Form Tools - API

API and microsoft access

Sun, 24 Dec 2017 14:19:45 -0800

So we can use API with microsoft access?
I need this for advanced stuffs :0

Error Code #304

Thu, 14 Dec 2017 15:53:48 -0800

Hey everyone,

I am trying to create a php-based API form for use in FormTools. I am an novice to intermediate web designer. Sorry if my terminology is off. I keep getting error message #304. Does anyone have any advice? Copied text below.

ERROR
Error Type: System
[b]Error Code: #304 — Learn more about this error.[/b]
Debugging:
Failed query in ft_api_process_form, /home/slcatl5/public_html/formtools/global/api/api.php, line 811:
UPDATE ft_form_35
SET State = 'Virginia',
policy_area = 'Agriculture and Natural Resources',
program_name = 'Farmville',
agency = 'Ag Department',
contact_name = 'Bob',
contact_title = 'Farmer',
address_line_1 = '123',
address_line_2 = '',
city = '123',
zip = '30033',
phone = '123',
email = 'bob@csg.org',
website = '',
descriptions = 'Files',
heardaboutSTAR = 'Word of mouth',

last_modified_date = '2017-12-14 18:43:44',
ip_address = '173.165.175.169'

WHERE submission_id = 4
Unknown column 'State' in 'field list'

The form is here: https://www.slcatlanta.org/STAR/apply/. Thanks in advance for your help!

Bug in ft_api_delete_unfinalized_submissions()

Tue, 05 Sep 2017 08:05:41 -0700

Hi,

The ft_api_delete_unfinalized_submissions() uses curdate() instead of now() function to compare the submission time when the second parameter is false. The MySQL curdate() just returns a date e.g. D.M.YYYY without time information. However, the now() function returns the current date and time. So, the current implementation do not delete the unfinalized submissions older than 2 hours as stated in the documentation, but just those older than today. The correct way to comply with the documentation should be to use now() function.

Non-consecutive IDs

Tue, 05 Sep 2017 04:21:17 -0700

Hi,

I'm using Form Tools 2.2.6. I've installed Submission ID manager module to reset the ID counter after sending test submissions. I used the delete option and reset the ID to 1. Then I submit a test submission and it got the correct ID == 1. However, when people started to use the form the submissions ID were 39, 48, 57 and 65 (ever 9 units). How can I at least make that the ID increments in 1 instead of 9?

Google Recaptcha

Tue, 22 Aug 2017 12:00:53 -0700

Formtools Recaptcha is out of date because Google owns/runs Recaptcha now. I hacked it in for a simple posted form without the api totally integrated, if anyone is interested in the code.

Odd, extended lag on form submit (and finalize)

Tue, 15 Aug 2017 06:43:20 -0700

I'm coming across an odd issue, that I've googled thoroughly, and searched on these forums as well, to no avail. Seems maybe a bit unique?

We've been using FormTools for about seven years or so. I don't recall if this was an issue in the beginning, but now, the finalization of a form submission has a VERY noticeable lag. As in, 15-30 seconds long.

Specifically, when a user hits the final submit button on our form (or I run a test), the page begins to process, and one can see the spinning circle on the browser tab. This goes on for an extended period, to the point where people are obviously hitting the submit button multiple times in frustration. Eventually, the submission goes through.

I have narrowed down the cause to the automated emails. If I turn them off, the form submission takes only a second. The emails cause the lag whether I have SwiftMailer turned off or on. Is there something dated with the API? Is there a way to speed this up without writing custom code? Crossing my fingers that someone has resolved this already...

Thanks,

Mikko

E-mail validation rejects valid email address

Mon, 14 Aug 2017 04:58:22 -0700

I used a core "Textfield" to enter "Medium <= 256" text in a "Big" field width default "Max Length" and a validation for "Valid email".

However a valid email address like "info@webaddress.nl" is rejected.

Can I change the validation rules without having to add a custom field type and create validation rules from scratch?

Leaving form entries unfinalized - is it a problem?

Sat, 15 Apr 2017 23:50:53 -0700

Hi,

I have a multi-page form where I want to allow users to make updates as required.

Specifically, each user should have only ONE entry per table. I am not setting my users up formally in Form Tools because all of my pages are behind a membership database system and I am able to pull each user's unique member id out of that database and add it to my table so that the unique member id can still be used as a key in form tools.

I can see how I can populate each form field with previously submitted data so the user can edit it.

The only thing is that it seems that if I finalize the form on the last page, the user cannot go back in and edit their submission without it creating an additional entry for that user in the table.

For a layman like me, the easiest thing seems to just leave the form unfinalized to allow subsequent edits/updates.

The user may want to continue with subsequent edits/updates for 12 months or more.

