Custom Form Mod

[Jaymjaym]

Jaymjaym, did you check your site logs or your forum logs? what kind of errors are you getting if any?

I don't see anything in the forum logs, and this is what I'm seeing in the site logs:

[Wed Jan 13 08:47:53 2010] [error] [client xxx.xxx.xxx.xxx [nofollow]] File does not exist: /home/xxx/public_html/406.shtml, referer: http://cn-gondor.net/forums/index.php?action=form [nofollow]

[bros]

Have you compared your language files to the install?

Using SMF's parser for the 2.x version of the mod http://custom.simplemachines.org/mods/index.php?action=parse;mod=1279;attach=122917;smf_version=2.0_RC1.2

Modifications.english.php and Help.english.php should be edited in the language folder of the default theme and if they exist then in any other custom theme you may be using. If those files aren't in the language folders for your theme then SMF is supposed to be pulling them from the default theme but sometimes this doesn't happen and you may want to copy the files from your default theme to any custom themes.

Yep I have the custom form stuff in default/languages/modifications-english.php

Custom themes don't have language folder and depend on default

[Garou]

Well try copying the languge files to the theme folder. I know its suposed to work anyway but sometimes it doesnt always work.

Other then that something must have not installed corectly. Compare the other files listed in the parser.

[bros]

I'll just look through each file to see what might've been left over from a previous install.

[xterreur]

Hello

A user kept getting 'Hacking attempt' when filling out the form, this goes for the application form for my World of Warcraft guildwebsite

I run SMF 1.1.11 with TinyPortal beta4 and Custom Form Mod 1.6

This is the error message found in the logs:

Code Select Expand


Hacking attempt...

INSERT INTO system_messages
(ID_BOARD, ID_TOPIC, ID_MEMBER, subject, body, posterName, posterEmail, posterTime,
posterIP, smileysEnabled, modifiedName, icon)
VALUES (4, 0, 35, SUBSTRING('Application: Goldiedixie, 80 Warlock', 1, 255), SUBSTRING('[b]Character name:[/b] Goldiedixie
[b]Class:[/b] Warlock
[b]Applying for role:[/b] DPS
[b]Armory Link: [/b]
eu.wowarmory.com/character-sheet.xml?r=Blade%27s+Edge&n=Goldiedixie

[hr]

[b]Where are you from?[/b]
Poland

[b]How old are you?[/b]
17

[b]What is your current occupation?[/b]
School

[b]How good would you rate your computer? Do you ever suffer random disconnecting or crashes?[/b]
my computer is pretty good, but I sometimes suffer disconnects etc, but that\'s rare

[b]What addons do you use? And why?[/b]
Quartz - casting bar,
Deadly Boss Mode - for boss encounters, Gladius - arena,
Recount - DPS and some arena addons liek spellalert etc.

[b]Do you have ventrilo, a working microphone, and are you not afraid to use them?[/b]
yes

[b]In what guild are you in now or have you been before? Why did you leave?[/b]

im in Guardian now, but im there as an alt of my brother who is a raider there and they dont seem like they want me on raids or they dont like the fact that we\'re brothers - the prob is that my brother told them to inv me to their guild as his alt so that i coudl alwas find team for randoms etc. and now they dont want to take \"both of us\" to the raids - told the whole truth, want everything to be clear

[b]Do you see yourself as a experienced player?[/b]
hmm, as a warlock, yes

[b]Please list all the raids you have experience with.[/b]
Ulduar, ToC, ICC mainly, abit Naxx.

[b]If an officer wants to have a talk with you, and tells you that you were underperforming, how would you react?[/b]
I\'d tell him that I\'ll try to improve as much as I can

[b]We normally raid 4 or 5 times per week from 19:30 till midnight realmtime, will you be able to at least make 3 of them?[/b]
yes

[b]Please explain the Lady Deathwhisper encounter in YOUR OWN WORDS[/b]
The tactics I know is taht we stand behind her, tanks are tanking adds and dps are killing adds (melee-anhedrents/something like that and casters fanatics) untill her mana shield fades. we should avoid death and decay(or what\\'s that?)  and CC the controlled by her players. IN phase2 we should be aware of the ghosts

[b]What loot system do you prefer?[/b]

Loot Council, dont really like DKP


[b]Do you know any of our members?[/b]
Not personally but I saw Terreur doing some dungeons with my brother and I was really impressed

[b]What do you expect from ACP and what can we expect from you?[/b]
I expect good fun with friendly players, maybe some raiding. You can expect best dps that I could pull with my gear and firendly player from my side


[b]What do you feel your class and spec bring to the raid? Do you feel like you need to explain some talent choices in the spec you have chosen?[/b]
My class brings nothing but D P S! Thats clear I think :) (Oh, maybe the demo buff, but? ow, and some soulstone and healthstone!)

