715 posts
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
  • Located in Belgium
+1 more
Hy-Studio says

Hello!

I’m about to finish a Wordpress template for a friend of mine, but I’m a bit stuck with the contact form.

I’m using the Script of our friend Drew (^^) but it seems not to work in the way I want to.

I’ve put the contact script in the template directory linked the location of the jQuery script in the header of the page.

When I executed the script by completing the form etc I get the nice ‘Loading …’ text, but it doesn’t goes any further. On my TF template it works, first you get the preloader then the message that the mail has been sent.

The strange thing is, when I copy the jQuery code directly in the header and add the bloginfo(‘template_directory’);, it works, like this:

$(function(){ $(’#submit’).click(function(){ var input_name = $(’#name’).val(), input_email = $(’#email’).val(), input_subject = $(’#subject’).val(), input_message = $(’#message’).val(), response_text = $(’#response’); response_text.hide(); $(’.reply, .contactForm’).hide(); response_text.html(‘Loading…’).animate({“opacity”: “show”}, {“duration”: “500”}); $.post(’<?php bloginfo(‘template_directory’); ?>/contactform/contact-send.php’, {name: input_name, email: input_email, subject: input_subject, message: input_message}, function(data){ response_text.html(data); }); return false; }); });

Okay it works, but I don’t like that this code is directly visible in the header part. Yeah you can see it to when you check the source code and go directly to the script.

Anyone knows how to fix this?

Thanks :)

374 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
+3 more
_rohan says

Why do you want to hide the code?

715 posts
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
  • Located in Belgium
+1 more
Hy-Studio says

I don’t find this very secure :(

374 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
+3 more
_rohan says
I don’t find this very secure :(

But why? Analysing it, if you used a regular form, the URL where you post would be in the action parameter of the form, and all input fields would be sent. This is the same, only via jQuery. So why is it unsecure?

2541 posts
  • Has referred 10+ members
  • Has sold $100+ on Envato Market
  • Has collected 50+ items on Envato Market
  • Located in United States
+9 more
CreatingDrew says
I don’t find this very secure :(

Why?

It simply sends the field values to the server side script for checking, which is where all the sanitizing and validation should be done. Someone could post whatever values they wanted to that script at anytime (they could even send a POST request from somewhere other than the browser), it’s up to the server side to validate any requests. That script/article was meant as an intro for beginners but shouldn’t have any huge security holes.

Edit – Double check your paths and log any responses from the server to the console to debug. Shoot me an email through my profile page if you still can’t get it to work after a bit and I’ll try to help in my freetime :)

715 posts
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
  • Located in Belgium
+1 more
Hy-Studio says

Well I’m a bit paranoid that’s it :D

I’ve moved the contact form to another location and now it works without having the source code directly in the header.

Thanks for the tip, great script ;)

by
by
by
by
by
by