By default, all Public Forms have Auto-Matching Disabled because it makes Public Forms less secure. The security risk is hackers trying Last Name and Email combinations to match to existing records and records being updated by non-logged in users.
There are lists of email address, name and password from hacked websites floating around the internet, so this is a very real concern. I
nstead of Auto-Matching, SAM will prompt the user to login, by opening a popup, whenever a duplicate email address is detected. The user can set or reset their password using the "Forgot or Don't have Password" link in the login prompt, which will send them an email with a special link. The user can choose to ignore this login prompt, which will create a duplicate record.
You can disable the login prompt for duplicate email address (per Form).
- Advanced Options > Really Advanced Options >Form Security Settings
- Set Public Forms | Prompt user to login when duplicate email = No This will create duplicate records if the "Public Form | Auto-Match" Form Property is also set to "No" (which is the default). We don't recommend changing this because security is more important than convenience.
Public-Form Auto-Match Record Criteria
When you enable "Public Form | Auto-Match", SAM will still use the "Public-Form Auto-Match Record Criteria", which is set per each Main Entity Table, to know if an auto-match should occur. By default, the Criteria is "Login Password" is Empty. To set the "Public-Form Auto-Match Record Criteria" go to the Table Properties for a Main Entity Table > Advanced Options > "Public-Form Auto-Match Record Criteria" If you want all records to Auto-Match regardless of any criteria, then just delete all the filters in the "Public-Form Auto-Match Record Criteria"
If there are Duplicate Records, SAM will login (or reset the password) to the latest one.
Public Form | Auto-Match
When "Public Form | Auto-Match" is enabled, records entered through the public forms are automatically matched to existing records by:
- Last Name + Email Address
- Last Name + Phone Number
- Email Address + Phone Number
When a new Public Form is submitted and SAM matches at least two of the criteria, the information captured on the public form will be entered for the matched record. When these criteria are not matched, a new record will be created.