SilverStripe 3.1.x - Extend lostpassword form to include captcha
Whats the best/correct way to extend/modify the LostPasswordForm in SilverStripe 3.1.x to include recaptcha? Another security issue, which was classified as medium risk. Here's what they say:
Observation: The Forgot Password functionality can be used to spam the email address of an admin user.
Sample Affected URL: http://example.com/Security/LostPasswordForm
Impact: A malicious user may use a bot or an automated method to repeatedly submit a Forgot Password request. The email inbox could be rendered inaccessible or useless due to the large number of messages.
Recommendation: Implement a one time use challenge-response test such as a CAPTCHA during the Forgot Password request to prevent automated bots or to slow down humans who attempt to flood the user's email inboxes. This CAPTCHA functionality should expire after one use.
As time is of the essence here, any pointers (or even a complete solution) would be greatly appreciated. It would be easy to implement hacking away at the core, but it's not best-practice. Can someone share how it should be done by properly extending?
I think overriding the default template is the way to go,
but you should be able to use a custom class extending MemberLoginForm rather than altering the core file...
_config.php
Object::useCustomClass('MemberLoginForm', 'MyExtendedMemberLoginForm');
MyExtendedMemberLoginForm.php
class MyExtendedMemberLoginForm extends MemberLoginForm {
//override methods, add your fields...
}
- Binding number to input in Svelte and TypeScript
- How do i make a form with an image and text
- main form is not returnning to home page
- How can I reach component variables in custom validator?
- Use objects of different forms c#
- Only first placeholder displayed in Django's UserCreationForm
- In rails controllers, how to prevent double submit (when user double-clic submit button or hit enter twice)?
- How to disable a form submit button "a là Ruby on Rails Way"?
- Telegram API - Create New Application Error
- How to make form with two buttons submit a different value for each button?
- HTML form not triggering "submit" event listener when form is submitted
- How to use array of objects for controls in Form Group
- Django Form Field validation
- How can I detect events on all elements in a form?
- Not displaying the .success element after submitting the form
- Im on freecodecamp html. and i am getting a error that says ,Your first radio button on your form should be checked by default
- javascript - get the filename and extension from input type=file
- Symfony 1.4 FormFilter: how to add "is not empty" checkbox?
- In Angular, how to add Validator to FormControl after control is created?
- PHP File upload external url
- Form Submitting Help: Python and Selenium
- Why does entering decimal numbers in the input fields result in zero?
- How do I style a form select field, depending on selection with css or jquery?
- How to add a ForeignKey field to be saved in ModelForm Django?
- Symfony: How to render a Collection Form Type in a custom format
- How can I change the page's URL when a visitor clicks a button?
- Why does MultipleHiddenInput render only if there is initial data? (Django)
- ASPX Page Submission but Retain Form Values
- Why do I get "npm ERR! code ENOENT" when trying to install shadcn ui
- "ERROR: please fill the required fields (name, email)." in WordPress?