Tue, 2007-01-16 15:42
Can one of you fine, fine moderators test my contact form in IE? I've installed the contact form by Mike Cherim and Mike Jolley. 
I can make it work in any Mac browser but for windows I am using an emulator (Virtual PC) so I get this error:
Quote:
Referrer Missing or Mismatch: It looks like you
Tue, 2007-01-16 17:45
#1
Your tabindex is seriously
Your tabindex is seriously screwed 
I'll fill it in in FF 2.0.1 Win and IE7 Win (yes, I'm now legal and can get IE7!)
Tue, 2007-01-16 17:47
#2
FF 2.0.1: Referrer Missing
FF 2.0.1:
Referrer Missing or Mismatch: It looks like you
Tue, 2007-01-16 17:51
#3
You cant link directly to
You cant link directly to the page as it messes up the referer tracking which if this is similar to the NMSFormmail script requires the referer to be a previous page from the site/domain
Tue, 2007-01-16 18:01
#4
Nope just tried again
Nope just tried again jumping from your index to the form, you've made a mess of your referer settings in the script probably not set to your domain.
Quote:
Form location specification:
This is done for you by way of a PHP code snippet, but if you have a problem with the form giving referrer mismatch errors during testing, it may be due to its location or in instances where you have custom URLs resulting from apache_mod_rewrite rules being in effect. If so, enter your absolute URL or relative path to the form page (shown in the nav bar on your browser) in place of the snippet used in the form_location variable.
Oh, er, left a message that you may want to delete 
Tue, 2007-01-16 18:28
#5
Hugo wrote:Nope just tried
Hugo wrote:
Nope just tried again jumping from your index to the form, you've made a mess of your referer settings in the script probably not set to your domain.
Quote:
Form location specification:
This is done for you by way of a PHP code snippet, but if you have a problem with the form giving referrer mismatch errors during testing, it may be due to its location or in instances where you have custom URLs resulting from apache_mod_rewrite rules being in effect. If so, enter your absolute URL or relative path to the form page (shown in the nav bar on your browser) in place of the snippet used in the form_location variable.
Oh, er, left a message that you may want to delete
Ah. I'll check the script.
Tue, 2007-01-16 19:29
#6
OK, the script was checking
OK, the script was checking the referrer to disable spammers from using the form, I suppose.
It was reading the $_SERVER['HTTP_REFERER'] as http://www.***.com/contact/ (with the trailing slash but was reading form location as http://www.***.com/contact (without the trailing slash. Or was it the other way around?
Anyway, it looks like it's working now. Anyone want to throw up a test email for me now?
Thanks for all your suggestions.
Man, that tab index is really screwed, ain't it. 
Tue, 2007-01-16 19:49
#7
yep it's working, in future
yep it's working, in future please sort out the pre-pending/appending of slashes correctly in the first place :rolleyes:
tabindex seem ok ?
Tue, 2007-01-16 19:51
#8
Hugo wrote:yep it's working,
Hugo wrote:
yep it's working, in future please sort out the pre-pending/appending of slashes correctly in the first place :rolleyes:
tabindex seem ok ?
Hey, blame Mike Cherim!!! I had to echo every variable to find the problem. 
Thanks for your help and your super secret email message.
Yes, the tab index should be better now as well. There was a conflict between the contact form and the comment form. (both had a 4 and a 5).
Tue, 2007-01-16 20:02
#9
Sounds as though this script
Sounds as though this script was probably/possibly loosely based on the legendry NMSformmail script that has a referer setting in configuration options
Quote:
@referers = qw(dave.org.uk 209.207.222.64 localhost);
Sounds painful having to echo every variable to find the problem.
Tue, 2007-01-16 20:10
#10
Hugo wrote:Sounds painful
Hugo wrote:
Sounds painful having to echo every variable to find the problem.
Actually, I just did the two in the if statement before the error message. I tell my self a million times a day to quit exaggerating things.
I guess the blame goes to Mike Jolley as well they are listed as co-authors.
Here's a link to the script if you'd like to peruse it: http://www.blue-anvil.com/archives/secure-and-accessible-php-contact-form-for-wordpress
Tue, 2007-01-16 20:33
#11
I did have a quick peruse of
I did have a quick peruse of Mike Cherims page about it, I'll have to dowmload it and pick it apart , it does seem to work pretty well and has some nice touches, not sure that it offers a level of security over NMSformail which you could drop into a WP page I guess.
Wed, 2007-01-17 14:01
#12
OK, here's another question.
OK, here's another question. Why did it work for every single Mac browser and none of the Windows browsers? Mysterious! 
Wed, 2007-01-17 14:23
#13
That is a very good
That is a very good question, as it technically didn't rest with the OS/browser being used, I have not the foggiest notion of the reason, well the tiniest very dim kernal of a thought burried deep in an addled mind, but can't formalise it, it will have something to do with the OS and the fact that they are different
Does/did/would it have also worked on linux/bsd? Windoze does allow a lot of silly things that go against RFCs such as spaces in folder/file names. Somewhere there is a fundemental difference in how Macs and Windoze return the referer?
Yeah ok I'm clutching at straws and doing nothing for my already implausible credibility.
Thu, 2007-01-18 14:17
#14
Hugo wrote:Somewhere there
Hugo wrote:
Somewhere there is a fundemental difference in how Macs and Windoze return the referer?
Makes sense to me.
Tue, 2007-02-13 22:49
#15
Mike's Response
Oh yeah, blame me and poor Mike
The issue with slashes, www, or anything related to that causing referrer mismatch errors should be a thing of the past... though I think that was addressed back in November so I'm a bit confused. It no longer comes up by people seeking support.
---
Just for the record, the two errors that do display the email are for accessibility (some people do hide referrers and those with cognitive disabilities or non-native language speakers might have difficulty with the anti-spam question) but it shouldn't be an issue.
One reason is that 'bots should trigger other errors before they get to those, and, two, I don't think the bots know the form didn't send. It submits and they move on. I don't think they realize (read) the message or scour it for emails, and if they learn to, each installation of the form is unique and it is unique for each user as well. This was done to mitigate the chances of distributing an exploit if one is noted. The script would have to be modified for each instance.
The submit for email thing is sort of like I have provided with this script: http://mikecherim.com/experiments/php_email_protector.php (which is used by GAWDs to protect member emails). Seems to work pretty good. The contact form uses the same principal, but is much deeper in the process.
In other words, the email, while it does come up in two errors, isn't really on the web per se or susceptible.
Not sure if that helps but hopefully it does. It is tough balancing security concerns with those of accessibility.
Cheers.
Mike
Wed, 2007-02-14 02:05
#16
Mike Cherim wrote:Oh yeah,
Mike Cherim wrote:
Oh yeah, blame me and poor Mike
Heya, Mike! Thanks for the information and the mail form. Since you don't come around too often we will blame you for everything (if you don't mind). 
Mike Cherim wrote:
Hmmm. Interesting idea. Very interesting. The submit for email thing is sort of like I have provided with this script: http://mikecherim.com/experiments/php_email_protector.php (which is used by GAWDs to protect member emails). Seems to work pretty good. The contact form uses the same principal, but is much deeper in the process.
Wed, 2007-02-14 04:04
#17
Triumph wrote:Heya, Mike!
Triumph wrote:
Heya, Mike! Thanks for the information and the mail form. Since you don't come around too often we will blame you for everything (if you don't mind).
Hehe, sure, that's cool