Couple of FP Form questions:

[CLF]

Hi All,

Couple of (hopefully easy for our FP experts) questions regarding a form
have. URL is berninafourcorners.com/goto classes and then click on
class registration.

I have the results of this form going to a .csv file in the _private
dir. This seems to work just fine w/one exception. I added three
fields for credit card info:
ccnumber
ccsecnumber
ccexpdate
I confirmed these do show up in the form properties options "fields to
save" box. But, unlike the rest of my fields, they do not show up when
I view the .csv file via my hosts filemanager CP applet. I can't see
how these fields are any different than the ones that get saved. Any
ideas on why they're not being included?

Second question:
I've set most of the fields on this same form to be required via the
validation option for the respective form field properties. However, FP
seems all too happy to allow users to submit the form w/blank or
incomplete fields. Is this "by design" and I just mis-understand
validation or is there more to it? If you like to test, please indicate
testing somewhere in your form submission.

TIA...

 

[Thomas A. Rowe]

You have to go to form properties | options | saved fields and make sure they are listed.

FYI:

1. Storing the credit card info on your site in this manner is a very insecure method of handling
credit card info.

2. Going into SSL mode generates the following warning to users:
"This certificate cannot be verified up to a trusted certification authority."
So it appears the server Admin created the Cert themselves.

3. You have links pointing back to your HD, which indicated you didn't have a site open when working
on the page or you didn't import the images into your web first.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

 

[CLF]

Hi Thomas,

Thanks for the reply. I did confirm the fields were included in the
saved fields option, as you can see here.
fname
lname
acode
phprefix
phsuffix
email
staddress
city
state
zip
firstclass
secondclass
thirdclass
fourthclass
machine_yes
machine_no
cctype
ccnumber
ccsecnumber
ccexpdate
B1

As for the cc info, it is stored in the .csv file in the _private
directory. I do not provide this info in the form confirmation page
that is returned upon form submission. Is the _private dir not secure
enough?

The certificate is the hosts certificate; is that less secure than if my
client buys her own certificate?

As for the images, are there any that are not showing up when you browse
the site? I've not had any complaints of missing images.

 

[Thomas A. Rowe]

See inline below...

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

Hi Thomas,

Thanks for the reply. I did confirm the fields were included in the saved fields option, as you
can see here.

Try clearing them and/or delete the .csv file and let FP recreate it.

fname
lname
acode
phprefix
phsuffix
email
staddress
city
state
zip
firstclass
secondclass
thirdclass
fourthclass
machine_yes
machine_no
cctype
ccnumber
ccsecnumber
ccexpdate
B1

As for the cc info, it is stored in the .csv file in the _private directory. I do not provide
this info in the form confirmation page that is returned upon form submission. Is the _private
dir not secure enough?

Not if some is able to hack into to your site. This should be stored in a database that is outside
of the web root if the it must be stored. The safest method is to do real-time credit card
processing where there is no need to see or store the CC info.

The certificate is the hosts certificate; is that less secure than if my client buys her own
certificate?

No, but it doesn't validation to the customer who they are really purchasing from, and in this case
it appears the host has created this themselves, so you can't even trust who they are.

 

[CLF]

Hi Thomas,

Thanks for your help. I appreciate your suggestions and will give them
a shot. I'll report back here w/the results.

As for the cert issue, I'll have to talk to my client about getting her
own cert. The host is ICDSoft and they've been a pretty good host to
deal with as far as support goes and my client has not reported any
problems with them.

 

[CLF]

Hi Thomas,

Deleting the fields and re-adding them appears to have solved the
problem. Regarding the second question about form validation, I still
don't have a good understanding of why the form submits even though some
of the fields I've marked as required aren't completed.