Secure PrivMX Web Forms

After installing PrivMX WebMail on your website, you can easily create secure forms for your customers, contact forms, surveys, and more.

PrivMX forms use end-to-end encryption - they encrypt data in the user's browser before they are sent to the server. Only the PrivMX user who have created the form can access the uploaded data - they can read it in an additional inbox.

Quick test

In the user settings window, select the Secure Web Forms tab and (1) add a new form. Then (2) use the Test button to open and send the test form. (3) Check form's inbox to see if the data has arrived.

Creating secure forms

In the user settings window, you can find information (Dev Info) about each of your secure forms, including their unique identifiers (SIDs), for example:

8DtSZXyLBALj4YbX3KkYKdE55CSZw9T4wiVhGrVRg6MYxh7hWR

If you want your form data to be encrypted and sent to PrivMX, to the form's inbox, then you need to use the features provided in PrivMX WebMail package. First, load the PrivMX client functions:

<script src="//yourdomain.net/privmx/server/secure-form/assets.php?f=privmx-client"></script>

Then attach javascript privmx.send function to the "Send" button of your form (onclick, etc). The function encrypts and sends data to a given form inbox. An example call:

privmx.send({
  host: "yourdomain.net",
  sid: "8DtSZXyLBALj4YbX3KkYKdE55CSZw9T4wiVhGrVRg6MYxh7hWR",
  data: { name: "Joe", age: "30" },          // form data
  subject: "New form data!",        // subject of the message
  onSuccess: function() { alert(" OK :) "); },
  onError: function() { alert(" ERROR :( "); }
});

The privmx.send function returns a promise object, so the above call may also take the form:

privmx.send({ host:..., sid:..., data:{...}, subject:... })
 .then( function() { alert(" OK :) "); } )
 .catch( function() { alert(" ERROR :( "); } );

Uploading files

If the form allows you to select files (it has input fields with type=file), then these files can be passed to privmx.send in the files field:

<input type="file" id="filechooser" />

<script>
  ...
  privmx.send({
    ...
    data: {...},              // data other than files
    files: [ document.getElementById("filechooser").files[0] ],    // files
  })
  ...
</script>
Files, like other form data, are encrypted in the browser before being sent. They appear in the form's inbox as attachments to messages.

Collecting form data

The privmx.send function can collect all the data from a given form. To use this function, just use the form field INSTEAD of data and files:

<form name="contactform"> ... </form>

<script>
  ...
  privmx.send({ ..., form: document.forms.contactform, ... })
  ...
</script>

Filtering requests

PrivMX server can filter requests submitted from PrivMX forms. Any of the mechanisms used by website creators (eg captcha, session numbers, etc) can be used for this purpose. The code which controls the form has to use the extra field of the privmx.send function. Data placed in that field are not encrypted by PrivMX and are available for the server.

privmx.send({
  ...
  data:{...}, files:[...],    // these fields are encrypted
  extra: "abc123",        // this field (string) is not encrypted
  ...
})

The server, using those "extra" data, can decide whether to pass the message to the form's inbox or not. The code which makes such a decision has to be placed in the callbacks/myformvalidator.php file:

register_privmx_callback("formvalidator", function($sid, $extra) {
    if( $extra!="..." ) {
      // ...
      return false;   // block the message
    }
    return true;    // place the message in the form's inbox
});

There may be many validators in that file. The PrivMX server accepts the form request if all registered validators agree (return true).