Version 2.0 Enhancements List

This page list the enhancements (so far) in Version 2.0 (V2.0) of Huggins' Email Form Script.

Version 2.0 has not yet been released. The full release is currently scheduled for release 01.Apr.2007. To download the latest Pre-Release, go here.

To keep in touch with progress please subscribe to the HEFS Bulletin .

To suggest new enhancements or to identify bugs, please email me.

Enhancement Approach: Backward Compatibility

This goal of this enhancement has been to permit the new script to be implemented without any changes being required to any form which was implemented the prior version. While the use of new features will require some changes, the changes were designed to maintain "backward compatibility".

There is one exception to this, however. The use of asterisks within hidden fields to indicate a space has been replaced with the use of a tilde ("~"). This change is not believed to impact most users.

Enhancement Focus

The Version 2.0 enhancement has focused on the following areas:

• Field validation and error reporting
  Implementing an error checking and reporting infrastructure and providing a number of important validation checks
   
• Spambot prevention
  Stopping spambots from using the form/script to send spam
   
• Simplifying use of the script
  Enabling minimal use of the script with only one control field; enabling functional use with only two.
   
• Formatting of outgoing emails
  Increasing the formatting options for the separation of the field labels and the field values

Error Checking and Reporting Infrastructure

This enhancement provides the underlying infrastructure to support error checking by the script.

For Form User errors (those resulting from incorrect input by the Form User) error checking continues until all possible errors are found, reporting the maximum number of errors at one time. Then it outputs a new page with the errors, allowing the user to click the back button to correct them and resubmit.

Configuration errors (as opposed to Form User errors) terminate after the first error is found and note that correcting input will not resolve the problem.

The script also provides the ability to make small customizations to the error page, including two headings, a line before the errors (opening line), a line after the errors (closing line) and the “title” of the window displaying the errors.

NB: There is no current plan to try to integrate the error messages onto the form page.

Configuration Error Checking

While the Form Page can be easily configured for simple functionality, advanced functionality requires the use of more and more Hidden Value Parameters, some of which are complex.

This enhancement checks, to the maximum extent possible, errors in configuration. The objective is to assist the designer with setting up the parameters necessary for the script to function.

For example, if a parameter references another field on the form, the script checks to be sure that field exists. If a parameter requires a specific number of sub-parameters, the script checks to be sure that number was specified.

Spambot Prevention: CAPTCHA-Like Validation Test

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".

This change will not implement true CAPTCHA. What it will do is allow you to ask a simple question on the form (e.g., "What color is the sky?", or "Summer isn't cold. What is it?" or "What is the 'opposite' of black?", allow the answer and check for the answer. It is not sophisticated. But it is more than "nothing".

The script will provide an error if the right value is not supplied.

The term CAPTCHA is a trademark of Carnegie Mellon University. For more on CAPTCHA, see www.captcha.net and en.wikipedia.org/wiki/Captcha

Spambot Prevention: Blank Required Spam Trap

This enhancement allows the form designer to put a field on a form that a person will not see, but a spambot will. For example, one trick is to use CSS to locate this field "off the visible screen" (e.g., <div style="position:absolute; top: -9000px; left:-9000px;">) so a person won't see it but a spambot will. This field is named to lure a spambot to populate the field (e.g., e-mail). The script then checks this field to see if the field is blank. If it is not blank, it is probably a spambot.

Spambot Prevention: Field Maximum Size Checks

When a web designer lays out the form, s/he will specify the maximum size of each field. The HTML will prevent the user from exceeding that size. But when a spambot attempts to hijack the form, it can send more data. This check looks for fields which exceed their maximum size, probably indicating a spambot.

Spambot Prevention: Overriding Field Size Checks

In addition, a facility is provided to specify a field as size zero, indicating that a field maximum size check should not be performed.

Spambot Prevention: Injection Exploit Checks

Removes email code which has been "injected" into the form to hijack the form for spambot use.

For example, remove "BCC:" and "CC:" to prevent spambot use of the form to send spam email to other people.

Spambot Prevention: Remove HTML Markup and Code

Removes additional HTML markup and code to help prevent spambot use.

Email Validation

Validate that the "email field" contains an address that "looks like" a valid email. That is, that it complies with the rules for construction of a valid email address.

Validate that the domain name specified in the "email field" is (a) active and (b) is configured with MX records for email.

Required Fields

Allow a field to be defined as "required" and indicate an error if the field is omitted.

For Pull Down Lists, Requiring a Selection

Some pull-down lists place an "instruction" in the first value. These the form designer would like to require that a value other than the instruction selection be chosen. This edit requires that.

Field Pair Comparisons

Field pairs can be specified (e.g., an email address and a second field to retype the email address). The script will confirm that the same info is entered into each field.

Field Minimum Size Checks

A web designer may wish to require a minimum number of characters for a field. This check ensures that at least that many characters have been entered in the field.

Overriding Field Minimum Size Checks

In addition, a facility is provided to specify a field as minimum size zero, indicating that a minimum size check should not be performed.

Text Field - Character Edits

Allow the form designer to specify which specific characters are permitted in a text field. Values can be (a) letters, (b) numerals/digits, (c) spaces, (d) a specific list of characters. Multiple values can be specified. For example, letters, numerals, spaces and the special characters "(" and ")" could all be specified for one field.

Text Field - Integer Edits

Require that the input to the text field be an integer (positive or negative), and require that it be within a specific range.

