contact form returning error

27 replies · opened Aug 16, 2021

CChrisMabAug 16, 2021

Hi,
my contact form sends me on a page with the following infos:

{ "alert": "error", "message": "Captcha not validated! Please try again!" }

Seems to print echo from form.php:174

I put my email und secret v3 key in php. ReCaptcha works on button press. I have set server php version to v8.0.7. Any guesses?

This is the page: www.evotec-solutions.ch

SSemicolon WebSTAFFAug 17, 2021

Hello,

We have checked out your Codes and you appear to be using Custom Codes in order to integrate the reCaptcha API v3 codes. Please consider using the codes provided in the contact-recaptcha-v3.html Template in the Package/HTML Folder and this should definitely work fine.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 17, 2021

Now with the template code it says "captcha not validated. Please try again"

SSemicolon WebSTAFFAug 17, 2021

Hello,

We have checked out your Codes and the issue could be due to Multiple reCaptchas being loaded on the Page. Please make sure that you only have one instance of reCaptcha added on the Page. This should fix the issue. But if this doesn't, please provide us with your FTP Details and we will try checking this out for you. Thanks for your Patience.

Meanwhile, do let us know if we can help you with anything else or if you find any further issues with Canvas.

CChrisMabAug 18, 2021

I'm really sorry I mixed up the v3 key with the enterprise one. No error message but loader stays in loop now. No e-mail is sent or recieved.

I have set server php version to v8.0.7 but still throws errors in console:

POSThttps://evotec-solutions.ch/include/form.php
[HTTP/2 500 Internal Server Error 133ms]

POST

scheme
https
host
evotec-solutions.ch
filename
/include/form.php
Adresse
94.231.94.114:443
Status500
Internal Server Error
VersionHTTP/2
Übertragen1.53 KB (0 B Größe)
Referrer Policystrict-origin-when-cross-origin

content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 18 Aug 2021 07:53:41 GMT
server
nginx
X-Firefox-Spdy
h2
x-powered-by
PHP/8.0.7

Accept
application/json, text/javascript, /; q=0.01
Accept-Encoding
gzip, deflate, br
Accept-Language
de,en-US;q=0.7,en;q=0.3
Connection
keep-alive
Content-Length
790
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
DNT
1
Host
evotec-solutions.ch
Origin
https://evotec-solutions.ch
Referer
https://evotec-solutions.ch/
Sec-Fetch-Dest
empty
Sec-Fetch-Mode
cors
Sec-Fetch-Site
same-origin
TE
trailers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

X-Requested-With
	XMLHttpRequest

SSemicolon WebSTAFFAug 19, 2021

Hello,

Your Form File: include/form.php is returning a 500 Internal Server Error which is an indication that this is a Server Configuration issue.

Please consider adding the .customjs Class to the .form-widget DIV and then following code at the very top of your include/form.php File after the opening php tags:
[ch_pre type="php"]error_reporting(E_ALL);[/ch_pre]

which should display all the possible errors. Please notify us about the Error Message you see, after going through the process above, so that we can provide you with more assistance on this. Thanks for your Patience.

Meanwhile, do let us know if we can help you with anything else or if you find any further issues with Canvas.

CChrisMabAug 19, 2021

No messages displayed at all. Just loads a blank white page.

SSemicolon WebSTAFFAug 19, 2021

Hello,

It would be great if you can please provide us with FTP Access so that we can look into this for you and fix it asap. Thanks for your Patience.

Meanwhile, do let us know if we can help you with anything else or if you find any further issues with Canvas.

CChrisMabAug 19, 2021

account: ftpcanvas
pw: tUZMU7J7YAKaFfb@
IP: 94.231.94.114, 2a00:41c0:94:231:94::114

SSemicolon WebSTAFFAug 19, 2021

Hello,

We have checked out your File and the issue is that your Server doesn't support PHP mail() function which is why it is throwing errors. Please consider using SMTP to send out your Emails. Consider following these setup instructions: http://docs.semicolonweb.com/docs/forms/form-setup/#docs-snippet-php .

This should definitely fix the issue. Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 19, 2021

Server provider says that obviously they support PHP mailing. So what else could be the issue? SMTP is not really preferred for us.

SSemicolon WebSTAFFAug 19, 2021

Hello,

The issue is with the escapeshellcmd() being disabled on your Servers which is used when using PHP mail() function. The only solution (depending on if your Hosting Provider changes the setting) is to use SMTP. Please check this thread: https://github.com/PHPMailer/PHPMailer/issues/966 .

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 19, 2021

Does it have to do which execution is used? I have following possibilities:

FastCGI Apache
FPM Apache
FPM nginx

I also wanted to ask which one is more secure; only PHP or with SMTP?

And is there a prevention in your template to not beeing able to smuggle in malicious code into the php from the contact form?

