Surprise surprise, bots like to search sites for forms and inject false submissions for reasons...
We have noticed an uptick on false submissions regarding Miva's forgot password process. Is there any way to incorporate a reCaptcha step into this? For instance, the "Forgot your password?" link on the LOGN page brings up a simple submission form that takes an email address and, once submitted, checks against customer accounts to send out a reset link if a match is found. That form submits to the LOGN page and I don't know where the backend code/process is for this feature.
Whatever logic that looks for the matching customer account email would need that extra validation check from the reCaptcha process to ensure this feature does not get abused.
Anyone know if this is possible? Is the forgot password process a baked-in component of Miva that is difficult to expand upon? Why is the option of validation not a standard when it comes to this and other forms like it in Miva?
Thanks!
We have noticed an uptick on false submissions regarding Miva's forgot password process. Is there any way to incorporate a reCaptcha step into this? For instance, the "Forgot your password?" link on the LOGN page brings up a simple submission form that takes an email address and, once submitted, checks against customer accounts to send out a reset link if a match is found. That form submits to the LOGN page and I don't know where the backend code/process is for this feature.
Whatever logic that looks for the matching customer account email would need that extra validation check from the reCaptcha process to ensure this feature does not get abused.
Anyone know if this is possible? Is the forgot password process a baked-in component of Miva that is difficult to expand upon? Why is the option of validation not a standard when it comes to this and other forms like it in Miva?
Thanks!
Comment