custom forms - data collection

[Rowan32]

Hi.
I have a question. I'm using Zen Cart and want to add three contact forms. I have looked trough php form tutorial and found how forms are created. I just want to know how I can implement them with Zen Cart. Sorry for my bad knowledge in programming and thanks in advance.

[limelites]

This is just what I've been looking for, but I'm trying to incorporate it into a defined page via the define pages editor.

I basically copied the entire code from the http://www.silkblooms.co.uk/upload/data/index.php file and pasted it into this page:

http://www.silkblooms.co.uk/index.ph...e=testimonials

Needless to say, it don't work :)

I'm assuming it's because the 'upload' folder is not relative to the testimonial files? Would an easy way of fixing this be to move the upload folder into a relative position? If so, does anyone know where to?

I'm a complete amateur, if anyone knows a better way of incorporating this upload file function into a defined page then please share a technique with me. I'm very keen to have this function.

[dw08gm]

I am not exactly clear on what you want to do.

If Evilbr.png is a file that you uploaded, then the mod does work ipso facto.

IIRC the Upload folder must be placed outside of your cart for security reasons.

[limelites]

Ignore my previous post, I was just talking gibberish. All I had to do was insert the page into an IFrame. It's working now, at http://www.silkblooms.co.uk/index.ph...e=testimonials

My next question is now in line with the last few posts in this thread. How on earth do we prevent users from uploading .exe and .php malicious files?

I see that rolling back to v.1.61 is a quick fix, but I'd really like to keep the multiple file upload function. I've conversed with the mod author and he's basically saying it's not an easy fix using the php commands he's used to fix 1.61.

Does anyone know if there's a way of using a .htaccess file to prevent the upload of certain file types?

[DivaVocals]

Ignore my previous post, I was just talking gibberish. All I had to do was insert the page into an IFrame. It's working now, at http://www.silkblooms.co.uk/index.ph...e=testimonials

My next question is now in line with the last few posts in this thread. How on earth do we prevent users from uploading .exe and .php malicious files?

I see that rolling back to v.1.61 is a quick fix, but I'd really like to keep the multiple file upload function. I've conversed with the mod author and he's basically saying it's not an easy fix using the php commands he's used to fix 1.61.

Does anyone know if there's a way of using a .htaccess file to prevent the upload of certain file types?

Suggest using the example posted earlier in this post for how to put your form in the proper Zen Cart format, and NOT to use an iframe for your form..

[limelites]

I'm quite happy with the iFrame though, it seems to do the trick.

All I need is to figure out how to maintain multiple file uplaods, without compromising security.

[DivaVocals]

I'm quite happy with the iFrame though, it seems to do the trick.

All I need is to figure out how to maintain multiple file uplaods, without compromising security.

The iframe can be troublesome for forms and interactive content.. and will most definitely compromise security.. (No SSL for forms sitting inside an iframe) Your choice.. Just a suggestion..

[limelites]

even though I used https:// when adding the page URL inside the frame?

[dw08gm]

My next question is now in line with the last few posts in this thread. How on earth do we prevent users from uploading .exe and .php malicious files?

If you limit the file types to .jp*g, *.png, *.txt, *.rtf and *.pdf, you should have no problem.

See post #179 for where to put this.

Basically, I created a new page based on this band signup mod, to which I added the Upload Point code. No iFrame required.

If you want your testimonials page to automatically create itself from user inputs, I think you are in for a lot more work to maintain the appropriate controls..

[limelites]

If you limit the file types to .jp*g, *.png, *.txt, *.rtf and *.pdf, you should have no problem.

See post #179 for where to put this.

Basically, I created a new page based on this band signup mod, to which I added the Upload Point code. No iFrame required.

If you want your testimonials page to automatically create itself from user inputs, I think you are in for a lot more work to maintain the appropriate controls..

Thanks for the reply. I did install your mod for the band signup page, but the required fields were far more than I needed. I only need #name, #city, #email and #testimonial. So, I just popped it in an iframe which seems to work for me. I don't envisage loads and loads of testimonials and I do realise I'll need a large amount of manual work to actually publish each testimonial once I receive the files. Probably take about ten minutes each one.

I looked at post #179 again, but that means rolling back to version 1.61 and losing the multiple file upload functionality. I'd much rather maintain that.