Comments on: ProcessForm/NateMail 4?

By: Faruk

Faruk — Sat, 15 Nov 2008 23:19:13 +0000

Hi Nate,

I love your code and have been using it for all my needs. It would be nice to have a Ajax form as an option. And the other option would be to offer a security option that some other sites are using like what is 2 +4 instead of the current security code. I found with the current code, if the user makes a mistake (not with entering the code ) page goes the list the error message and then when you come back to the form page, security code stays the same therefore it does not work as it also needs to be refreshed and most users have no idea why they have to refresh/change the code again. This is some thing you have have to look in to.

Looking forward to see v4

By: Dawn

Dawn — Mon, 05 May 2008 17:57:04 +0000

Hi Nate -

I love your script and have been using it a couple of years. The only enhancement I’d like to see is customized error pages. I’d love to be able to apply simple customization as we’re able to do with the confirmation page. That’s it! Can’t wait to see the update.

Thanks again, Nate!

Dawn

By: admin

admin — Tue, 01 Jan 2008 18:06:55 +0000

Hi Al - most likely, the spammer isn’t using your for (assuming that’s where you have the maxlength set for the field). It’s much easier for them to make their own form and submit directly to the script (spoofing the referrer headers), which would by-pass any protections you’ve put in the form page. To force entries to at least go through your form initially (and eliminate most bot-submitted spam), you’d need a security confirmation image, like this one:
http://www.mindpalette.com/tutorials/captcha

Otherwise, might want to take this to the support forum:
http://www.mindpalette.com/forum

By: Al Guevara

Al Guevara — Tue, 01 Jan 2008 07:58:49 +0000

Hi Nate
Possible exploit found on your ProcessForm.

Nate, one of my processforms seems to be exploited, somehow spammers are defeating the maxlenght=”" and submitting as much as they want even though I have it set to a fixed amount and under 30.

Im saving said email responses when I discovered this, and will let you do whatever you need, login, etc) to get at this exploit.

Hope to see you back soon.

Al Guevara

By: Al Guevara

Al Guevara — Thu, 20 Dec 2007 01:22:44 +0000

Multiple page forms (for L O N G forms)

By: Mike D

Mike D — Sun, 02 Dec 2007 20:18:22 +0000

Sorry for the slow response!

I was speaking in general. Since I’m not a programmer I’m not aware of what security measures could be updated, but in reading your notes on ProcessForm 3.0.14, you say that this script is generally not intended to be used for sensitive information. So I was referring to something that can not be read/viewed by any outside source.

Once again I’m looking forward to Version 4.

By: vinhbui

vinhbui — Tue, 27 Nov 2007 04:24:27 +0000

thanks

By: Nate Baldwin

Nate Baldwin — Sat, 17 Nov 2007 02:57:47 +0000

Thanks Mike - mind if I ask what kind of updated security measures you’re referring to (if you had anything specific in mind)?

By: Mike D

Mike D — Sat, 17 Nov 2007 01:18:05 +0000

Your last Script is a great addition for using Forms. Love to see you develop a more updated ProcessForm Script. It would be very nice if you could develop one that has more up-to-date security measures… Don’t see anyone else making a secure script that has the user friendly script like ProcessForm.

Looking forward to the new release. Sign me up once it’s done!

Thank you,
Mike D.

By: Petran

Petran — Wed, 14 Nov 2007 07:19:16 +0000

Hello Nate

If there is a safe way to give visitors an automated reply after they have submitted the form, that woul’d be nice.
I’m looking forward to your new script.

regards,

Petran