Description
Safe Signup Form is a WordPress Plugin that will forward a form submission to an email address, while preventing most automated attacks.
To do this it leverages Elliot Back’s WP Hashcash — an elegant anti-spam engine that uses javascript to determine if the form is submitted by a robot or a Web browser.
An administration page provides three options for handling submissions identified as spam:
- Delete spam submissions.
- Flag spam submissions (and forward them anyway).
- Forward without flagging.
The basic plugin offers a simple name and email form, but the php can be easily modified to incorporate any number of fields.
You can download Safe Signup Form here.
Safe Signup Form uses XHTML compliant code and has been tested in WordPress 2.7 through 2.9.1, MSIE 7 and 8, Firefox 3 and 4, and Safari 3.
Installation
- Upload
ddf-signup.phpto thewp-content/pluginsdirectory of your WordPress install. - Activate the plugin through the
Pluginsmenu in WordPress. - View the
Secure Form - Signuppage underPluginsto set options for presentation, spam handling, validation, and other options. TheSecure Form - Signuppage also provides statistics on the number of spam vs. total submissions. - To add a form to a page either create a template with the php function:
<?php ddfs(); ?>or enter the shortcode[ddfs]in any post or page content.
IMPORTANT: If you are using WP Super Cache, changes you make using the Secure Form - Signup page may not appear. If this happens, edit and republish the page that presents the form.
Frequently asked questions
Q. I can’t get the form to send me an email.
A. The form should pick up the default admin email associated with your install of WordPress. To change it go to the Safe Signup Form page under Plugins in the WordPress Admin tool (you may need to log in as “admin”). You can then change the “forwarding email” value.
Since the forwarding email is generated by a script it may be blocked by your email server or filtered as junk mail by your email program. Check any spam or junk mail folders at the local and server level.
Q. Can I automatically forward an email confirmation to the user?
A. Not yet. I did not include automatic email confirmation because of the security implications — it allows a form to become a conduit for spamming third party addresses. The HashCash technology stops most robotic spam attacks, but human spammers could take advantage. I may add email confirmation as a option to a future version.
Q. Can I add additional fields?
A. The only way to add fields is to directly edit the plug-in PHP. If you know HTML and a little PHP this isn’t too difficult.
There are three places in the code where a new form field is defined or processed.
For example, let’s say you wanted to add a “Nickname” text field before the email field.
First, in the ddfs_install() function, add the new field to the $options['error-rules'] array. This defines how the field is validated.
// Rules for form validation - server side
// 'r' means required
// 'o' means optional
// 'e' means value must be a valid email
// a duplicate key requires a duplicate entry (as in 'ddfs-repeat-email')
$options['error-rules'] = array(
'ddfs-name' => 'r',
'ddfs-nickname' => 'o', // New field is set as "optional"
'ddfs-email' => 'e',
'ddfs-repeat-email' => 'ddfs-email'
);
Second, also in the ddfs_install() function, you may optionally add a label for the new field to the $options['forward-labels'] array. The appearance of the field in this array ensures that it is included in the form email notification.
// Labels and fields for form elements to be
$options['forward-labels'] = array(
'Name' => 'ddfs-name',
'Nickname' => 'ddfs-nickname', // New field is assigned to the "Nickname' label
'Email' => 'ddfs-email'
);
Third, in the ddfs_form_display() function, enter the new field’s HTML markup in the $form array. This displays the field on the page as part of the whole form. Make sure the label, field name, and $_POST value all match. For the id field I use the convention f- plus the field name.
/* Read form */
function ddfs_form_display() {
$form = array(
// Error message markup
'error-msg' => '',
// Rules for form validation - client side
'error-field' => '<input id="f-ddfs-rules" name="ddfs-rules" type="hidden" value="f-ddfs-name:r f-ddfs-email:e f-ddfs-repeat-email:d:f-ddfs-email" />',
// Default form markup
'ddfs-name' => '<p><label for="f-ddfs-name" class="required">' . __('First Name', 'ddfs') . '</label><input type="text" name="ddfs-name" id="f-ddfs-name" maxlength="50" tabindex="10" value="' . htmlentities($_POST['ddfs-name']) . '" class="f" /></p>',
'ddfs-nickname' => '<p><label for="f-ddfs-nickname" class="required">' . __('Nickname', 'ddfs') . '</label><input type="text" name="ddfs-nickname" id="f-ddfs-nickname" maxlength="50" tabindex="11" value="' . htmlentities($_POST['ddfs-nickname']) . '" class="f" /></p>', // New field HTML markup
'ddfs-email' => '<p><label for="f-ddfs-email" class="required">' . __('Email Address', 'ddfs') . '</label><input type="text" name="ddfs-email" id="f-ddfs-email" maxlength="50" tabindex="15" value="' . htmlentities($_POST['ddfs-email']) . '" class="f" /></p>',
'ddfs-repeat-email' => '<p><label for="f-ddfs-repeat-email" class="required">' . __('Repeat Email Address', 'ddfs') . '</label><input type="text" name="ddfs-repeat-email" id="f-ddfs-repeat-email" maxlength="50" tabindex="16" value="' . htmlentities($_POST['ddfs-repeat-email']) . '" class="f" /></p>'
);
return $form;
}
In each of these cases, if you add fields to the end of the array, don’t forget to add a comma after ddfs-repeat-email (or ddfs-email in the second case). Then, make sure the last field in each array is
IMPORTANT: After editing the plugin PHP and saving it to the plugins folder, you must deactivate and reactivate it to see your changes. This is done under Plugins in the WordPress Admin tool (you may need to log in as “admin”). After that, you may also need to edit and republish the page that presents the form.
WARNING: When you deactivate and reactivate the plugin you will have to reenter any options you set on the Secure Form - Signup page.
Q. How do I change the appearance of the labels, fields and messages?
A. You can create the formatting you want by editing the “Custom Styles” option at the bottom of the Secure Form – Signup page. The default CSS is:
div.ddf label { padding-right: 0.5em; }
p.intro { font-style: italic; }
p.error { color: #ff0000; }
p.success { font-weight: bold; }
To stack labels over the fields, change div.ddf label to:
div.ddf label { display: block; }
To align fields to the right of the labels, you can try something like:
div.ddf label { display: block; float: left; width: 12em; }
Experiment with CSS and you should be able to get the format you like.
Have a question? Please use the comment form and I will do my best to respond.
Changelog
1.1
- Updated code to use localization (translation) functions for both admin and output.
- Corrected the “Error-spam flag” and “Error-spam cancel” fields to allow HTML tags.
- Added a “Compliant XHTML” admin option that places plugin javascript and CSS into the header of each page rather than into the body of the local page.
- Corrected a bug with the form action value that caused problems with calling the plugin from a template outside of The Loop
Upgrade Notice 1.1
This upgrade corrects several minor bugs and provides an option for compliant XHTML output. Use it if you want to call the plugin from a template outside of The Loop, desire XHTML compliance, want to format error messages, or want to localize the plugin.
Test the form
You can try out the form below. This is a dummy version and does not email to a live account. Try it with and without javascript enabled on your browser to see the spam response.
Please provide the information requested below. We will use your email only to communicate with you. We will not share it with anyone else for any reason.
Donate
Safe Signup Form is free, but any small donation is appreciated.
Hi. Integrated your form but it doesn’t send e-mail. Not sure what to check…
Posted by by Gene on May 4, 2009 at 5:59 pm