Contact form test in IE
Posted: Tue, 2007-01-16 15:42
Can one of you fine, fine moderators test my contact form in IE? I've installed the contact form by Mike Cherim and Mike Jolley. 
I can make it work in any Mac browser but for windows I am using an emulator (Virtual PC) so I get this error:
Quote:
Referrer Missing or Mismatch: It looks like you


Moderator
Posts: 9209
Joined: 2004-06-30
Location: Milton Keynes
Your tabindex is seriously
Posted: Tue, 2007-01-16 17:45
Your tabindex is seriously screwed
I'll fill it in in FF 2.0.1 Win and IE7 Win (yes, I'm now legal and can get IE7!)
Moderator
Posts: 9209
Joined: 2004-06-30
Location: Milton Keynes
FF 2.0.1: Referrer Missing
Posted: Tue, 2007-01-16 17:47
FF 2.0.1:
Referrer Missing or Mismatch: It looks like you
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
You cant link directly to
Posted: Tue, 2007-01-16 17:51
You cant link directly to the page as it messes up the referer tracking which if this is similar to the NMSFormmail script requires the referer to be a previous page from the site/domain
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
Nope just tried again
Posted: Tue, 2007-01-16 18:01
Nope just tried again jumping from your index to the form, you've made a mess of your referer settings in the script probably not set to your domain.
Oh, er, left a message that you may want to delete
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
Hugo wrote:Nope just tried
Posted: Tue, 2007-01-16 18:28
Ah. I'll check the script.
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
OK, the script was checking
Posted: Tue, 2007-01-16 19:29
OK, the script was checking the referrer to disable spammers from using the form, I suppose.
It was reading the $_SERVER['HTTP_REFERER'] as http://www.***.com/contact/ (with the trailing slash but was reading form location as http://www.***.com/contact (without the trailing slash. Or was it the other way around?
Anyway, it looks like it's working now. Anyone want to throw up a test email for me now?
Thanks for all your suggestions.
Man, that tab index is really screwed, ain't it.
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
yep it's working, in future
Posted: Tue, 2007-01-16 19:49
yep it's working, in future please sort out the pre-pending/appending of slashes correctly in the first place
tabindex seem ok ?
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
Hugo wrote:yep it's working,
Posted: Tue, 2007-01-16 19:51
Hey, blame Mike Cherim!!!
Thanks for your help and your super secret email message.
Yes, the tab index should be better now as well. There was a conflict between the contact form and the comment form. (both had a 4 and a 5).
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
Sounds as though this script
Posted: Tue, 2007-01-16 20:02
Sounds as though this script was probably/possibly loosely based on the legendry NMSformmail script that has a referer setting in configuration options
Sounds painful having to echo every variable to find the problem.
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
Hugo wrote:Sounds painful
Posted: Tue, 2007-01-16 20:10
Actually, I just did the two in the if statement before the error message. I tell my self a million times a day to quit exaggerating things.
I guess the blame goes to Mike Jolley as well they are listed as co-authors.
Here's a link to the script if you'd like to peruse it: http://www.blue-anvil.com/archives/secure-and-accessible-php-contact-form-for-wordpress
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
I did have a quick peruse of
Posted: Tue, 2007-01-16 20:33
I did have a quick peruse of Mike Cherims page about it, I'll have to dowmload it and pick it apart , it does seem to work pretty well and has some nice touches, not sure that it offers a level of security over NMSformail which you could drop into a WP page I guess.
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
OK, here's another question.
Posted: Wed, 2007-01-17 14:01
OK, here's another question. Why did it work for every single Mac browser and none of the Windows browsers? Mysterious!
Moderator
Posts: 12570
Joined: 2004-06-06
Location: London
That is a very good
Posted: Wed, 2007-01-17 14:23
That is a very good question, as it technically didn't rest with the OS/browser being used, I have not the foggiest notion of the reason, well the tiniest very dim kernal of a thought burried deep in an addled mind, but can't formalise it, it will have something to do with the OS and the fact that they are different
Does/did/would it have also worked on linux/bsd? Windoze does allow a lot of silly things that go against RFCs such as spaces in folder/file names. Somewhere there is a fundemental difference in how Macs and Windoze return the referer?
Yeah ok I'm clutching at straws and doing nothing for my already implausible credibility.
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
Hugo wrote:Somewhere there
Posted: Thu, 2007-01-18 14:17
Makes sense to me.
Enthusiast
Posts: 127
Joined: 2005-08-26
Location: Nottingham NH
Mike's Response
Posted: Tue, 2007-02-13 22:49
Oh yeah, blame me and poor Mike
The issue with slashes, www, or anything related to that causing referrer mismatch errors should be a thing of the past... though I think that was addressed back in November so I'm a bit confused. It no longer comes up by people seeking support.
---
Just for the record, the two errors that do display the email are for accessibility (some people do hide referrers and those with cognitive disabilities or non-native language speakers might have difficulty with the anti-spam question) but it shouldn't be an issue.
One reason is that 'bots should trigger other errors before they get to those, and, two, I don't think the bots know the form didn't send. It submits and they move on. I don't think they realize (read) the message or scour it for emails, and if they learn to, each installation of the form is unique and it is unique for each user as well. This was done to mitigate the chances of distributing an exploit if one is noted. The script would have to be modified for each instance.
The submit for email thing is sort of like I have provided with this script: http://mikecherim.com/experiments/php_email_protector.php (which is used by GAWDs to protect member emails). Seems to work pretty good. The contact form uses the same principal, but is much deeper in the process.
In other words, the email, while it does come up in two errors, isn't really on the web per se or susceptible.
Not sure if that helps but hopefully it does. It is tough balancing security concerns with those of accessibility.
Cheers.
Mike
Portfolio|Experiments|Accessites|GrayBit
Moderator
Posts: 5286
Joined: 2005-02-03
Location: Pennsyltucky, USA
Mike Cherim wrote:Oh yeah,
Posted: Wed, 2007-02-14 02:05
Heya, Mike! Thanks for the information and the mail form. Since you don't come around too often we will blame you for everything (if you don't mind).
Enthusiast
Posts: 127
Joined: 2005-08-26
Location: Nottingham NH
Triumph wrote:Heya, Mike!
Posted: Wed, 2007-02-14 04:04
Hehe, sure, that's cool
Portfolio|Experiments|Accessites|GrayBit