• Overview

  Object Reference

• Object Overview
• Frequently used objects
  supporter
  groups
  supporter_groups
  event
  distributed_event
  supporter_event
  donation
   
  more ...

SalsaScript

• SalsaScript Introduction
• Syntax and Common Methods
• Including files
• Dates
• Database Access
• Rendering Forms
• Standard Controllers
• Common Packages
• Embed SalsaScript in a email_blast
• Full SalsaScript Reference

Tutorial

• Getting Set Up
• Creating a Package
• News Aggregator
• Putting It All Together
• Advocacy Campaign

SalsaScript Examples

External API

• API Introduction
• Authenticating
• Common Definitions
• Getting Data
• Saving Data
• API Examples & Cookbook
• HTML Example
• PHP Example
• Python Example
• Unauthenticated forms

Unauthenticated Forms

If you're running a website on a separate domain, you may need to allow users to submit data to Salsa, without authenticating. This is useful for a quick signup page, a quick customized petition signing, etc. You can use the standard Salsa "save" controller without authenticating, but it only allows certain operations, such as adding new entries. You cannot edit objects without logging in.

To use the unauthenticated option with the save controller, you need to also indicate the organization identifier with your submission (the organization_KEY).

For example, this form will add a supporter to organization 111 on the Sandbox node:

<!-- Target the standard save controller -->
<form action="http://sandbox.salsalabs.com/save">

<!-- Specify the organization, for un-authenticated submissions -->
<input type="hidden" name="organization_KEY" value="111"/>

<!-- Save a new supporter object -->
<input type="hidden" name="object" value="supporter"/>

<!-- Input Fields -->
Enter your email:<input name="Email"/>*
Your Zip Code:<input name="Zip"/>*

<!-- Require the Email address -->
<input type="hidden" name="required" value="Email"/>

<!-- Optional spam catcher -->
<style>.memberCode{display:none;}</style>
<div class="memberCode">
Optional Member Code
<input name="first_name_949" value=""/>
</div>

<input type="Submit"/>
</form>

The Flash Object -- Error messages

When using Salsa controllers, it is useful to report back to the user the last error received. For example, if you're submitting a form from a third party site, you may want to include error messages above the form. For example: To retrieve error messages, use the flashMessageJS.sjs SalsaScript page to return back the last set of error messages. These messages are intended for one submission only, and are cleared when retrieved, and cleared on every new submission.

This example would retrieve flash messages for any submissions to the Sandbox:

<script type="text/javascript" src="http://sandbox.wiredforchange.com/api/flashMessageJS.sjs"></script>

Note: Individuals with Javascript disabled would not see these error messages. This is a small fraction of individuals, but if that is a concern, you can also use an iframe:

<iframe src="http://sample.nodeurl.tld/api/flashMessage.sjs"></iframe>

Spam Catcher and Captchas

There are myriad difficulties in placing open forms on websites, the most prevalent being form spam, which are automated systems that submit every form they can find, with the hopes that a few of them will publicly display the submitted content. Unfortunately this can lead to a significant number of invalid email addresses. While there is no solution to this problem, there are a few techniques that can minimize it. The Salsa system contains a variety of internal protections, but the ones that can most help with forms you create are the Spam Catcher, and the Captcha.

Spam Catcher

The above form contains a section loosely called the Spam Catcher:

<style>.memberCode{display:none;}</style>
<div class="memberCode">
Optional Member Code
<input name="first_name_949" value=""/>

This section is invisible to users through style sheets, but is visible to automated systems. An automated system will generally fill in a value for that field -- which will immediately, and silently, cause the submission to be rejected by the system. No record of this entry will be made, other than an internal log entry. This technique has proven to be quite effective in reducing spam submissions, however it will undoubtedly be worked around by the spammers at some point.

Note: Some screen readers for the sight-impaired will also show this field, which is why an innocuous description (Optional Member Code, in this case) is included. This can be any text you would find suitable for screen readers.

Captcha

A more robust protection against form spam is a Captcha image, which is a computer generated image that is difficult for automated systems to read. Salsa controllers support Captchas natively, through the use of the /salsa/Captcha.jpg generated image. Each call to this image will generate a new image, and store the response in the user's session. An incorrect captchaResponse with the next submission will cause the controller to return back to the submitting page, and put an error in the flash message.

<img src="http://sandbox.salsalabs.com/salsa/Captcha.jpg" width="200" height="50"/>
Enter the characters in this image
<input name="captchaResponse" width="5" size="5"/>

ReCaptcha

Alternatively, Salsa supports ReCaptcha, a third party captcha service that provides additional support for reading-impaired individuals, and images that are difficult to read.

<script type="text/javascript"
   src="https://www.google.com/recaptcha/api/challenge?k=6LeBGQYAAAAAAAGZfSwkZXdpuYXQm-4-Lx87fJK2">
</script>

<noscript>
   <iframe src="https://www.google.com/recaptcha/api/noscript?k=6LeBGQYAAAAAAAGZfSwkZXdpuYXQm-4-Lx87fJK2"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field" 
       value="manual_challenge">
</noscript>