Hi KK,

How can I protect the form from multi submissions or attacks on submitting? Normally with PHP I would generate a token that I would put in as a hidden field, upon submission if the post token did not match what was saved the form would not submit as the session wouldn't match. So upon submit, i would clear that token so if it tired to submit again the token would mismatch and the form would not submit.

So right now, someone can hit reload on my page and resend the form.

Another option would be to redirect the user back onto the contact form as if they just loaded it which would reset the form, clearing the data in the fields and such. I don't know how I would do this on a one-page site. Right now I have the name of the form set to the section the form is in on the one-page site so it goes back down to the contact form on submission.

This is a one page website.

Found solution on this thread:

viewtopic.php?f=4&t=7411

Decided to just set a success message right before the redirect that I added. This took me to the page, displayed the success message and sent the mail.

Since this is a one-page site, when you go to it it is just domain.com and when I use the contact form it redirects to domain.com/index.php#anchorname

Is there a way to omit the index.php? so its just domain.com/#anchorname

Another issue I noticed was my contact form message block is not holding line breaks and what not. If a message is submitted like this:

Hi John,

How are you, looking forward to working on these project's with.....

Thanks
Ben

The message comes through as:

Hi John, How are you, looking forward to working on these project's with..... Thanks Ben

Now in the message is one line. Also, the single quote in the message is okay and works but if I put a single quote in the subject field, it comes through as

test message's subject

[KK]

Hi jeminc .

1. The cms:redirect tag can be set to a hard-coded value to redirect to e.g.

Code: Select all

<cms:redirect 'http://domain.com/#anchorname' />

2. Are you by any chance sending richtext mails (can be done by setting 'html' parameter of cms:send_mail)? If so, then you'll have to add <BR> tags to effect the linebreaks.

Hope it helps.

Hi KK,

Okay, I changed the line:

Code: Select all

$mail->isHTML(true);

to false and it now holds the return in a message. However, the single quotes are not coming through as single quotes. For example I fill out form:

Subject: Today's Meeting
Message:
Hey Joe,

This meeting was fantastic!

I look forward to the next one, and all your new idea's!

Regards,
John

It comes through to my email (office 365) and I am using the PHP Mailer to SMTP through Mandrillapp smtp credentials that I use for many things.

Subject: test message&#039;s

Message:
Hey Joe,

This meeting was fantastic!

I look forward to the next one, and all your new idea&#039;s!

Regards,
John

[KK]

That is a security measure that sanitizes dangerous characters and cannot be turned off.

I suggest you revert back to the HTML format and add <p> or <br> to your message to create the newlines. The quote will not bother you in that format.

Hope it helps.