So my question is, is there a command to set the form back to "unfinalized"prior to any subsequent edits/updates and then re-set it to finalized once the subsequent edits/updates are completed, or is it OK to just leave the entries "unfinalized" over the full period of time?

Looking forward to some clarification or advice.

Thank you.

- Neil

Form not processing or proceeding with multi page form [solved]

Fri, 14 Apr 2017 20:20:34 -0700

Hi,

I am attempting to create my first multi-page form using the API, but I am going crazy and getting nowhere.

I have created other internal forms in form tools without issue as well as other forms in general, but am having real issues with the API.

I believe I am following the instructions exactly as outlined in the docs, plus trying a few other things that seem more logical after the initial tests did not work.

For example, this is what I currently have at the top of my first page (above the
require_once("/home/mysite/public_html/ftools/global/api/api.php");
$fields = ft_api_init_form_page(5, "initialize");
$params = array(
"submit_button" => "Submit",
"next_page" => "mbh_competitive_index_1.php",
"form_data" => $_POST
);
ft_api_process_form($params);
?>

Now strictly speaking, the docs ONLY say to have;

$params = array(
"submit_button" => "submit_button_name_attribute",
"next_page" => "next_page.php",
"form_data" => $_POST
);

(I have no file upload fields)

- on your first page instructions. Which I tried out of fun, and that didn't work, so I wrapped it in and that didn't work either so I then extended it to what I have above - otherwise how does the first page even get the api.php code to process the form? But anyway, that is not working either.

Interestingly, when I tried to delete "$fields = ft_api_init_form_page(5, "initialize");" from the line above, I got a 300 error, so there is a connection trying to take place somewhere.

My form code line is;

" method="POST"> - pretty much as directed.

Plus my button code is;

On the first page of the form, I only have three hidden fields and one select and they are all properly coded.

When you complete the select field and hit the "Submit" button the page refreshes, but does not proceed to the next page - nor does the selection remain in the select field. Everything just reverts back to what what was initially there. I get no error message either.

I have tried just continuing on manually through all the other form pages but at no time does the script take me to the next page or the "Success!" page, and nothing is registered at Step 3, other than tell me that the line of PHP you will need is:

$fields = ft_api_init_form_page(5, "initialize"); - which I have included on all pages.

I have also tried putting the full URL into the "next_page" -> variable without success.

Sadly, there seems nothing in the docs or on this forum that seem to be able to help me further, so any assistance would be greatly appreciated.

Thanks kindly,
- Neil

OK, sorry, I think I just found it, with the problem being with my button name. :?

External Form Security

Sun, 15 Jan 2017 09:07:48 -0800

Hi all,
First post for me, and I begin by saying that FormTools is brilliant!

One slight concern I have, though I will be happy to admit if this is an error on my part is that when using external forms I cannot seem to get my one external form to stick to the access policy defined when setting up the form. At the moment anyone and everyone (including not logged in) can access my external form even when the form is set to Adminstrator Only access.

I have searched the forum for a fix to this but cannot find anything.

Can someone suggest a solution to this?

Many thanks in advance.

Beginner: how to link a field to an existing field in a MYSQL Database

Fri, 06 Jan 2017 10:30:26 -0800

Hi,
I am a beginner with FormTools. How can you link a new form to an existing Mysql data base on my webserver.
The FormTools is installed on my Webserver too.
I have not found any documentation which describes how to link the fields of the form with the fields in the database.
Please inform.

Google Maps API error message

Tue, 02 Aug 2016 14:52:22 -0700

Hi,

Any help you can provide is appreciated.

I've got a form going that has all the fields I need but I cannot see where I to add my googlemaps api key.

The google api is working on another form I've created, but I don't see where I should add the code on the specific page.

This is what I have in the code of the working page, and I get the desired return:

Can someone please advise me on where I would need to add the code in this page: TEST PAGE. As far as I can tell, the page is the edit_subscription page, which I can get to, however, I would like to be sure this is correct before going too far...

Thank, in advance...

Getting Browser Information

Thu, 02 Jun 2016 13:32:49 -0700

Is there some way to record the type/version of browser the user is using when submitting a form? I've gotten a few submissions that seemingly bypass all the validation rules (PHP), with no explanation. I'd like to narrow it down further. Thinking that maybe they are using some ancient browser or something?

Deleted records - reappearing!!

Wed, 24 Feb 2016 02:53:02 -0800

Sometimes, records deleted in formtools - that appear deleted, are re-appearing in the database table - but with 'NULL' values - it seems to happen after visiting the tank you page after deleting the record. Using API

Form submits data but 500 error after

Fri, 08 Jan 2016 20:38:15 -0800

Hello,

I'm using an API form that was working fine until I tried to make some changes to the form code (a select field). The first time I tested the changes I got an Error 500, a now I keep getting the errors even after reverting the changes.

