CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Pass parameter to UDT in formbuilder

https://forum.cmsmadesimple.org/viewtopic.php?t=83355

Page 1 of 1

Pass parameter to UDT in formbuilder

Posted: Wed Aug 24, 2022 12:59 pm
by pierrepercee
Hello,

to protect my form i want to know time spent on page before submission. If this value is under 5 seconds then the form will not be send. Robots fill the form in a micro second perhaps.
UDT Integration->User defined tag to call before form is displayed the first time (only called once):
I created a UDT named 'debtime' with this code :

Code: Select all

$secondesdebut=time();
$smarty->assign('secondesd', $secondesdebut);
Now i can call a second UDT (named 'howmanysec'
Form submission
User defined tag to call during form validation

But i don't know how to catch {$secondesd} value in this howmanysec UDT. I can't pass param as usual. And I don't know if I can stop form sending inside my UDT

Re: Pass parameter to UDT in formbuilder

Posted: Wed Aug 24, 2022 1:22 pm
by Jo Morg
I would use the form validation UDT option:
Validation UDT. Set this for a form, and the UDT will receive all of the form's human-readable results. The UDT should do whatever validation it wants, and return an array with the first value being true or false (indication whether the form validates), and the second value being error messages (if any)
To store the timestamp for when the form was rendered I'd go for a session var that I would use to compare on the validation UDT. Mind you: that might stop bots for a while but, as most anti-spam measures, it can be shortcut by a few attempts made by a human assisted bot until it learns how to bypass the measure.
But still worthwhile trying as it may prevent spam for quite a long while.

Re: Pass parameter to UDT in formbuilder

Posted: Thu Aug 25, 2022 9:51 am
by brambaud
Hi,
To detect a robot, another basic method is to add a hidden field to the user.
if it is filled, it can only be by a robot, in which case the form must not be validated.

Re: Pass parameter to UDT in formbuilder

Posted: Fri Aug 26, 2022 6:56 pm
by pierrepercee
Hello Jo Morg,

Thanks for the session var I will give it a try !
No doubt it is possible to bypass such a protection, but it is much less trivial than a simple hidden field.

@brambaud
This form already contains hidden field. Honeypot was very efficient some years ago, today.... not really.

Re: Pass parameter to UDT in formbuilder

Posted: Sun Aug 28, 2022 6:52 pm
by pierrepercee
Hello,

You don't need to use UDT validation.
Create two UDT:

First one :

udtone

Code: Select all

session_start();
$secdebut=time();
$_SESSION['debut60mn']=$secdebut;
Call it here : UDT Integration->User defined tag to call before form is displayed the first time (only called once):

Second :
udttwo

Code: Select all

$debsec=$_SESSION['debut60mn'];
$last=time();
$totsec=$last-$debsec;
if ($totsec < 4){
echo "<h1>You completed this form in less than 4 seconds. That's too short a time for a human, even a very fast one. This form was therefore not sent, sorry. </h1>";return array(false);}
else
{return array(true);}

Call it here:
Tab : Form submission
->User defined tag to call during form validation

That's all. Works like a charm ! :)

Many thanks Jo Morg for the session var idea ! ;)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited