PDA

View Full Version : Required Value-- Conditions?



cass*00
19-Apr-2006, 03:24 PM
Hi everyone. I am setting up a form where one of the fields (Authorization Code) requires a specific value. For example, the auth_code needs to equal YBI123. How do I set up my form to include this requirement? I tried to do a condition, but I could not get it to work correctly.

schwim
19-Apr-2006, 05:49 PM
Hi Cass,

Does the value change per user or is it something that never or rarely changes? If it doesn't, then I would think you need to use javascript to force the condition.

thanks,
json

cass*00
19-Apr-2006, 06:10 PM
Json,

Thanks for your quick response. :o The value will never change. They either have to input the correct value, or they cannot complete the form.

Thanks,

Cass

schwim
19-Apr-2006, 06:31 PM
Hi Cass,

This is a hack job from an email validation script, but I think it will work. If it doesn't, let me know and I'll look around again for something else.

In the body of your template, place this code(change "yourauthcodehere" to whatever the actual authorization code is):



<script type="text/javascript">

var authfilter=yourauthcodehere

function checkauth(e){
var returnval=authfilter.test(e.value)
if (returnval==false){
alert("Please enter a valid authorization code.")
e.select()
}
return returnval
}

</script>
then inside the submit button you need to add this right after type="submit": Note, that in this code, I've assumed that the name for your textarea is called "authcode". Change it to whatever you've named your entity for the authorization code:



onClick="return checkauth(this.form.authcode)

If this does work, you should consider moving the javascript to a non-readable directory and calling it with an include from a .php template, since your auth code will be sitting right in plain sight if they view the source code!

Hope this works for you,
json

I'm a moron. Even if we use an include to pull the info, it will still be in your source code. An option for this is scrambling that particular code with yet another js script. We could do this all day :) First, let's see if it works though.

cass*00
19-Apr-2006, 07:01 PM
Json,

You're not the moron-- I think I am. ;) I followed your detailed instructions and it's still not working.

schwim
19-Apr-2006, 07:20 PM
Hi Cass,

When I get home tonight, I'll try a test script. You probably didn't do anything wrong. I think maybe the authtest is flawed, but won't know until I try it.

I'll let you know as soon as I've gotten a chance to look at it :)

thanks,
json

cass*00
19-Apr-2006, 08:58 PM
Thanks for your help Json. I really appreciate it!

schwim
20-Apr-2006, 02:19 AM
Hi Cass,

Well, after a couple of hours, I cry uncle... I'm not too proud to do that :)

I can get it to work in a standard form, but when it's a form being used by FormMail, it doesn't work anymore.

I would invest more time in it, BUT, it would be a lot of time invested in something that was rediculously easy to be circumvented. Any clientside verification process can be tanked by the users disabling javascript in their browser. For that reason, I wouldn't suggest that you spend much time on this route. I was hoping for more of a temporary band-aid.

That being said, I think there are another possibility:

You could take care of the verification process before you go into the form via php. A page that would ask for the user's information and check the auth code, which would also act as the form mail template. If you're FormMail in a multiform configuration, FormMail isn't called until the second form page. So the first page is a normal php file, and can check the validity of the auth code before invoking formmail. If you're using FormMail in a single form configuration, you could use the call to FormMail as a cofirmation page, to give users the chance to double check their information before submitting their information.

Did that make sense at all? If you're interested, and nobody smarter than I solves this problem for you, I'll write a php script that you can use as an entrance to your form that would check your auth code before allowing them to continue.

I'm sorry you waited this long to find out I've got bumpkis for you :( The road to hell is paved with poor code, I guess :D

thanks,
json

cass*00
20-Apr-2006, 03:42 AM
Json,

Thank you very much for all the time that you put into this issue. What you said makes a lot of sense, and I do understand it. However, if I had to write the code myself, it would take about.......3 years. :D

If you wouldn't mind, I could use your assistance with developing the code. My form is a single form configuration.

Don't think that you took too long-- long to me is months. :)

You're absolutely right, the road to hell is paved with poor code! I'm just glad to know that I was justified when I thought this issue was a mind boggler.

Thanks again,

Cass

crabtree
20-Apr-2006, 03:57 AM
if you don't care about it being easily circumvented, use conditions in your html

i believe the latest version of formmail allows you to put conditions on the server side in an "INI" file. this means it cant be seen and so its safe.

I think this condition should work ok:


<input type="hidden" name="conditions1" value=":@TEST@authcode ~ /^YOURSECRETCODE$/@Enter the correct auth code@" />

cass*00
21-Apr-2006, 03:10 PM
Thanks for the tip. I tried this originally and it did not work.

Can you set a condition and a required field, or do you just use one.

cass*00
21-Apr-2006, 04:06 PM
Okay, I just uploaded the most up-to-date version of formmail. I tried to do a condition just to make sure that they do work for my form, but it did not work. Featured below is what I typed; did I do it right?


<input type="hidden" name="conditions1" value=":@TEST@email@Please provide an email address.@">

crabtree
21-Apr-2006, 08:44 PM
that looks right. so, something else must be wrong. can you post your forms url (or private message me if you want privacy)

you can have both required and conditions but i remember reading a thread that said its best to not use required if youre using conditions

i think the reason was because the order of testing means the user gets partial error messages instead of the whole lot in one go....or something like that