The form is able to store the information in the database but I don't get to the Thank you page or get the swift emails. The problem is only on one form. My other forms work well.

Another thing I noticed is that the session stays open since it never gets to the Thank you page so I have to manually load the Thank you page to close the session.

Any ideas would be greatly appreciated.

Here is my code:

require_once("../global/api/api.php");
$fields = ft_api_init_form_page("30"); // X would be your form ID

// validation time!

$errors = array();
if (isset($_POST['submit']))
{
$rules = array();
$rules[] = "required,first_name,01First Name is required.";
$rules[] = "required,last_name,02Last Name is required.";
$rules[] = "required,home_address,03Home Address is required.";
$rules[] = "required,city,47City is required.";
$rules[] = "required,zip_code,48Zipcode is required.";
$rules[] = "required,state,04State is required.";
$rules[] = "required,mobile_phone,05Mobile Phone is required.";
$rules[] = "required,email,06Email is required.";
$rules[] = "required,fullname,07Full Name is required.";
$rules[] = "required,place_birth,08Place of Birth is required.";
$rules[] = "required,nationality,09Nationality is required.";
$rules[] = "required,dob_mm,10Date of Birth is required.";
$rules[] = "required,dob_dd,11Date of Birth is required.";
$rules[] = "required,dob_yy,12Date of Birth is required.";
$rules[] = "required,gender,13Gender is required.";
$rules[] = "required,passport_number,14Passport Number is required.";
$rules[] = "required,place_issue,15Passport Place of Issue is required.";
$rules[] = "required,exp_mm,16Passport Expiration Date is required.";
$rules[] = "required,exp_dd,17Passport Expiration Date is required.";
$rules[] = "required,exp_yy,18Passport Expiration Date is required.";
$rules[] = "required,agent,19Agent is required.";
//$rules[] = "required,corp_card_year,50Expiration Date is required.";

$rules[] = "valid_email,email,30Please enter a valid email address.";

// $rules[] = "digits_only,zip_code,31Please enter a valid Zip Code.";
$rules[] = "digits_only,mobile_phone,32Please enter a valid Mobile Number";
$rules[] = "digits_only,home_phone,33Please enter a valid Home Number.";
$rules[] = "digits_only,work_phone,34Please enter a valid Work Number.";
$rules[] = "digits_only,cc1,35Please enter a valid Credit Card Number.";
$rules[] = "digits_only,cc2,36Please enter a valid Credit Card Number.";
$rules[] = "digits_only,cc3,37Please enter a valid Credit Card Number.";
$rules[] = "digits_only,cc4,38Please enter a valid Credit Card Number.";
$rules[] = "digits_only,cvc_code,39Please enter a valid CVC Code";
$rules[] = "digits_only,billing_zip,40Please enter a valid Zip Code.";
$rules[] = "digits_only,corp_cc1,41Please enter a valid Credit Card Number.";
$rules[] = "digits_only,corp_cc2,42Please enter a valid Credit Card Number.";
$rules[] = "digits_only,corp_cc3,43Please enter a valid Credit Card Number.";
$rules[] = "digits_only,corp_cc4,44Please enter a valid Credit Card Number.";
$rules[] = "digits_only,corp_card_cvc,45Please enter a valid CVC Number.";
$rules[] = "digits_only,corp_card_zip,46Please enter a valid Zip Code.";
$rules[] = "valid_email,assistant_email,49Please enter a valid email.";

$errors = validate_fields($_POST, $rules);

// no errors - great! Now we process the page. The ft_api_process_form does
// the job of both updating the database and redirecting to the next page
if (empty($errors))
{
$params = array(
"submit_button" => "submit",
"next_page" => "thanks.php",
"form_data" => $_POST,
"finalize" => true
);
ft_api_process_form($params);
}
// it failed validation. Update $fields with the latest contents of the form data
else
{
$fields = array_merge($_SESSION["form_tools_form"], $_POST);
}
}
?>

Custom Login Page for submission_accounts

Thu, 07 Jan 2016 11:13:27 -0800

Hi,

Do we have API to connect custom login page with submission_accounts module login page to edit the user entered data? Please any one reply.

Thanks in advance.

Thanks

Hi All,

I found the solutions. Thanks for this great tool.

If any newbee need help, please ping me.

(Jan 7th, 2016, 11:13 AM)formuser Wrote: Hi,

Do we have API to connect custom login page with submission_accounts module login page to edit the user entered data? Please any one reply.

Thanks in advance.

Thanks

HELP!!! FORM sending information to e-mail

Fri, 10 Jul 2015 14:40:37 -0700

Explained

I have my forms to fill and clicking the button "submmit" I did not come in the mail.