Text Field - Numeric Edits

Require that the input to the text field be a number (positive or negative), and require that it be within a specific range.

Text Field - Acceptable Value Edits

Require that the input to the text field be equal to one of a specified list of acceptable values.

Text Field - Prohibited Value Edits

Require that the input to the text field not be equal to any one of a specified list of prohibited values.

Omitting Fields in the Email

In the prior version, the form designer could specify to omit reporting of checkbox fields which were not checked. This enhancement extends this to omit reporting of text fields which are not checked.

Automatic Identification of All Fields

In the prior version, the form designer had to specify the fields to be reported in the email. This enhancement automatically identifies all fields in the form and allows all fields to be reported without listing them. This permits, for example, for a form to be created and an email sent, using only one control field: the email address to receive the email.

Increased the Number of Default Values

This enhancement provides default values for the From Address, Subject, Top Text and Bottom Text of the emails. This allows a form to be created and an email sent, using only one control field: the email address to receive the email.

Simplified Use

The prior version required several control fields in order to process any form. This enhancement builds on the automatic identification of all fields, and the default values of field to allow a form to be created and an email sent, using only one control field: the email address to receive the email.

Processing First and Last Names

The script identifies the Name field for use in addressing the Echo Message and for use in setting the From Address of emails sent to the web owner. This enhancement allows for multiple name fields (e.g., first, middle, last) to be used and to concatenate the names when creating these addresses. Previously if a First Name and a Last Name were entered, with the Email Address, the email would be sent to either:

John <JohnDoe@wherever.com> or
Doe <JohnDoe@wherever.com>

Now it can be sent to

John Doe <JohnDoe@wherever.com>

Excluding Fields

A new enhancement allows the exclusion of fields from processing. For example, if MSG1 reports a set of fields and MSG2 should report all of those except one or two, then an asterisk ("*") can be used in the MSG2FieldNameLabelList to tell the script to process MSG2 like MSG1, but an exclude list can be specified to cause MSG2 to exclude some of the fields that MSG1 processed and reported.

Backslash Removal

Cleans up the input from the form. When certain special characters are typed into the form field (e.g., quotation marks and apostrophes) the form may precede these characters with a backslash. This removes these backslashes to clean up the form data.

Email Formatting

In the emails in prior versions, the separator between the "label" and the "value" is a colon (":") and a space.

For example,

Name: John Jones
Email Address: JohnJones@Wherever.com

Some people want a dash.

Name - John Jones
Email Address - JohnJones@Wherever.com

Some want multiple spaces.

Name John Jones
Email Address JohnJones@Wherever.com

Some people want to put the description on the next line like this:

Email Address
JohnJones@Wherever.com

Name
John Jones

This enhancement provides those options.

Allowing the Form User to Specify the Subject

Some testers want to be able to place a field on the form for the Form User to specify the email subject.

This enhancement provides this option.

Allowing the Form User to Choose from a List of Addressees

In one of my online forums, R. Spencer Darling wrote:

Had a situation this week where we used James S. Huggins' email form, latest edition, for a client's Web site. Client then decided they needed a drop-down list of recipients to select from. Attempts to code it without James's background / expertise failed. Perhaps others also might find this alternate feature valuable.

This enhancement provides this option.

Allowing the Use of a Vertical Bar ("|") in Place of a Comma

It was suggested to allow a Vertical Bar ("|") in place of a comma.

 This would permit “clustering” groups of sub-parameters in fields such as MsgxAddressesAndSubjectsDropDown, FormFieldNameEditList, MsgxAddrList and others.

This software is licensed under the CC-GNU GPL.

More Pages About Huggins' Email Form Script

Huggins' Email Form Script: I created the Huggins' Email Form Script to provide an easy to use but highly flexible script to process email forms while protecting email addresses. It is free to use with extensive documentation. ««»»

Huggins' Email Form Script, Version 2 Enhancements: Enhancements which were developed for Version 2 of the script. ««»»

Huggins' Email Form Script Testimonials: Testimonials sent to me from script users. ««»»

Huggins' EMail Form Script Acknowledgements: My acknowledgements to others for their assistance with development and deployment of the script. ««»»

More Pages About HEFS Bulletin

HEFS Bulletin: Bugs, Fixes and Enhancements: I have set up the HEFS Bulletin to provide future notices of changes to the Huggins' Email Form Script. Please sign up for this ezine. This ezine will be used only to provide information on this script. And it is the only way I have to let you know of bugs, fixes and enhancements.  ««»»

History of Changes to HEFS Bulletin: Describes the history of HEFS Bulletin, with emphasis on the technical changes I've made since starting it, including moving to Gammadyne, adding double-opt-in and complying with CAN-SPAM.  ««»»

HEFS Bulletin Privacy Policy: The short version of my privacy policy for my HEFS Bulletin ezine. It explains that I do not spam. Period. And, I do not sell, lend or release your subscription information to anyone for any reason.  ««»»

A Tutorial: Creating HTML Email Forms

The reference manual available for this script (see above) assumes that the user is familiar with the basics of Web Forms.

For those users looking for instruction in the creation of Web Forms, particularly Email Forms such as those processed by Huggins' Email Form Script, there is an ebook tutorial: Creating HTML Email Forms.

The tutorial is available in two ways:

• It can be purchased for $10.00 from this page on my site:
  Creating HTML Email Forms
   
• It is offered free to students in Cricket's Tech Training Class as part of the support of the online class. For more information go here.

Last updated:
18:17, Thu, 27.Mar.2008