Search…

X3 Photo Gallery Support Forums

Search…
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

23 Oct 2022, 11:18

Just to double-check, did you receive the test email I just sent?

Maybe I am confused, but some things are not clear at this point. Is this the same contact form or website as initially reported a few months ago? Didn't you fix it back then according to me post? Did the fix get overwritten somehow? I'm struggling to see that there is a NEW issue here, unrelated to the previous issue, which was reported fixed.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

02 Nov 2022, 06:02

mjau-mjau wrote: Just to double-check, did you receive the test email I just sent?
Yes, I did.
Is this the same contact form or website as initially reported a few months ago?
No, it's not, a few months ago the issue occured on a private website. On my commercial websites I did not implement the fix because it felt a little "hacky".
Since I don't know if the client got the "thnx" message I cannot say for certain if this is the same issue, but I guess it's very likely. On the other hand this happened on a desktop computer opposed to the occurences on mobile devices earlier.

PS: I was travelling a while, hence the late reply.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

02 Nov 2022, 06:23

metallissimus wrote:I did not implement the fix because it felt a little "hacky".
Sure, but we are simply stripping away anti-bot measures, ultimately leaving your contact form clean and basic ... There is no reason this would not work, and not something we can change in the core contact form. The issue here of course, is why the anti-bot fails on these extremely few devices not even reported by anyone earlier? At this point, if anything, I would need to implement an option "use anti-bot measures".

To be honest, I don't think this anti-bot this will make much difference anyway, as the contact form behavior is already obscured and hidden behind Javascript.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

02 Nov 2022, 06:41

Alright, I will use the fix on all my sites then. This will be lost during updates though, won't it?
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

02 Nov 2022, 10:22

metallissimus wrote: Alright, I will use the fix on all my sites then. This will be lost during updates though, won't it?
Yes. I will look into it for next release, and maybe even remove it as I don't really think it offers any additional protection. I can't really diagnose it, because this is some vague behavior on some very few devices (perhaps plugin/extension related) that I can't reproduce, and this feature has been in place for many years. Seems pointless to add an individual setting for it ...
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

12 Sep 2023, 06:26

This should be fixed in X3.32.0. See release post:
photo.gallery/blog/photo-gallery-x3-32/
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

09 Jan 2024, 05:31

It has happened again! I am still trying to find out the details, but a friend told me she had written to me via contact form (https://hochzeiten.danielbollinger.de/kontakt/) but I haven't received any message.

Also I managed to get the "thnx" message by sending the form too quickly after page load. I thought this was disabled in X3.32.0?

This is absolutely maddening! I may have lost substantial revenue because of messages I never received. Again.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

09 Jan 2024, 06:41

So my friend tried it again and she also got the "thnx" (on a Windows Laptop with Firefox). I am gonna apply the fix you showed me a while ago. I know you probably can't diagnose on my site that way, but this is not a situation I want to be in any longer.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

09 Jan 2024, 08:06

I did actually fix it, in regards to what I truly believed was the issue, and essentially still do ... You managed to send an email within 3 seconds from the website loads? This is what bots do, and is therefore considered spam. Can you honestly go to a contact page (either load a page directly, or click from the menu), and then manage to fill your email address and a meaningful text message and send within 3 seconds? It could be technically possible if you already have the email+name stored there, but I still don't believe anyone can mouse-focus the text message field, input some meaningful text for communication, and then click the "send" button all within 3 seconds ...

So yes you might achieve that response if you try and enter some junk into the text area. If your human client achieved that while sending a meaningful message? I really don't think this is even remotely possible ... Therefore, I'm pretty sure it is not the same issue that your customer is seeing ...

Yes I did resolve the issue which I was pretty sure was causing issues earlier. It no longer populates "honeypot" hidden inputs on various focus-events. They are pre-populated now (in Javascript), without requiring any user events. Then there is the PHP, which correctly checks all:
Code
if(empty($_POST['honey1'])
 && $_POST['honey2'] == 'alpaca'
 && (!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
 && !empty($_POST['page'])
 ) {
Based on recent changes and based on the above, there are only two technical reasons it could possibly fail:
  1. Page is not loading completely, and/or javascript is therefore not triggering properly.
  2. Users browser/device is populating or de-populating hidden form fields used for bot-detection.
Of the two above, I can't really imagine it's #1. Why? Then how can we fix it ... Perhaps #2, but then what kinda device/browser/extension does this? I'm pretty sure you will never be able to detect it from any device/browser you test with yourself, because it's incredibly obscure and something not done properly from whoever made it (whatever "it" is) work like that.

