (95)

Administrators: Oliver (6400), Nicky (3)