Formulize and Anonymous Entries
I am using Formulize 3.12 for the first time and have created a form which will be primarily completed by anonymous users who are not required to log in.
Per the following paragraphs, this is not the primary purpose of the module.
However, it says there are workarounds.
Are there any known issues I will encounter?
What are the workarounds?
Thanks.
"About Anonymous Users: Formulize determines entry ownership based on a user's id number, and all Anonymous Users are viewed as "User Number 0". Therefore, "One entry per user" does not really work for anonymous users in most cases, since everyone who is not logged in will share the same entry, because they all share the same id number, 0.
Also, "More than one entry per user" will behave differently for Anonymous Users, since all the entries created by anyone who isn't logged in, will all belong to "user 0", so everyone who is not logged in, will be treated as the same person.
Formulize is designed primarily for use in a website with a strict set of usernames and groups of users, but there are ways around these issues, in some cases using the API. Post to the support forums for more information."
Comments
It's not quite such a problem in 3.12, depending....
Hello,
Thank you for your interest in Formulize. The situation with anonymous users is easier to deal with in 3.12, maybe, depending what you want to do.
It all boils down to your use case. There is basically only one setting that affects things here:
one-entry-per-user vs. more-than-one-entry-per-user
This setting controls whether people should only be able to fill in a form one time or not. A personal profile form would be a one-entry-per-user form. So would a conference registration form probably. Other forms would be more-than-one-entry-per-user, such as a form for entering evaluations, or for entering activity logs (but if each user is only allowed to enter on activity log, then maybe it should be one-entry-per-user). So it depends on your situation.
The catch here with anonymous users is that anonymous users are just that, anonymous. We don't know who they are. So in a one-entry-per-user form, we can't easily show them the entry they made the first time, when they come back to the form.
For one-entry-per-user forms, Formulize attempts to "cheat" by saving a cookie on the computer that records the ID number of the person's entry, so they can easily come back to the form again and see that entry. The cookie lasts a week. After one week, if a user comes to the form again, they will get a blank form I believe. You could test this by making an entry and then deleting the cookies and going to the form again, see what happens. Repeat that process a few times to simulate multiple anonymous users visiting your site over a period of time.
Of course, since this is a cookie-based approach, it's not fool proof, and it's really one entry per web browser, rather than per user. And it's a potential security risk depending what information is in the form. (If someone does this on a public library computer, and you're saving credit card info....but surly if you're doing anything like that, you're requiring people to login first.)
You get a different set of issues if you are making a more-than-one-entry-per-user form. In that kind of form, when a user visits the form page -- ie: modules/formulize/index.php?fid=3, that would be the page for form number 3 -- then they get a list of all their entries in the form, all the entries they have made.
The problem with anonymous users is that ownership is determined by their user ID, and anonymous users have no user ID. So they all own each other's entries.
So any anonymous user who goes to a more-than-one-entry-per-user form, will be able to see a list of all the entries that all anonymous users have made. Maybe that doesn't matter in your case, or maybe it does.
You can get around this by making specific list of entries screens that show exactly what you want people to see, instead of just relying on the default fid=X URLs. But that's obviously a bit more work.
I hope this explanation makes sense. If you can explain more about what your intended use case is, we can make some more specific suggestions about what will work for you.
--Julian
Re: DB issue
Hello,
We got an e-mail notification of a post that talked about a database error, but the post seems to have been erased? There was only a blank post in the forum, and no contents in it when we visited the thread.
Anyway, the error reported was "unknown column 'review_analyzers' in 'field list'"
That happens because formulize was trying to write information to a form element that didn't have a corresponding field in the database.
When you add elements to a form, Formulize attempts to make a field in the database for information to be stored when users submit the form. Formulize records the name of the field that each form element is associated with.
So when data is submitted, it constructs a database query to put the data into the database, based on the names of all the fields that it thinks the data should go into.
If there is a mismatch between what Formulize thinks the fields are, and what the actual database table is, then the query will fail. That appears to be what happened here.
This mismatch can happen because Formulize actually failed to create the database field when you added the element to the form. Or maybe someone manually fiddled with the database table in MySQL, which would certainly cause this kind of problem.
I would suggest, in general, that if you delete the field in question that is causing a problem, and then recreate it, and verify that the MySQL data table has the right field in it after you've created the element, that would probably be the best way to go here.
I hope this helps, let us know how it goes.
--Julian
Per your explanation, I need
Per your explanation, I need to select one entry per user.
In doing so, it is my understanding that other anonymous users will not be able to view someone else's entries?
I will test this out shortly.
My husband helped me resolve the other issue which was indeed a field issue.
Thanks for your time.
Yes, that's right
If your users are only interacting with the form itself, and do not ever interact with a list of entries in the form, then choosing one entry per user will mean that people only ever see the entry that has been created previously using that computer (thanks to the cookie), or they see a blank form (if it's their first time seeing the form, or if the cookie has expired).
The downside is that one person may end up creating more than one entry, because they visit the form from two different computers, so the cookie isn't available to return them to their previous entry....or they just visit twice with a long time in between the visits, and then the cookie will have expired.
So in those cases, we have no way of knowing that the individual looking at the computer screen has filled in the form previously and no way of knowing what their entry is, so they get a blank form and they can then create a new entry.
But regardless of all that, it is true that they will not be able to see entries that another person has made (unless they use that person's computer to access the form, while that person's cookie is still present, and then they would see the entry that person created).
If there are high security issues here, if the information in the form is highly sensitive, then you should really not use an anonymous setup (or you should disable the cookie logic and I can explain how to do that). Because of the way the anonymous users with cookies work, it would be fairly simple for someone to use a cookie to pretend to be someone else, if they were really determined to get access to another entry, and they were reasonably skilled technically. But hopefully that's not an issue in your case.
--Julian