inFORM v3


Upgrading Forms from inFORM v2

What's New in inFORM v3?

inFORM v3 is a complete redesign of v2 primarily to address security problems that have built up in the old version. This section describes the most obvious changes in the new version.

  • All control settings are stored in a database

    inFORM v2 expected to get all of its settings from input objects embedded in the HTML form. This is very insecure, as it is trivial for someone to make a duplicate of your form and change the settings. Spammmers love this sort of program because it gives them the ability to "mail forms" from our servers to anyone and everyone in the world.

    inFORM v3 stores all of the settings in a database. The form author has to use our WRAP-authenticated Admin program to change form settings. This way we know who is using inFORM, and we know that they are definately associated with NC State University.

  • Email address restrictions are changed

    inFORM v2 added restrictions on which domains were allowed to recieve email. This was done to try to prevent spammers from send forms to just anyone. It also made it very difficult for legitimate NCSU users to send mail to off-campus colleagues.

    inFORM v3 requires that you register all recipient email addresses in the database. But, you can register any address, you are not restricted to on-campus domains.

    Note that you must register specific addresses, and not wildcards. Thus, inFORM v3 does not support sending mail to arbitrary, user-specified addresses. If your form requires this, you should look into having a custom form handler written to work securely with your application.

  • Referring page tests are removed

    inFORM v2 recently added a check on the referring page URL, to make sure that the form was submitted from an NCSU webserver. Unfortunately, this information is not always passed by some browsers, and thus legitimate submissions are often refused. In addition, the referrer information is easily spoofed, and is not a reliable check for NCSU affiliation.

    inFORM v3 does not check the referring URL.

  • New template files

    inFORM v2 contains quite a few input objects that let you control the colors and labels on the results page. This allows very little customization with a lot of variables.

    inFORM v3 introduces the ability to provide an HTML template page for the results. You can customize the page in any way available to you through the HTML language. inFORM will even insert a table of the submitted data in the location that you designate.

Converting Your Forms

Briefly, these are the steps that you need to take to convert your form from v2 to v3:

  1. Make a new copy of the form file
  2. Find all of the inform_* input object settings in the original form
  3. Register those settings as a new form in the inFORM v3 Admin program
  4. Remove the inform_* input objects that are no longer used (most of them)
  5. Add a hidden input tag for the inform_formid
  6. Change the action URL in the form tag
  7. Test the new page

Please review the Getting Started Guide if you are not familiar with how to use the Admin program to register your forms.

Input Object Conversion Guide

The remainder of this document describes how the inFORM v2 setting objects are translated into the inFORM v3 database settings. Each old input object is listed along with a link describing the corresponding new setting name.

  • inform_save_to == Save to Email and Save File Format

    v2 made you choose one save mode: email, files, or survey. v3 lets you turn email and file mode on independently.

  • inform_copy_to_email == Save to Email

  • inform_subject == Mail Subject

  • inform_file_directory == Save Directory

  • inform_file_name == File Name

  • inform_subdir == removed

    This option was little more than an extra directory in the save path, so it was removed.

  • inform_survey == File Name

    v3 does not use a separate setting for the survey filename.

  • inform_survey_unique_user == One Reply per User

  • inform_insert_date == Add Time Stamp

  • inform_allowed_user_file == Allowed User File

  • inform_userid == inform_userid
  • inform_email == inform_email
  • inform_realname == inform_realname

    These tags are still used in v3 forms.

  • inform_unity_userid == Owner

    This is set for you when you register your form.

  • inform_recipient == Allowed Recipients and inform_recipient

    This object works a little differently under v3. You can still specify the recipient email address in your form, but if you do, the address must also be listed in the Allowed Recipients list.

  • inform_recipient_name == removed

    This option is not used in v3.

  • inform_required == Required Tags

  • inform_missing_fields_redirect == Missing Fields Page

    This can be a URL or template under v3.

  • inform_redirect == Thank You Page

    This can be a URL or template under v3.

  • inform_bgcolor,
  • inform_background,
  • inform_text_color,
  • inform_link_color,
  • inform_vlink_color,
  • inform_alink_color,
  • inform_title,
  • inform_return_link_url,
  • inform_return_link_title == Thank You Page

    All of these page customization objects were removed. If you want to customize the Thank You page, you should create a template.

  • inform_print_blank_fields == Show Empty Responses

  • inform_print_config == Saved inFORM Tags

  • inform_env_report == Saved Environment Variables



inFORM v3 is a product of NC State University's Information Technology Division.
To report problems, please contact webmaster@ncsu.edu.

Last Update: $Date: 2008/01/07 17:44:18 $