Page 1 of 1

Trick: Save form data into a server file.

PostPosted: Mon Feb 15, 2016 1:37 pm
by luishp
It is quite easy to save the data submited from a NAB form to a server located file using PHP.
Just copy this code into a plain text editor and save it as "savedata.php", then upload it to your webserver:

Code: Select all
<?php
//Header required when app and php are of different origins
header("Access-Control-Allow-Origin: *");
$message="";
if($_SERVER["REQUEST_METHOD"] === "POST") {
   foreach ($_POST as $key => $value){
      $message .= "".htmlspecialchars($key).": ".htmlspecialchars($value)."\r\n";
   }
   $message = $message."\r\n";
   $file = 'file.txt';
   $data = $message;
   file_put_contents($file, $data, FILE_APPEND | LOCK_EX);
}else{
   $result = "INVALID DATA";
   echo $result;
}
echo "SUCCESSFULLY SAVED";
?>

On Form properties replace the "action" one with:

Code: Select all
http://yourdomain.com/yourfolder/savedata.php

You can use the FormSubmitToFile sample App to test it.
Data will be appended into "file.txt" located on your server, same folder as "savedata.php".

Regards.

Re: Trick: Save form data into a server file.

PostPosted: Mon Feb 15, 2016 8:08 pm
by Neosoft Support
Could something like this be used by hackers to fill up your server with junk files?

Re: Trick: Save form data into a server file.

PostPosted: Tue Feb 16, 2016 12:45 am
by luishp
Yes, it is possible as it is right now (at least junk data, not junk files).
To avoid this you can:
-Remove the header to disalow cross domain data sending (you should host your app and php file both in the same server).
-Use some kind of captcha (an idea for a new plugin)
-Use password protection to access your form (as soon as we can add php code to NAB plugins, I plan to develop some plugins for this too).

In any case, server side programming should be always carefully thought.
This code is for educational porpouses only.
Use it at your own risk.
Regards.