TDO Mini Forms Error Log

The only important error in that log is this one:

`”array (
‘tdomf_key_1’ => false,
)”`

This will stop posts from being submitted. There is a long thread on my support forums for the plugin about it here.

I believe this problem comes down to your host’s configuration. Make sure register_globals is turned off and session.auto_start is turned on (and possibly session.bug_compat_42 is turned off). If this works for you, please tell me. Thanks.

Hi the_dead_one,

Thanks heaps for the quick response ??

I have register_globals turned off.

I looked into the session.auto_start issue and was slightly concerned by the security vulnerabilities (mentioned in the page linked from the last post of your forum thread).

However, I do like the TDOMF facility and would like to use it (rather than making all my members “contributors”), so I may try it, but – before I do so – the thing that most confuses me (which I should have mentioned before) is that I have had 2 members use the form successfully and – although they both had problems the first few times they tried – they are both adding posts without any problems at all (which makes me think it should be possible for all users) so I’m wondering how that could happen…
Could it be associated with the login?
Could it be the “preview” function which either helps or hinders their ability to use it?
Is it associated with cookies (on/off)?

If I can find out then – presumably – I can take the necessary action without worrying about site security.

If you have any further thoughts I’d be glad to hear them, otherwise I will contact these 2 users and see if they remember anything which might shed some light on the situation (in which case I will – of course – let you know).

Thanks again for your help,

ClickyB

Hi ClickyB, all that really depends on how you’ve configured your form and with what widgets.

BTW What security vunerablity? Enabling register_globals is bad and prevents TDOMF from working. There is a “caution” message about not having session.auto-start turned on.

The error about session key should not be affected by the users being logged in or not or the use of cookies… by any chance, are you using some sort of caching plugin like wp-cache or wp-super-cache?

Hi TDO,

No I don’t use any cache plugins.

On that linked doc’ under “Sessions and security” it says:
There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site’s referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users.

That was the part that worried me!

ClickyB, try the latest version v0.10.4 (which I just uploaded). In v0.10.3 (the previous version) I implemented an alternative to using sessions which you can enable via the options. v0.10.4 is a bug fix release for v0.10.3.