First off, I'm running WFFM 2.3.0 rev.130118.
I have a form with a Captcha field. If I set the Captcha field to display all the time, everything works fine. If the Captcha field is configured to display if certain Detection Thresholds are met, as far as I can tell, the Captcha is never displayed.
Here is a screenshot of the Detection Threshold dialog:
I say "as far as I can tell" because it may be a bit difficult to replicate "suspicious form activity" in your local dev environment. However, as you can see, I've set the visitor submission values to 3 times in 5 minutes. If I then go and submit the form a number of times beyond that threshold, I'm never presented with a Captcha.
Beyond the Captcha field, it's a basic contact us form with 4 text fields, nothing fancy and WFFM is effectively a "stock" configuration.
Anyone have any ideas?
I found the problem, it had to do with the form and its fields having multiple language versions.
Essentially, the site supports multiple languages but I only added a en-US Captcha field and forgot to translate for each supported language.
Even though 3 out of 4 fields involved are shared(Field Link, Required & Parameters) and Title isn't even being utilized in this case, Sitecore assumes the context language and if you don't have a translated version of that field, the intended functionality never gets triggered.
Related
I am working on some custom Redmine reports. In the generated report, there are numbers that represent things like "number of issues moved to Development during Q3 2013". The report generator knows the issue id of every issue that matches that criteria.
Is there a way to construct a Redmine URL that shows a list of all issues given a list of issue ids? For example, something like (this doesn't actually work):
http://redmine/projects/example/issues?ids=1234,1239,1245
This is similar to existing feature requests such as http://www.redmine.org/issues/10828 but I'm looking for the user-facing HTML version, not an API function. The idea is to allow the user viewing the report to click on the number and to see the corresponding list of issues.
The solution I ended up with was to include the list of issues in a <div> for each number in the report that the user could click on. Then, when the user clicks on a number, the corresponding <div> is displayed using a jQuery UI dialog.
This is not the same as using the Redmine issue list screen to show the issues. However, for this purpose it works well enough.
No, this is not implemented. But for me it should never be necessary in the Gui.
My Solution would be : Build the adequate query. Eventually this will need the addition of a field in Redmine and backporting the information from your tool to Redmine. Generally the need for this feature shows your bug tracker lacks some information that he should track.
I have a long form that I want to break into multiple pages.
I am evaluating between two options for presentation:
Present the form on multiple pages using the FormWizard
Present the form on a slider like CSS3 slider.
The slider is actually just one page long using CSS3 to give impression of slides. It floats all of the content areas next to each other, hides the overflow, sets page width to say 500% if we have 5 slides, and moves the left-margin -100% to show the next slide. So it is all one page but seems like the form is being shown on sliding pages.
To me the advantage of slider approach is that there is only one form and the user submits the form only once at the end of slides and thus can go back and forth to make changes.(This is will be a common case).
Versus having mini-Forms for FormWizard and submitting them after each page. To me, FormWizards seems complicated especially if the user wants to change any of previous page responses. I also need FileField on my form pages and it seems like FormWizard accepts FileField only on the last page.
However, I have not seen many folks use this sliding forms (CSS3 or JScript one) approach. Hence, as a newbie, I am wondering if there are some obvious pitfalls of doing this?
I can only write about FormWizard as I have used it before. According to 'Handling Files' section of Django documentation which can be found in
https://docs.djangoproject.com/en/dev/ref/contrib/formtools/form-wizard/
a FileField can be used in any step of your FormWizard implementation. What I found really helpful by using FormWizard from Django, is that it provides you all the standard functionality of Forms. That means that you can easily create and manipulate forms, validate fields in each step, etc. I am not aware of how CSS3 slider accomplishes validation, but I guess that validation should take place on client side.
Additionally, Django's FormWizard uses either a Cookie storage backend, or a Session storage backend in order to store information, which makes the navigation between steps and modifying previous stored data pretty trivial.
I hope I helped you in your decision! A lot more information can be found of course in the Django documentation of FormWizard in the link I provided above.
I am blocking a huge number of bots, except the ones from search engines, and then only allowing 2seconds of session management.
However, spam bots are still able to by-pass these measure and create a huge number of requests which is 'killing' the server.
