I have a form that is being spammed. The website provider forces that form on a page that can't be deleted (a registration page), so I can't suppress that page or the form. I can however add Html to the page.
Adding javascript to disable the submit button won't work because spammer bots don't run javascript.
The website provider offers a captcha plugin for a price. (So now I'm wondering if the provider is spamming the site so I will buy the captcha!)
Is there any way to roll your own non-javascript captcha?
Answer so far: no! fuhgeddaboudit
Most spam prevention is in the form processing script.
If you can't us JS on the front-end to stop spamming, then you need to work on the processing script.
One simple way to cut down some of the spam is to use a Honeypot field which is basically a hidden field that bot try to fill out anyway, and in the processing script you will say something like: if this field is filled out, then don't send the form, else, do send the form.
Related
I am wondering how I can place a small form/questionnaire inside a marketing email that I am sending out? With no php or javascript available I am wondering if there are ways this can be done.
Having tried this myself, allow me to share my experience.
There is nothing stopping you from actually making an HTML Form inside an e-mail, but there are many e-mail clients out there. Some of them block "interactive" HTML, in particular, buttons. And you need a submit button to send your data.
In my job, we have implemented a new feature that allowed users to sign confidential documents by clicking a button on their e-mail. The email had a simple HTML form with a few elements which identified the document to be signed. By pressing a submit button, the form did a POST submit to the server, opened the user's browser and directed him to the web site to sign. This worked for a while, until we had a customer using it via Outlook Web Mail. They claimed the system generated e-mails did not have a button they could push. After investigating, we discovered what I mentioned above. We ended up changing the button for a hyperlink. The information identifying the document now is attached to that link, and the link has been styled to look like a button. Links play well inside e-mails. Buttons don't. Hope this helps.
I have a Google Form that allows user to enter their information. After they submit the form, the data is inserted to a Google spreadsheet as a new row.
However I want to show a dynamic message right after the form is submitted, overriding the original "thank you" message. The new message would display the information they just filled in, with an number assigned to him.
For example, Mary filled in her data and submit the form. Since Mary is the 5th person to submit this form, the message shows her number as 5.
Is there any way to achieve this? I have been studying Google App Script and HTML service but I am not sure if this is the correct way.
Please note that we have already using email to send out this message for several years however user strongly suggest that showing their ID right after form submission would make lots of things much easier.
Thank you very much!
Update
I have been working on it and now I am able to make a web page that inserts a new row to a spreadsheet. But another question: How to publish the web page? When I open the "/dev" link it works fine; However when I open the "/exec" link it says cannot find "Index.html" and I am sure there is a file called Index.html.
There is no way to add a custom confirmation message for the current user of the currently open Form. You can run code to change the confirmation message when the Form is submitted, but changing the confirmation message when the Form is submitted won't take affect until the NEXT Form is opened, and that's too late. So the next person to open the Form would get the confirmation message of the previous user.
You would need to convert everything to a stand alone HTML App for something like that.
Google just released a new version of Google Forms. In the settings you can change the confirmation page message for respondents. You can save a link to a web page in the custom message. So if you can create a web page with the data you want displayed, you should be able to save the link in the custom message.
In order to achieve the above-mentioned goal, you need to get the Google form on your web page. No, I am not talking about embedding the form to your web page but to create a stand alone HTML page. The reason behind doing so is since Google is a third party website, editing any code in Google forms is not possible and there is no other way (at least I could not figure out Yet) to place custom thank you page URL for the Google Form. You can even remove certain codes in your HTML page to make sure it doesn't look like or says Google form. Basically, to have custom URL you need to replace
Code to be replaced for custom Thank you url in Google form
In case you are not a techie, Playing with codes might break the code.This step by step blog for customising Google form might help you.
Imagine that in a HTML file I have a disabled button. I might as well use Firebug to enable this button and so do the submission.
My question is: is there any way I disable this button and not allow this submission even when I modify the disabled property of the button in Firebug?
Should I always have to treat this problem on server side, thinking that this possibility could happen?
Yes, you should always validate server-side . The client-side validation is just to facilitate correction by the customer and provide interactivity with him, thus preventing him submit all data and only then discover the correct format or a missing field and then be forced to repopulate all the fields.
The form may have been easily incorporated into another web site and then the action of the form directed to your website or the user inject some malicious code/data in the form. (See: Wikipedia XSS )
Any malicious user can easily bypass a disabled HTML button to activate it by making Firebug or worse, even if you could prevent it, he can simply create an HTML page and point to your destination URL in the form action, or even without creating a page, make an AJAX request. He may even develop a tool for this using PHP with cURL (or sockets ) library or any other programming language like . NET using a WebClient/WebRequest or Java with HttpURLConnection which in both cases are exactly what a browser would do to request a page or send data to another... (And this task can be done in 5 minutes by any Junior Developer)
You should never rely on the user and should never consider client-side validation as a part of security flow, since by being client-side, any information from there can easily be manipulated as has exemplified above.
I am trying to add a hyperlink to an area of another website requiring login to view files. The target website will be a photo gallery website which then will be accessible on my website.
My question is this. Is it possible to encode login information into a hyperlink therefore bypassing login when hyperlink is clicked? Please let me know your thoughts.
Short answer: Client-side, this would be near-impossible, considering you cannot send form data via a hyperlink (though you can receive it, but then that gets dynamically added to the URL via method POST.) You can do this, however, by using Javascript by using a submit button (if the page doesn't have protection against csrf) which can dynamically inject parameters via a form, but then you would need a POST request cross-domain which is where my point with needing admin access comes in;
If you were to attempt to do this server-side, you would have to have admin access to both sites, certainly not just to site A. From then you can inject parameters into the hyperlinks via server-side scripting languages such as PHP or Python, which would then add the required information to the form upon landing on site B. But you must (must) be careful, this opens up the potential of a serious security compromise depending on how you allow users to log in to your site. Assuming it's yours. Either way, this is still a bad idea, which concludes to my
Shorter answer: No.
Can I send an email that contains an HTML form with one combobox, that upon changing the value a reply would be send back?
From the research I've made it seems that it is not possible...
http://en.wikipedia.org/wiki/HTML_e-mail
Is that true?
Thanks,
Eden
Yes it is possible.
But there are restrictions.Different mail clients and web mails behave in different manners.
For example, Yahoo web mail, upon submitting form brings up a dialog box which warns about sending some info outside Yahoo. You have to disable Javascript if you want your submission work properly, otherwise it doesn't send submit buttons by REQUEST (POST or GET).
In outlook express I checked and it works without any problem.
Because of this problem, I think it isn't recommendable to do form embedding inside email. I suggest to make a web form and send a link to it via email. Although by this approach you may lose some lazier users, but it seems that lose will be lesser than lose arising from problems of email embedded form submission.
Yes that is true. It is not possible. What you can do is provide a link to a webpage and do the combobox action on that website.
You can create a form in google docs and share it via 'email', I have tested it and it shown inline at-least in gmail.
https://docs.google.com/forms