Hello.

For those of you who have public forums with members who may become future-banned members, because they have too much time on their hands, this is one area of the forum's E-mail system they won't be able to play with.

What I mean is, currently, the 'Contact Us' form's member's 'username' and 'E-mail' fields can be overwritten such that the admin can receive E-mail with the incorrect 'reply to' info if someone monkey's with the username and/or put's someone else's E-mail address in the field. This can cause some unknowing person to receive unwanted E-mail from the admin.

This 'playfulness' is expected from random 'guests'. Therefore, in order to restrict this behavior to 'guests' only, here is the code to make these fields 'uneditable' for logged-in members, since their profile values are automatically filled-in by the system. At least, they won't be able to 'play' here...


Locate the 'name' section of code. Modify with this:


<!-- begin revision -->
<if condition="$show['member']">
<input type="text" class="bginput" name="name" value="$name" size="50" readonly="readonly" /> &nbsp;(uneditable)
<else />
<input type="text" class="bginput" name="name" value="$name" size="50" />
</if>
<!-- end revision -->

Next, locate the 'email' section of code. Modify with this:


<!-- begin revision -->
<if condition="$show['member']">
<input type="text" class="bginput" name="email" value="$email" size="50" dir="ltr" readonly="readonly" /> &nbsp;(uneditable)
<else />
<input type="text" class="bginput" name="email" value="$email" size="50" dir="ltr" />
</if>
<!-- end revision -->

NOTE: the difference in the 2 '<input...> statements is the 'readonly' attribute and a field message that lets members know those 2 fields are 'uneditable'.


Hope this helps.

EDIT: Make change to 'contactus' template

EDIT (11/15/05): CHANGED from 'readonly' to readonly="readonly" to make compliant although the original version works. The text file download was also updated.

good idea :)

Text file, please? ;)

Boofo,

Not sure if this is the answer you're looking for, but I had edited my initial post to show the change is to the 'contactus' template.

boofo wants you to add a text file attachment containing the template mods instructions.
its helpful for many of us so we can store it in our hack/modification folders for future use :)

If it's a template mod shoudn't it be on template modifications?

Great idea though, I wonder why Jelsoft left it editable...

boofo wants you to add a text file attachment containing the template mods instructions.
its helpful for many of us so we can store it in our hack/modification folders for future use :)

Exactly! ;)

Very nice idea, should be standard in vB imho.

ooh...I see...

is there a particular format for the text file or should I just copy what's above in my initial post?

As far as where to put it, I wasn't sure since I've seen a template mod(s) in this category in the past. Earlier in the week I had mod with a change to 'modifyprofile' template (re: how to hide the member's URL) in code mods and it was moved to tutorial. I thought maybe if it was to be moved, it would have gone into 'template mods' forum. Still feeling my way around to know where to put things. For the future, I'll put template mods in that category.

ooh...I see...

is there a particular format for the text file or should I just copy what's above in my initial post?

As far as where to put it, I wasn't sure since I've seen a template mod(s) in this category in the past. Earlier in the week I had mod with a change to 'modifyprofile' template (re: how to hide the member's URL) in code mods and it was moved to tutorial. I thought maybe if it was to be moved, it would have gone into 'template mods' forum. Still feeling my way around to know where to put things. For the future, I'll put template mods in that category.

Just a text file with the instructions and code in it is all.

"locate the 'name' section of the code modify with this" ????

Are there some simple find/replace instructions as the word name is repeated all over the template

(Surely this is just a template mod anyway?)

"locate the 'name' section of the code modify with this" ????

Are there some simple find/replace instructions as the word name is repeated all over the template

(Surely this is just a template mod anyway?)No worries, I worked it out

Here is a text file for anyone else having trouble

Moonclamp,

Nice job with the instructions. If you don't mind, I revised it by putting credit to you in it and put it with the initial post now that I know how to do it. No other changes. Hope this is okay.

Thanks to all of you who have 'shown me the way...' :squareeyed:

Nice template mod, although I'd rather use disabled="disabled" than readonly. Using this method, the visual feedback is already there without having to note that it's uneditable.. :)

Nice template mod, although I'd rather use disabled="disabled" than readonly. Using this method, the visual feedback is already there without having to note that it's uneditable.. :)

So, exactly how would you change it then? ;)

So, exactly how would you change it then? ;)

swapping "readonly" with disabled="disabled" greys out the input while still keeping it read only

HOWEVER ... as I just discovered. When I just used "disabled" I got an error message "You entered an invalid email address."

1. Moved to Templated Modifications, as it is not a Code Hack
2. This breaks XHTML validity
3. It does not stop users from using faked input

In response to Moonclamp's using the disabled="disabled" attribute, the error message comes because of the difference between how it is handled over the 'readonly' attribute. The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.

In response to Andreas,
2. This breaks XHTML validity
3. It does not stop users from using faked input I'm not sure I understand. Can you explain, please?

For example, I'm not familiar with 'what' breaks XHTML validity since I haven't been working with it very long. Also, re: item 3, if the fields are 'readonly', how can the input be faked?

Thanks.

Question: What do we replace with what.

Download the file attached to the initial post (on the right-hand column under 'Mod Options'). It has instructions in a different format.

The 'readonly' attribute still allows the parameters of the 'input' statement to be sent to the server when the form is submitted. Therefore, the input 'acts' like the type is 'hidden' vs. 'text'. When the disabled attribute is used, its parameters are NOT sent to the server thereby causing the error message, 'invalid email address'. The server never received the data.I guess I should have tested it a bit more, huh?

Ok, so another way around it is to mimic the text colour of a disabled field..
style="color:#7C898A" readonly="readonly"

Also, re: item 3, if the fields are 'readonly', how can the input be faked?I know this is rather old now, but for anyone wondering..

http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.comEt voila.. Faked input.

Great idea

Thank you :)

Install

*Clicks Install* Nice work!

I know this is rather old now, but for anyone wondering..

http://www.yoursite.com/forums/sendmessage.php?name=Someone&email=blah@blah.comEt voila.. Faked input.

So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!

So it's not foolproof, if someone was so inclined they could fake input... but this provides one less way they can fake input.

Installed. Thanks!Most users wouldn't think to even try and bother faking the input.

Only those that know a little about site scripting may attempt it, but even then, unless they have reason to do so they probably wouldn't bother trying..

very simple hack, works in vb 3.6.4 *installed