SSemicolon WebSTAFFAug 19, 2021

Hello,

All these work fine. SMTP is highly secure and more reliable than PHP mail() because it has more chances of email delivery. We use PHPMailer which is the most popular Web Mailer and used by WordPress itself which powers 40% of the web, so it is safe to say that it is very secure. We recommend you to try using SMTP first and see if you are happy with it.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 19, 2021

And is there a prevention in your template to not beeing able to smuggle in malicious code into the php from the contact form?

Wouldn't be nice if setting up SMTP and someone could extract all passwords and logins.

SSemicolon WebSTAFFAug 19, 2021

Yes, the PHPMailer will automatically filter it. Image attached with the List of features.

For any further secure filters and hardening, you will need to do them manually.

We use SMTP Login on Our Live Previews and we have never experienced this issue as of now. Rest depends on your Server's Security Configurations.

CChrisMabAug 19, 2021

It would need to have the filter in the form.php as it is the one recieving inputs from the contact form. If you send the contact form with a execution closing, you then can write code that gets executed on the PHP to extract the infos of it. That's why normally it's not allowed to write something in contact forms that could be read by the PHP as code. You have a prevention of that?

CChrisMabAug 19, 2021

btw thanks for the great support!

SSemicolon WebSTAFFAug 19, 2021

Hello,

Very Happy to Help! :)

Okay, we checked this out and while the Executable Codes in the Input will not work for Emails and is secure. But if you would still like to add the Extra Protection, you can simply find the following code in the include/form.php File:
[ch_pre type="php"]$fields[$name] = nl2br( $value );[/ch_pre]

and replace it with:
[ch_pre type="php"]$fields[$name] = nl2br( filter_var( $value, FILTER_SANITIZE_SPECIAL_CHARS ) );[/ch_pre]

This will encode the special characters in the Inputs and will simply print it in the Response sent to your email.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 19, 2021

That's the line I had in mind! Thanks :D

At the moment when sending contact form it times out. Log error:

[Thu Aug 19 19:08:06.949588 2021] [proxy_fcgi:error] [pid 71837:tid 140642982254336] (70007)The timeout specified has expired: [client 188.60.221.52:40646] AH01075: Error dispatching request to : (polling), referer: https://evotec-solutions.ch/

got this in php:

$mail->IsSMTP();
$mail->Host = "webmail.evotec-solutions.ch";
$mail->SMTPDebug = 0;
$mail->SMTPAuth = true;
$mail->Port = 465;
$mail->Username = "info@evotec-solutions.ch";
$mail->Password = "HereIsMySecretPassword";

Maybe my hosting provider has changed the port. Waiting for his reply.

CChrisMabAug 20, 2021

Nope. Port is unchanged from default. So it should be correct. Any other suggestions? Thanks in advance!

SSemicolon WebSTAFFAug 20, 2021

Hello,

Thanks for your Patience.

Unfortunately, this is a Server related issue as the Codes work fine. You can consider using Gmail SMTP.

Let us know if we can help you with anything else or if you find any further issues.

CChrisMabAug 20, 2021

On other server provider it also doesn't work.

CChrisMabAug 20, 2021

I'll give you the FTP login again:

CChrisMabAug 20, 2021

account: ftpcanvas
pw: 8R7ipBcjbwXnTsh@
IP: 94.231.94.114

SSemicolon WebSTAFFAug 20, 2021

Hello,

We have checked this out again and this is 100% a configuration error with your Hosting Provider. We are getting SMTP Connect() failed message when using our Gmail and there are some troubleshooting guides available here: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#smtp-error-could-not-connect-to-smtp-host .

This is something we cannot control. This usually happens only on a few hosts where they either block PHPMailer or there is a misconfiguration error in their Server Configuration. Only your Web Hosting Provider can help you out with this as the issue is not with Canvas.

Additionally, your reCaptcha was not validating so we disabled the Line of Code attached in the reply. Please make sure that your Customization do not affect the default functionality as we currently do not provide Customization related support.

Thanks for Understanding.

Meanwhile, do let us know if we can help you with anything else or if you find any further issues with Canvas.

CChrisMabAug 21, 2021

For future requests to the same problem I had I let you know what the issue was.

This line was missing in php:

$mail->SMTPSecure = "ssl";

Have a nice day.

SSemicolon WebSTAFFAug 21, 2021

Hello,

Glad that the issue was resolved! Thanks so much for sharing your solution with you.

The Default Settings provided did not require for explicit declaration of ssl. But we will definitely keep this mind for future requests.

Let us know if we can help you with anything else or if you find any further issues.

Have the same question, or something new?

Sign in to the Canvas dashboard to reply or open your own topic. Canvas owners get direct help from the SemiColonWeb team.

Reply on the dashboard