close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Issue with mischief-maker

Thread began 1/14/2011 10:34 am by dcb286193 | Last modified 2/05/2011 3:02 pm by Jason Byrnes | 1913 views | 16 replies |

dcb286193

Issue with mischief-maker

I set up a registration form using form builder with validation, security and email. Have tested and everything works correct, although I received a bogus registration this morning. It looks as if they by passed the form and went straight to the email and filled in their own info and sent it. Is their a way to prevent this from happening. Like putting a validation on the wave_ part that unless the information is posted from a specific form it generates an error? I have attached a screen shot of the email.

Sign in to reply to this post

Jason ByrnesWebAssist

set the trigger for the Server Validation behavior to use any form post.

But set the trigger for any other behaviors, like Universal Email or insert record, to use Current Page Submit.

Sign in to reply to this post

dcb286193

You are correct I used "any post" on Universal Email. I have changed it as you suggested. Though, I would like to know what the difference would be if I used the trigger for submit button of the specific form compared to Current Page Submit. As I have the insert record trigger setup for the specific form button pressed.

Sign in to reply to this post

Jason ByrnesWebAssist

the current page submit trigger looks at the $_SERVER['HTTP_REFERRER'] variable and the $_SERVER['SERVER_NAME'] variable to make sure that they match.

the $_SERVER['SERVER_NAME'] is set by the server to the servers domain. the $_SERVER['HTTP_REFERRER'] is set to domain of the page that the post came from.

current page submit also looks at the page name of the referer, and makes sure they match.

A common tactic that a hacker will use is to visit your form page, and view source in the browser, then copy the source code.

He will then create a new page with your source code, set the action of the form to post to the form on your domain, upload it to his server to try and hack your form.

In this case, the Button submit trigger will still work, because he is just copying your form, element for element.

If you use the Current page submit trigger it wont work though, since the HTTP REFERRER will not math the SERVER_NAME


Setting the Server Validation behavior to use the Any form submit trigger will run the validation any time a post is made to the page. you want the validation to occur no matter what.

you only want the Insert or Email to send if the form that is being posted is on your server.

Sign in to reply to this post

dcb286193

Thank you Jason, a very good explanation that I think many others will like, as I did. As always you and the rest of the staff do a great job. Thanks for the help

Sign in to reply to this post

Jason ByrnesWebAssist

You're welcome.

Sign in to reply to this post

dcb286193

Issue with mischief-maker

I am having another issue with the lost password page. I have attached a screen shot. I have the validation setup to validate the email address on the form and the total rows must be one. It is setup to validate from the submit button of the form. Should this be validating on page submit instead, or how should I go about handling this issue?

Sign in to reply to this post

Jason ByrnesWebAssist

please send a copy of your page and the webassist/email folder so i can examine the code.

Sign in to reply to this post

dcb286193

Issue with mischief-maker

I have attached the files.

Attached Files
Archive.zip
Sign in to reply to this post

Jason ByrnesWebAssist

try changing the validation trigger to use the email address form element instead of the button press:

change:
if (isset($_POST["form_submit_x"])) {

to:
if (isset($_POST["emailAddress"])) {

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...