Tag Archives: forms

Gravity Forms

Sep 8, 2009 by Matt | Posted in WordPress No Comments

Gravity Forms

There has been a lot of talk about a new WordPress plugin called Gravity Forms lately. It’s one of the first major premium WordPress plugins, costing $39 for a single-site license and $99 for multi-site.

What does it do? It’s a bit like the ever-popular cForms plugin, but with a lot more polish, and plenty more features. The interface is a breeze to use, letting you create new forms with ease. You just click a button to add a new form field, then you can adjust it live in the form preview.

Continue reading →

Securing PHP Web Forms

May 24, 2009 by Matt | Posted in Coding No Comments

Chris Coyier has written an interesting article on securing form scripts. Serious Form Security talks about token matching, hack logging, and a few other useful techniques to apply to a form processing script. Token matching is definitely a trick worth learning, since it will do a lot to stop bots from submitting data through your form.

The first thing that we are going to do is generate a “token”, essentially a secret code. This token is going to be part of our “session”, meaning it is stored server side. This token also is going to be applied as a hidden input on the form itself when it is first generated in the browser. That means this token exists both on the client side and the server side and we can match them when the form gets submitted and make sure they are the same.

One of the best (worst?) ways to spam forms is to create a script that uses cURL to send POST requests to the URL listed in the form’s action attribute, with some spammy data in the POST fields. (Or malicious data intended to break your script…) By having a pseudo-random token generated like the article describes, it makes things a lot harder. cURL, whether from a command line or an automated script, isn’t going to be able to store the session data and send the token along with the form.

Simplify Your Search?

Jan 8, 2008 by Matt | Posted in Design No Comments

Here’s something interesting to think about: Should you simplify the design of your search fields? Looking at various sites, like IMDB and Amazon, I’ve noticed that a lot of sites feature drop-down boxes allowing you to pick what areas of the site to search (in the case of Amazon, Books, DVD, Electronics, etc). Here are a couple of examples:

Then there are sites that move this feature to an “Advanced Search” page.

There are two arguments about this:

  1. It makes it easier to find things by offering more power up front.
  2. It confuses people to have too many options.

I kind of like having the extra functionality within reach when I’m searching, but that doesn’t mean everyone else does. However, I absolutely cannot stand sites that force you to make a selection, rather than having an “all” option. It’s not like it’s difficult to create a search system that can look in all areas at once.

What do you think? Is it better to have the dropdown, or not? Why? Of course it really depends on the website, and the audience.