Feature Requests
Share ideas, discuss and vote on requests from other users in community
 
This object is in archive! 

Captcha on Password Reset

Anonymous shared this idea 6 years ago
Under Consideration

We would like to see either a permanent, or the ability to enable Captcha on the password reset page.

Original Forum Request:

http://forums.whmcs.com/showthread.php?63918-captcha-for-password-reset

Comments (3)

photo
2

It would be so simple to implement this, simply add the same captcha to login and password reset and many people would be happy.

photo
1

I believe this would be a great feature as well, specifcally for the final billing/registration portion.

Heres the issue, I have it so registration cannot occur without a order being placed as recommended, but they simply get past the captcha for the domain ordering by going to this URL (whcms location)/cart.php?a=add&domain=register which doesn't have a captcha displayed.

They (bots) then proceed to registration/login , auto fill garbage and proceed to become a registered client.

And since captcha is turned off for registered clients (why make it hard for them right?) they then proceed to autologin as that client and try their little SQL injection game, which fails of course because I don't allow clients to self change contact items just for this reason).

So if a captcha form was used for the registration process, it would prevent fake bots from registering in the first place, thus become a client. Thanks WHCMS team for listening.

photo
1

Nice idea