Search…

X3 Photo Gallery Support Forums

Search…
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Contact form issue

28 Jun 2022, 12:45

I have an issue with the contact form I thought I already solved:

While building it, I noticed that the message might fail to send but still be shown as successfull with the message "thnx" (which isn't the message I set up) in cases where I had radio buttons set to required but not checked them.
I removed the required attribute from the radio buttons and on my end everything is working fine, but now a friend of mine send me a screenshot showing the exact same wrong success message, of which I don't even know where it comes from.

I had several people check it now, with different outcomes:

Huawei P30 with Chrome: failed
same P30 with default browser: worked
unknown Xiaomi with Chrome: worked
Samsung S10E with Chrome: failed
Huawei Ajo with Chrome: worked
Google Pixel 6 Chrome: worked
Fairphone 4 Chrome: worked
every other browser so far has worked, so I don't list them all

This is really horrible because users think they successfully sent a message when in reality they didn't and I have no way of knowing about it.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

28 Jun 2022, 22:31

metallissimus wrote:Huawei P30 with Chrome: failed

This is really horrible because users think they successfully sent a message when in reality they didn't and I have no way of knowing about it.
How do you (or user) know it fails if the green checkbox returns success?
metallissimus wrote:but now a friend of mine send me a screenshot showing the exact same wrong success message
And what message is that? Can you forward the screenshot? The DEFAULT message in X3 is no message at all, just a green check mark.

To test, I would need a link to your contact form so I can see your own real success message, and test the form to see if there is anything that can be causing issues.

In the end of the day, if the contact form sends the message to the X3 mailer (x3.api.php) which responds with {"success":true}, then the email has been sent 100% correctly from whatever email options sender options you have included. From there on, it's your mailer mechanism's responsibility to deliver the email, something that can't be tracked by X3.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

29 Jun 2022, 03:51

mjau-mjau wrote: How do you (or user) know it fails if the green checkbox returns success?
Because in all the failed cases I received no mail.

Here's the screenshot:
signal-2022-06-28-183400.jpeg
signal-2022-06-28-183400.jpeg (94.22 KiB) Viewed 35903 times
The form in question: https://www.danielbollinger.de/kontakt/

(Initially I experienced the problem on another, private site/form, if neccessary I can send you access via PM. Since the same problem also occurs on my corporate photography site which has a much simpler form, I guess it might be easier to diagnose there.)
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

29 Jun 2022, 04:31

Do you have a way to reproduce the result above yourself from some browser/OS combination? Or is it only from some clients?

I know what causes the response, but it's unclear why your clients browser causes this response. The response "thnx" is the response from the X3 mailer when form data is not forwarded correctly (it would be considered a "bot"). The code that fails for the screenshot above:
Code
if(empty($_POST['honey1'])
  && $_POST['honey2'] == 'alpaca'
  && (!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
  && !empty($_POST['page'])
There only reason one of the conditions above could possibly fail, is if the user does not have Javascript enabled (in which case, almost no websites would work), or they are using some unknown browser extension that is messing up the javascript or html.

The two top fields, are X3's "honeypot" mechanism, that makes sure hidden form fields are 1. not populated and 2. populated correctly (not randomly by a bot). This is very effective bot prevention, and it works like this for all X3 websites, since first release.

The two bottom conditions can't possibly fail, unless 1. email is invalid or 2. some mechanism in browser that is blocking or changing the POST that gets sent from the website to the PHP. This is unlikely.

There is no way device itself "Huawei" or "Samsung" can affect the response. We don't and can't use this info of course, and besides, a browser is a browser. You can check if the client gets the same response from our own page https://demo.photo.gallery/contact/ (just in case it's something specifically on your website or server, although I can't see anything).

In the end, I would like to be able to reproduce this, but I'm pretty sure it can't be done under normal conditions.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

29 Jun 2022, 04:43

Thanks for checking so quickly!
mjau-mjau wrote: Do you have a way to reproduce the result above yourself from some browser/OS combination?
Unfortunately not, all the devices I have at hand running chrome (and it seems chrome related, or do you think that's just a coincidence?) don't produce the error.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

29 Jun 2022, 05:04

metallissimus wrote:Unfortunately not, all the devices I have at hand running chrome (and it seems chrome related, or do you think that's just a coincidence?) don't produce the error.
It's certainly not directly related, although I can't exclude that it's related to a Chrome extension.

All I can see for certain, is that at least one (or more) of the conditions are failing (from the code in my previous post). This could only happen if 1. email is invalid (although this will normally get detected as "invalid" from the form before being able to send), or 2. Some browser-extension/network/firewall mechanism is blocking one or more POSTS from browser to server/PHP, or 3. The invisible "honeypot" fields "honey1" and "honey2" are not getting populated correctly, either because the user did not actually input anything, or browser "focus" does not work, or user is attempting to submit the form within 3 seconds after the form opened (should not be possible with any input), or some browser extension/mechanism is pre-filling and/or focusing the hidden form fields.

Realistically, we can probably narrow it down to #3.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

29 Jun 2022, 07:46

mjau-mjau wrote: You can check if the client gets the same response from our own page https://demo.photo.gallery/contact/
I had a friend (who had the problem on my site as well) check:
signal-2022-06-29-125858.jpeg
signal-2022-06-29-125858.jpeg (62.63 KiB) Viewed 35892 times
What else can we/can I do?