[b]Are you willing to change your talent spec to help the guild, and if so, do you have gear for any off-specs already?[/b]
If guild needs me in other spec Im ready to change but im most skilled in destro/affi so the learing of demo could take me 1-2 days

[b]Please explain the reasons behind your choice of professions.[/b]
Tailoring - for Lightweave on back and enchanting for ring enchants + making some cash some time ago

[b]Is there anything you would like to add?[/b]
Not really, just that I think that I\'m kinda \"in\" my class and I thnik that I pull close to MAX DPS that could be pulled with that gear  (copied from my old-site application) 
', 1, 65534), SUBSTRING('Goldiedixie', 1, 255), SUBSTRING('[email protected]', 1, 255), 1263676747,
SUBSTRING('83.26.223.139', 1, 255), 1, '', SUBSTRING('xx', 1, 16))
File: /home/c9556hcp/domains/acp-guild.com/public_html/site/Sources/Subs-Post.php
Line: 1539


I have no idea what went wrong.. 

Any ideas?

edit
To clarify some stuff, when he entered 'test' in every field all went fine..

[Garou]

In several places he tries to enter stuff like

Code Select Expand

we\'re
I\'ll
I\'m
\"in\"

Traditionally something like that is only used in some programing languages to escape characters so a program can tell the difference between text and actual code. There is absolutely no need to escape characters like that when posting to a forum like this.

Essentially the forum is thinking someone is trying to use a 3rd party script to insert malicious code into the site. In looking at what hes written I dont think this is the case however I do see...

Code Select Expand

', 1, 65534), SUBSTRING('Goldiedixie', 1, 255), SUBSTRING('[email protected]', 1, 255), 1263676747,
SUBSTRING('83.26.223.139', 1, 255), 1, '', SUBSTRING('xx', 1, 16))

That bit actually is code and I dont know if it was intentional, something from the error code, or what but that could be a problem for you to consider. 

[xterreur]

This is indeed true, though he said when he tried to post it that he got a DB error, so he hit back in IE and tried again which led to this error, and he kept refreshing

Is is possible to first strip all slashes and then add where needed again? To avoid it happening again..

[Garou]

Try it with out the slashes and if there is a DB error again let me know what it is. Also what database software you are using and version.

The issue with escaped characters came up once before but I couldn't find a quick answer as to why and the more I thought about it I decided that most human users wouldn't use escaped characters, however a spam bot or hacker very well could. It made for an interesting unintentional security feature so I chose not to pursue the matter further.

I am concerned about the database error that led to all of this to begin with though. Any information about that could be helpful in tracking down a possible bug. If it cant be reproduce it could just be a fluke caused by a hiccup in your server at the time.

[Jaymjaym]

Jaymjaym, did you check your site logs or your forum logs? what kind of errors are you getting if any?

I don't see anything in the forum logs, and this is what I'm seeing in the site logs:

[Wed Jan 13 08:47:53 2010] [error] [client xxx.xxx.xxx.xxx [nofollow]] File does not exist: /home/xxx/public_html/406.shtml, referer: http://cn-gondor.net/forums/index.php?action=form [nofollow]

Any idea what's happening here, or have I missed something that's sitting right in front of me? 

[Garou]

If everything installed right then possibly its being cause by the problem with the msg icons in 1.1.x or possibly the form wasn't set up correctly? When a forms title fields are not set up correctly, for instance you cant use capital letters, spaces, or special characters... it has been know to cause a variety of odd issues with the mod.

Outside of that I keep coming back to it being an issue with the host running ModSecurity on the server. There isn't anything I can do from here about that, you really have to talk to your host like I mentioned back in the other post.

[farao25]

Hello friends!!!
I want to ask you about  Custom Form Mod
a)Is there any way to make a form like this and use it when a member opens a new topic ?

b) if the answer is yes is there any way to force the members to complete all the form fields to apply for the topic ?
c) is there any way to send "Topic Title" or Artist + Album to another form in another topic and in that way to create an alphabetic list ?