When form fields are hidden, no extension or browser should be editing them. I know that some browsers may pre-populate visible form input fields, if they have known attribute names like "name" etc, but in addition to being hidden, these honeypot fields are named "honey1" and "honey2".

For the fix, yes of course you could narrow down the conditions to the following:
Code
if(/*empty($_POST['honey1'])
 && $_POST['honey2'] == 'alpaca'
 && */(!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
 /*&& !empty($_POST['page'])*/
 ) {
Again, hard to diagnose when you don't know what's happening on the clients device. I doubt you or anyone close to you (where you can test directly on the device) will ever be able to reproduce it (apart from the 3-second requirement, which should be logical).

So if she always got "thnx" before (assumingly?), then testing with the above should work? Hopefully you can get her to test. And if it works, then her device (and extremely few others) are clearly editing hidden form fields ... This doesn't seem right to me, as it's common to use hidden form fields, and clearly the extreme majority of devices will never do such a thing.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

09 Jan 2024, 12:06

mjau-mjau wrote: It could be technically possible if you already have the email+name stored there, but I still don't believe anyone can mouse-focus the text message field, input some meaningful text for communication, and then click the "send" button all within 3 seconds ...
A lot of couples send the same text to a handful of photographers. So copy/pasting the message could play a role here and that would explain the 3 seconds.

I falsely assumed by fixing you meant you had disabled the whole mechanism.

My friend did get a message to me eventually, so it's nothing on her device that definitively corrupts the contact form. Unfortunately I don't think I can count on her to minutely describe all of her steps though, she was almost out of her depth when I asked for the browser.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

09 Jan 2024, 22:30

metallissimus wrote:A lot of couples send the same text to a handful of photographers. So copy/pasting the message could play a role here and that would explain the 3 seconds.
No need to debate this in detail of course, but even with pre-populated name/email and copy-paste, you will need some extremely unnatural speed to achieve that within 3 seconds. The timer starts as soon as you have clicked "contact" button in the menu, or typed the url into browser. And on mobile device? I couldn't do it if I tried ... Anyway, surely this is not the issue on the specific users side?

Also, just to note, this 3-second mechanism was actually added in latest release, and was definitely not the same issue as earlier.
metallissimus wrote:I falsely assumed by fixing you meant you had disabled the whole mechanism.
Well, what remains of the whole mechanism is really nothing more than sending the entire form to PHP. This of course may include hidden input fields, which is normal procedure. Before, we used to populate the hidden fields with Javascript on certain "focus" events, which ultimately seemed like it could potentially fail on some devices. Now, I don't know, but as stated in my previous post, the device/browser/extension is doing something clearly inconsistent.
metallissimus wrote:My friend did get a message to me eventually, so it's nothing on her device that definitively corrupts the contact form. Unfortunately I don't think I can count on her to minutely describe all of her steps though, she was almost out of her depth when I asked for the browser.
Very hard to make some logic out of that, although when I hear that it eventually works, all I can think is that she is having some trouble with internet/network/firewall. There is no way the contact form (javascript/PHP combo) will fail randomly ... how?

Of course, if you or me manage to get hold of a device (or someone with a device) where we can reproduce this, it would be much easier to resolve. For example, does the fix in my previous post fix the issue persistently? Then we know if it's a hidden input issue or a load issue at least.

Of course, I do apologize for the problems you are dealing with, as neither you or the client should have to deal with this. I really don't believe more than just an extreme few can be experiencing this issue. I have personally never experienced it, or had it reported elsewhere (although of course, it could technically have gone unnoticed).[/quote]
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

10 Jan 2024, 03:28

mjau-mjau wrote: Of course, I do apologize for the problems you are dealing with, as neither you or the client should have to deal with this.
Much appreciated!
I really don't believe more than just an extreme few can be experiencing this issue. I have personally never experienced it, or had it reported elsewhere (although of course, it could technically have gone unnoticed).
I tend to believe the same (otherwise I couldn't bare the situation at all), but there's just no way of knowing.

Just to make sure: By implementing the fix here, I have circumvented the whole mechanism and it's impossible for the form to fail for any reason related to the honeypots? So all I have to do is change those lines after every update?
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

10 Jan 2024, 03:48

metallissimus wrote:Just to make sure: By implementing the fix here, I have circumvented the whole mechanism and it's impossible for the form to fail for any reason related to the honeypots? So all I have to do is change those lines after every update?
If you edit the PHP as in that post, then yes it won't care about the hidden input fields, regardless of what has happened to them underway ... If this indeed is the issue, which at this point, might be at least as likely as anything else ...