I understand this happens pretty rarely, but as I pointed out above, when it happens, it's quite bad.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

29 Jun 2022, 10:45

metallissimus wrote:I had a friend (who had the problem on my site as well) check:
Thanks. Yep, I should look into it. Realistically, I already have it narrowed down, because the response "thnx" is triggered as an anti-bot response. Exactly why they fail on these few devices, is unclear, but it would be one of the following two Javascript functions. I'll just write em down for some clarity and why they are useful:

1. The 'focus' event below modifies the value of two hidden "honeypot" fields in X3 contact form as soon as user focuses on any visible input or textarea. Since user would need to focus on at least one input or textarea, they would always get populated correctly for human visitors. Bots will either try to automatically populate the fields incorrectly, or at least they would never get populated as long as the bot does not trigger the focus event. Basically, the event below needs to get triggered, else the mailer PHP will refuse to send and simply return a false "thnx" response.
Code
form.one('focus', 'input, textarea', function(e) {
  if(this == honey1 || this == honey2) return; // bail out before setting values
  honey1.value = '';
  honey2.value = atob('YWxwYWNh'); // alpaca
});
2. The 'focus' event below on the hidden "honeypot" inputs should never get triggered for human visitors, because the inputs are hidden. If they are focused, it must be by bots that don't know they are hidden. If they are focused, the mailer PHP will refuse to send and simply return a false "thnx" response.
Code
$(honey1).add(honey2).one('focus', function(e) {
  is_bot = true;
});
Looking at it right now, it almost has to be one of the above. Would be easy to diagnose from here if I could reproduce it, but until then, hopefully we can have some assistance from one of your clients.

For starters, can you please try this: Open app/x3.api.php and find around line 57:
Code
if(empty($_POST['honey1'])
  && $_POST['honey2'] == 'alpaca'
  && (!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
  && !empty($_POST['page'])
  ) {
Just replace that entire chunk of code above with this:
Code
if(!$email || filter_var($email, FILTER_VALIDATE_EMAIL)) {
Ask your client to try. It should definitely work, because the anti-bot honeypot validation will be ignored. In this case, I know 100% sure it's one of the functions noted above. If it still doesn't work however, it would mean that the visitors browser is blockings POST items or the email they entered is invalid (unlikely).
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

29 Jun 2022, 11:50

Fascinating concepts to "trap" the bots, thanks for the insights.
mjau-mjau wrote:Ask your client to try. It should definitely work
It did work.

Am I right to assume that for my private use case (where the whole site is password protected anyways) it's safe to just leave this code replacement in place?
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

29 Jun 2022, 23:30

metallissimus wrote:Am I right to assume that for my private use case (where the whole site is password protected anyways) it's safe to just leave this code replacement in place?
Correct.

Even if it wasn't password protected, I don't think bots would be able to use the contact form because the form action endpoint "x3.api.php" is not exposed in the html.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

21 Oct 2022, 07:48

Just wanted to let you know I now had the (probably) same issue on my commercial site www.danielbollinger.de as well. Thankfully the client reached out to me by mail, otherwise I wouldn't have noticed. They used Chrome on Windows 11 and typed the message directly in the browser (no copy/paste). I don't know if they got the "thnx" message (and I don't want to ask them for further help trouble shooting).

This is extremely distressing as it might already have cost me potential business, dimensions unclear.

I will add the fix you showed me earlier on my commercial site as well, but I think this warrants further investigation on your part.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

21 Oct 2022, 10:37

metallissimus wrote:I will add the fix you showed me earlier on my commercial site as well, but I think this warrants further investigation on your part.
But you have no information about the response the client got? It's very unusual, because hidden form fields is a normal and valid way to protect contact forms from BOTS, and I have never had any report of anyone with this problem on my X3 websites.

Yes it does warrant reviewing, but would be interesting to know how this client can reproduce this if we can't reproduce it ourselves from any device / OS.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

21 Oct 2022, 11:41

mjau-mjau wrote: But you have no information about the response the client got?
Unfortunately not, but I don't assume they would have remembered, even if I asked.
It's very unusual, because hidden form fields is a normal and valid way to protect contact forms from BOTS, and I have never had any report of anyone with this problem on my X3 websites.
Maybe I messed something up somehow along the way of CSS customization and playing around with the cart hack some other user developed. I am happy to share panel login and FTP if you want to check my installation.
Yes it does warrant reviewing, but would be interesting to know how this client can reproduce this if we can't reproduce it ourselves from any device / OS.
They did book me now, so maybe I can ask them to check when I am there. Will be about two weeks until then.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Contact form issue

22 Oct 2022, 02:11

Maybe I messed something up somehow along the way of CSS customization and playing around with the cart hack some other user developed. I am happy to share panel login and FTP if you want to check my installation.
The problem was from the cart? Or a contact form? I could probably just check the page first, just to see if there is any inconsistencies? The order-form doesn't actually have hidden form fields like the normal contact form.

Another possible reason, could it be that this user was still on Internet Explorer 11? X3 was initially made to support IE11, but I think since then, many additions have been added that might not support IE11 ... This just follows modern standards, which are bow now excluding support for IE11.
They did book me now, so maybe I can ask them to check when I am there. Will be about two weeks until then.
If we get to that point, yes it would be interesting to ask this user for some feedback ... Would be interesting to see if they get the same error on both order form and normal contact form.
 
metallissimus
Experienced
Topic Author
Posts: 331
Joined: 17 Oct 2019, 06:54

Re: Contact form issue

23 Oct 2022, 06:33

mjau-mjau wrote: The problem was from the cart? Or a contact form?
They used the form here: https://www.danielbollinger.de/kontakt/
Another possible reason, could it be that this user was still on Internet Explorer 11?
They told me they were using Chrome.
www.danielbollinger.de – corporate photography
hochzeiten.danielbollinger.de – wedding photography