Last but not least, due to the fact that I don't have any knowledge of HTML, XML, and PHP can somebody tell me how to do it ?

[jokesa157]

This mod is great for my clan apps. Im just having a little problem. I made all the required forms i just dont know how to make a submit button. Please check it out at my site and tell me what i did wrong. oh by the way i link it to a pic on the side of my forum so when they ckick the pic join us it will take them to the form. Also when they finish the app where does it go and how could i see who filled out the form. www.a157team.com/forum/ and the pic is in the join us. and this is the link to the form  http://a157team.com/forum/index.php?PHPSESSID=0ka1ah4knjd2inq7ub2c0l2q84&action=form;id=3

[Garou]

farao25 While there isnt anything in the mod itself to have the new topic button direct you to a form this is a a hack a user came up with to made it do just that.
http://www.simplemachines.org/community/index.php?topic=248871.msg2241024#msg2241024

You can currently force a user to complete all field types except selection boxed an radio boxes. by entering  "required" in the Extra Type Parameters field.

There is another user submitted hack that allows you to force your forms to post to multiple boardshttp://www.simplemachines.org/community/index.php?topic=248871.msg2235951#msg2235951

jokesa157 I went to your site and there is a save button at the bottom of the form, however there must be some sort of issue with visual verification on your site. Perhaps you have some mod that is altering captcha or something?

[jokesa157]

yeah that what i was thinking. Im going to ask the creator of the theme about the verification . That save button dont work it always tells me to fill the red * required  and i fill it out.

[jokesa157]

i changed the theme on my site to default and i see the verification letters and i register as a new member and it works and i go to the form and fill out but the form says the same thing. one more thing how do i link the form to go to a topic on the forum. I have a board that is named join us and thats where i point it to go but its not there. www.a157team.com

[farao25]

thanks  Garou !!
now can somebody help me step by step to make the form just like the picture i posted above ?
Also
c) is there any way to send "Topic Title" or Artist + Album to another form in another topic and in that way to create an alphabetic list ?
Thanks in advance.

[Garou]

jokesa157, I just pulled up the source code on your form and you are not following the recommendation for the "Title" field listed as described several places here in this thread and in the help file in the mod.

This is the title that will be used to access the user input from this field, when the forum post is displayed.

Note that the "title" field is only seen by admins and not general users, it is only used to designate where the users input from the form is displayed when it is posted in the forum. For best results keep the titles short, all lower case, and do not use special characters like # & * @ [ etc.

Example: name, username, and user_name will work fine. If the title is "User Name" the information the user types in the form will not be displayed in the forum post.

Something like "X-Fire name" is going to cause the mod not to work right. The way yours is failing is just one way, then there is what I listed in the help file, and there are a variety of issues other people have had.

You could use something like xfire or x_fire_name or xfirename. That is just one of them I pulled up but every single title field on your form is messed up like that.

farao25 this is a tutorial another user wrote long ago. http://www.simplemachines.org/community/index.php?topic=248871.msg1633514#msg1633514 I need to get and update it as there have been new features added to the mod but this along with the help files in the mod should give you the gist of it.

Also I have a demo form up on my site http://smf.balancegames.net/index.php?action=form;id=1

Step by Step instructions of what was entered to create the demo form is at http://smf.balancegames.net/index.php?topic=7.0 Looks like I need to update that with some newer features as well.

[jokesa157]

thanks for all the help. Ill work on it.

[Garou]

For those having issues using this mod on a site with ModSecurity... I almost for got about a fix presented by Elindris. http://www.simplemachines.org/community/index.php?topic=248871.msg2299541#msg2299541

./Sources/CustomForm.php and ./Themes/default/CustomForm.template.php
Search for...

Code Select Expand

action=form;id=
and replace it with...

Code Select Expand

action=form&id=
Note: there are multiple instances that need to be changed in the CustomForm.template.php

Ill have to test this on sites that do not run ModSecurity and if it works on both then it will become a permanent change to the mod in the future.

[Nvb]

I noticed something strange today:

When there is a lot of text added to a 'Large Text Box' i receive the following error when i modify the topic:
"The message body was left empty."

It is solved when i reduce the text added from the large text box.
So i guess this comes from a limit in the maximum characters allowed in the Large text box.
So, maybe a stupid question, but where and how can i change the "maximum allowed characters" in a large text box?

TY