I have read other articles on this site but none seem to directly answer this issue.
A bot probably behaves faster than a human. You could time how long it takes them to fill out the form. Anything less than a second or two is a bot.
A bot probably doesn't have JavaScript turned on. You could use that to your advantage.
You could hide a link via css (or not give it any text) that takes the bot to a bot.cfm page, which could then set a session value.
There are some open source projects but I can't remember the names of them off the top of my head.
CF10 has a new validation function.
Ben Nadel has written some useful posts in his blog regarding spiders/bots.
http://www.bennadel.com/blog/1083-ColdFusion-Session-Management-And-Spiders-Bots.htm
http://www.bennadel.com/blog/154-ColdFusion-Session-Management-Revisited-User-vs-Spider-III.htm
For forms, I use <cfimage> to create a captcha image. I have found that stuffing the captcha phrase in a session variable can cause problems (I can't remember what the problems were though). So, I now use <cfencrypt> to include an encrypted phrase in the form itself. The action page decrypts the phrase and compares it to what the user put in the captcha form field.
I've found CFSPAMProtect to be very useful at blocking automated form fillers.
It bases its SPAM/HAM test on an aggregate score of a number metrics including time on page, mouse movement (via JS) as well as the classic hidden form fields that shouldn't be filled in (but are filled in by dumb robots).
You can assign your own weightings and monitor the SPAM catch via email to allow you to tailor things.
It can work on its own or link to some third party SPAM tools such as Akismet.
So far I've found that it's good enough on it's own.
It's a custom tag and easy to implement in existing forms too which is nice.
Give it a go...
Is it feasible to have a form in WFFM that has multiple "screens"? For instance in the first "screen" you enter some information and click NEXT, then the second "screen" asks you to confirm the information you entered in the first screen, and then the user clicks SUBMIT and the action (i.e. saving to DB) is performed.
Thanks,
FG
This kind of functionality is not supported out of the box. Whenever we run into cases like this we tend to build our own custom forms using standard .net functionality. I guess this would be the way to go for you aswell, since you will have more control over the behavior of different elements. WFFM is a good module but for special elements as you describe above you could best build your own custom code.
I am running ColdFusion MX, so I don't have the possibility of using the built-in cfimage Captcha functionality in my application, before form submitting.
But the problem is without captcha the bots submit the forms.
What will be best way to prevent automatic submitting?
Captchas don't have to be images!
Try one of the following solutions:
Most bots don't understand CSS. Create two submit buttons, the first with a value that will be rejected by the server, the second with a value that will be accepted by the server. Hide the first one using CSS.
Ask the user to answer a simple math problem. This will require you to create the math problem and store the expected solution somewhere (like the user's session), then compare the user's submitted answer with the stored answer. For extra protection, you can create simple addition, subtraction and multiplication questions. Avoid division, remainders are a pain for some users.
Bots read the names of form elements, and tend to ignore text labels. Try creating a checkbox named "optout" (like a newsletter), checked by default. Next to the checkbox, ask the user to uncheck the checkbox if they are a human. The opposite technique also works (unchecked checkbox that you ask the user to check).
All of these solutions can be done without third party code or API calls.
That being said, reCAPTCHA is pretty good and easy to integrate into almost any environment.
Take a look at cfformprotect - it will work with CFMX 6 and all later engines.
It aims to be fully accessible - and invisible to most users - with an assortment of methods to stop bots and spammers.
Also you might want to look at a CF wrapper for reCaptcha, which is compatible with CFMX 7.
A technique I used with a different technology was to use image buttons. Your POST handler gets the x,y co-ordinates where the images were clicked. I found the bots (which are just generating post requests) were passing 0,0 and by dropping those requests on the floor I brought the spam posts down to less than the real ones. Sorry that I don't know how to do that in CF but I hope the technique is useful to you.
Its always a good idea to do data validation on the server side before processing no matter which solution you use.
This post may help: http://www.bennadel.com/blog/405-Fully-Accessible-Spam-Form-Submission-Blocking-Using-ColdFusion-And-X-HTML-Version-III-.htm
How about using calculation method? Just like 8 + 5 = ?
OR
how about using ColdFusion.Ajax.submitForm?