Question about form and contact-update behaviour

Hello,

I try to implement my first forms with mautic. I want to create a simple form for newsletter-sign-up with data like company name, firstname, lastname and email. This form should be available for all users on the website.

When I insert a email-adress of an existing user it seems like mautic updates the existing user with the form data.

This means that ANYONE is able to change data of my mautic contacts, just by guessing an existing email address.

I don’t like this behaviour and think this is kind of critical for misuse.

How do you think about this? Is there any way to avoid this?

I also tried the kiosk mode in the form settings but the update-behaviour seems the same.

Thanks for some help!

Best regards,

Timo

Yes it’s possible. You would able to see the ip where this is coming from and ban if you want. Of course this would result in a whack a mole game, but you have this option.
Not sure what the benefit is besides messing with you. I’ve never had this issue.
I had other issues but not this.

Hi Joey,

thanks for your quick reply. So there is no way to disable this form-update-contact-behaviour in any way?

The only possibility I see is to submit the data via rest api and check if the email already exists (and then do no update on the names). But this is much more effort because these calls have to be programmed.

Best regards,

Timo

Hi, sure. So what you wanna do is not to save the entry if the email already exists?

Right - I don’t want to save/update the contact in this case. Is there a build-in way to do this?

You can just not connect it with any field. Would that work?

I think not - or In don’t understand how mean it.

I want to save the firstname in the firstname. But in best case just for new contacts.

Can you explain me how you mean “not connect”?

Hi iparker,

have you solved it?

When you create a form, normally you would connect the fileds with custom fields in Mautic.

But you don’t have to. You can leave this open, then it won’t be saved.

At the same time, it will be visible in Form results, and you can download and reimport them as you like.

Thanks, but this does not fix my problem.

When the form filled the first time, the field should be mapped to the contact fields. The fields should not be updated, if the form will be used again, with the same email.

One approach, I have seen on another page, is to register only by email and to get an email with a link including a hash to another form on which you can set your preferences and your personal information.

Do you know how we can implement this, or is this some custom implementation?

You can always hide the fields which are already filled out, so it won’t be updated.
Is that any help?

But that would not prevent another person to fill the form because Auto fill data is bound to the real persons client device.
Furthermore, we are a university and different users tend to use the same device.

Okay, I start to understand what you need :smiley:
Yes, you can use the hash solution. In this case you need to make sure you have a second key besides email, so you can use it for pre-populating data.

How is the registration of students done? (aka who would assign the hash? automatically?)