Email form issues with security and sending email
Development and Programming
I am running EE 3.5.16 and have the following form:
{exp:email:contact_form
user_recipients="no"
recipients="[email protected]"
replyto="yes"
return="https://mysite.us/"
charset="utf-8"}
<!-- <input type="hidden" name="from" value="" />
<input type="hidden" name="subject" value="Email Contact" /> -->
<label for="from">Your Email:
<input {if logged_in}type="hidden" value="{member_email}"{/if} {if logged_out} type="text" value=""{/if} id="from" name="from" /></label>
<label for="subject">Subject:
<input type="text" id="subject" name="subject" size="40" value="" /></label>
<label for="message">Comments:
<textarea id="message" name="message" rows="18" cols="40"></textarea></label>
<div class="clearer"></div>
{exp:honee class="beez"}
<input class="submit" name="submit" type='submit' value='Submit' />
{/exp:email:contact_form}I am having two issues with this form:
The padlock is missing from the browser because the action in the form is showing http instead of https. In addition to the return I’ve added, I checked the URL and Path settings for the site and it is https:, so I am not sure where the http is coming from.
The other issue is that the form does not send an email.
Any insights on either or both of these issues will be greatly appreciated.
- Are you using any dynamic config (Master Config, etc.)? The rendered form action comes directly from the site’s configuration, so on the front end, it appears to be picking up a different setting than what you see in the Control Panel.
- My guess would be that you are forcing https (a good thing) but since you’re submitting to an http URL, your mechanism for forcing/redirecting to SSL is dropping POST data, so nothing is actually being submitted. Fixing #1 will likely fix #2, in other words.
Hi Derek,
Well done. You are correct. https is forced in the htaccess file. But I get a security warning in the browser because the form action point to http://
I’ve checked the URL settings and they are set to https://
What do you recommend for a solution?
Thank you!
Forrest
Are you using dynamic config? That http address has to be coming from somewhere, perhaps an old setting that hasn’t been updated, or is being detected and set incorrectly in your config file?
I am not aware if I am using a dynamic config.
This is one site of a MSM configuration. How would I determine if this were dynamic configuration?
You’d need to look at your config file and see if it has anything that’s not part of the native config. Since it’s MSM, you would also want to check the assign_to_config section of this site’s index.php file. If you aren’t sure how to do either of those things, we could help in support directly (and privately).
A quick gut-check would be on this template, just above your form, add:
<h1>{site_url}</h1>Which would confirm what your URL setting is for your site’s front end.
Ok. I am making progress. In the site index.php file $assign_to_config[‘site_url’] = ‘https://hobblecreek.us’; was set to http://.
I corrected that but the form still does not send.
It looks like your form action has /index for some reason. In addition to checking your site’s URL setting, make sure the Site’s Index Page is empty since you are removing index.php from your URLs. When accessing the URL in your form action, Redirect Checker is showing that it does a 301 redirect, so it’s probably dropping POST.
Thank you for your help. I’ll work through these last details and hopefully get it resolved. I’ll post here to close the loop.
No problem, happy to help.