Password Protect the Form « HTML Form Builder Online , PHP Form Creator

This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 2

Password Protect the Form

Started 16 years ago by Saghalie | 12 posts |

Saghalie
Pro Member

Hi,

I'm trying to use the password protection for the form. I'm having no success at it. Is there a problem with the code? I select the password field, save the form and when I access it, fill in the form and press submit, it still adds everything in the database.

Posted 16 years ago #
yuniar

sorry, I don't really understand what you mean.

If password protection enabled, all users accessing your form will be required to type in the password.
If the password is correct, they will be able to submit it and adds everything to the database.
MachForm Founder

Posted 16 years ago #
Saghalie
Pro Member

The problem is that everyone accessing the form can submit it and add to the database without using a password.

It doesn't even ask for a password.

Saghalie
http://www.beautiful-beginnings.org

Posted 16 years ago #
Saghalie
Pro Member

Never Mind.

I've found the reason.

If I am still logged in to MachForm on my server and look at the form it lets me in. Even though I've defined a different password for the form.

Its a feature! Not a BUG!

Thanks,

Wawa Kopa Saghalie
http://www.beautiful-beginnings.org

Posted 16 years ago #
Saghalie
Pro Member

Found another "Feature" with this issue.

-- edited by admin ---
content hidden because this is a bug report.
shouldn't be available for public. the fix is available below.
----------------------

Thanks,

Wawa Kopa Saghalie
http://www.beautiful-beginnings.org

Posted 16 years ago #

yuniar

Saghalie,

You are right, this is a "feature". Ugh.

Here is how to fix it, edit your includes/post-functions.php, search around line 14-28:

//this function handle password submission and general form submission
if(isset($input['password'])){ //if there is password input, do validation
	$query = "select count(form_id) valid_password from ap_forms where form_password='{$input['password']}'";
	$result = do_query($query);
	$row = do_fetch_result($result);
	if(!empty($row['valid_password'])){
		$process_result['status'] = true;
		$_SESSION['user_authenticated'] = $form_id;
	}else{
		$process_result['status'] = false;
		$process_result['custom_error'] = 'Invalid Password!';
	}

	return $process_result;
}

Replace that whole block of code with this one:

//this function handle password submission and general form submission
//check for password requirement
$query = "select form_password from ap_forms where form_id='$form_id'";
$result = do_query($query);
$row = do_fetch_result($result);
if(!empty($row['form_password'])){
	$require_password = true;
}else{
	$require_password = false;
}

//if this form require password and no session has been set
if($require_password && (empty($_SESSION['user_authenticated']) || $_SESSION['user_authenticated'] != $form_id)){ 

	$query = "select count(form_id) valid_password from ap_forms where form_id='{$form_id}' and form_password='{$input['password']}'";
	$result = do_query($query);
	$row = do_fetch_result($result);

	if(!empty($row['valid_password'])){
		$process_result['status'] = true;
		$_SESSION['user_authenticated'] = $form_id;
	}else{
		$process_result['status'] = false;
		$process_result['custom_error'] = 'Invalid Password!';
	}

	return $process_result;
}

If the above code doesn't quite clear, use this:
http://mf.pastebin.com/f31d151c0

That should fix this "feature".

I'm packing this code into version 2 which should be released next week. So version 2 shouldn't have this "feature" again.

Thanks for the report.

MachForm Founder

Posted 16 years ago #

Saghalie
Pro Member

Thanks for the reply, fixed the code and now I get this error when I "Don't" put a password in.

Fatal error: Cannot use string offset as an array in <snip>includes\view-functions.php on line 317

When I put the password in, it works fine.

Saghalie
http://www.beautiful-beginnings.org

Posted 16 years ago #
yuniar

Hmm.. that's weird. I didn't get that error here.
Are you modifying the correct file includes/post-functions.php ?

The errors come from includes/view-functions.php line 317. What's the code in that line? or you can just send me the file.
MachForm Founder

Posted 16 years ago #
Saghalie
Pro Member

I have Version 1.2.

I re-copied the original includes/view-functions.php and still have the same problem.

Code:

<input id="element_{$element->id}_1" name="element_{$element->id}_1" class="element text" size="2" maxlength="2" value="{$element->populated_value['element_'.$element->id.'_1']['default_value']}" type="text"> /
and includes/view-functions.php is the only one of its kind on my server.

Mashie!

Saghalie
http://www.beautiful-beginnings.org/

Posted 16 years ago #
yuniar

Hmm.. that's odd.

Can you mail me and send me the following please:
1) includes/post-functions.php
2) includes/view-functions.php
3) The URL to your form so I can try it

Mail to: yuniar [at] appnitro.com
MachForm Founder

Posted 16 years ago #
Saghalie
Pro Member

Yuniar,

-Done..

Posted 16 years ago #
Saghalie
Pro Member

Yuniar,

Thanks for the fix! Everything is working great! Your service, as always, is awesome!

Posted 16 years ago #

RSS feed for this topic

Reply

You must log in to post.