Could you help me ??

before it worked perfectly !!

as I can solve it?

my English language is bad !!

Return field value

Mon, 22 Jun 2015 05:26:40 -0700

Hi,

I'm using the api to retrieve submissions which works well. However my dropdown list has the following entries....

Order Field Value Display Text
1 ami-f5f86b82 Centos6-template-clean

But when I try and get the information back in an xml format I only ever get the display text.

How can I retrieve the Filed value instead?

This is the code I'm using.....

require("global/api/api.php");
$page = ft_api_load_field("page", "page", 1);
ft_api_show_submissions(1, 1, 7, $return_as_string);
?>

And this is the result.....

Any ideas?

Cheers,

Neil

XSS Prevention of PHP Injection

Fri, 12 Jun 2015 13:26:13 -0700

Recently, a PCI audit revealed a cross site scripting vulnerability in some of the forms I had developed for my clients. If I understand the terminology correctly, it is based on PHP Injection. Basically, since the form action of an external form (utilizing the API) is:

PHP Code:

<form action="$_SERVER["PHP_SELF"]?>" method="post"> 

Then the URL can be used to execute scripts as variables in the URL.

There's ample documentation about this being a well known problem. There are also lots of forums around the WWW with potential fixes.

Since I don't pretend to understand PHP as a programming language, I have to have assumed that Joe and Ben intended the form action for a reason. And then I read the tutorial on adding a single page form with the API. It was then that I realized the form action being PHP_SELF was only out of convenience to the web developer. For example, we could, instead, use the file path as the form action, but if we ever changed the file path (or it's filename), we would need to remember to change the form action, as well.

That said, I have now opted to edit all of my external forms to utilize a hard-coded form action URL, like this:

PHP Code:

<form action="https://www.domain.com/filename.php" method="post"> 

Obviously, you would want to replace domain and filename with your own values.

While the tutorial I mentioned above actually states:

Quote:It's generally a better idea to use $_SERVER["PHP_SELF"] instead of the name of the file, since filenames sometimes change. If that happens, you'd need to remember to update the action attribute. But by using the PHP variable, you don't have to worry about it!

It is actually better if you use the name of the file, to prevent potential XSS attacks on the form submission. You'll just need to remember to change the form action if the name of the file changes.

Before I realized all of this, I DID actually come across another potential solution, which should prevent the URL from being appended. However, I'm also fairly certain the code I found is bloated a bit, since it wasn't programmed specifically for FormTools. I just don't know PHP well enough to strip it down. It does, however, prevent the PCI scans from flagging the XSS vulnerability.

I would like to actually store this code in a separate file and call the file from the top of all of my forms, for convenience, but I'm not entirely sure how to do that, either. This is really sort of irrelevant now, though, since I'm now using the full path in the form's action attribute, instead of PHP_SELF.

If this code could be tested by Ben/Joe, perhaps it could be implemented in the core, to help prevent XSS attacks on forms utilizing the API. The code I found is:

PHP Code:

    // XSS prevention

    if (isset ($_SERVER['ORIG_PATH_INFO']) && $_SERVER['ORIG_PATH_INFO'] != $_SERVER['PHP_SELF']) {

        $_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];

    }

    // Security measure, to avoid XSS exploit.

    if (!empty ($_SERVER['PATH_INFO']) && strrpos ($_SERVER['PHP_SELF'], $_SERVER['PATH_INFO'])) {

        $_SERVER['PHP_SELF'] = substr ($_SERVER['PHP_SELF'], 0, -(strlen ($_SERVER['PATH_INFO'])));

    }

Hopefully this all makes sense to someone.

After the submit bug in the redirect to the succes.php

Wed, 06 May 2015 08:05:27 -0700

Hi,
I have been trying integrating formtools through the API, I have reviewed all Threats related, and I do not know why once the completed form (and sent correctly) no forwarding is executed to the page succes.php (which in my case it is called formulariook.php)

This is the URL of the form:

http://www.coachingwingwave.cat/contacto.php

Here I leave the code that I have in the form page:

require_once ("/home/adminjoaquimb/public_html/formtools/global/api/api.php");
$ Fields = ft_api_init_form_page (5);
$ Params = array (
"Submit_button" => "submit"
"Next_page" => "contactoformulariook.php"
"Form_data" => $ _POST,
"Finalize" => true
);
ft_api_process_form ($ params);
?>

And this in succes.php page (formulariook.php)

require_once ('/ home / adminjoaquimb / public_html / formtools / global / api / api.php ");
$ Fields = ft_api_init_form_page ();
ft_api_clear_form_sessions ();
?>

I tried to change and try everything but I can not make it work well, does anyone know what is happening? .. Thanks in advance,
Regards
Victor