Recently Browsing 0 members
No registered users viewing this page.
I have my own register-login-profile/account page system. I know that Ryan recently released an official module for this, but there may be an advantage to having my own custom solution. Anyway, it seems to work well.
But, I have been getting annoying Russian hack attempt accounts, mostly as 'guests' that don't bother to use the activation link.
Most if not all of these accounts have this in the name field:
No Subscription Detected
...which makes them relatively easy to filter out from real name accounts.
Where do these "strings" come from? I can't find them in Processwire's source. Are the hackers using some kind of tool that inserts these for some reason? Or is it a PHP thing? Does anyone recognize them? Does it mean they are using some kind of backdoor instead of the registration form?
In general, what are the best practices to secure my registration form, prevent spam accounts, etc.?
I'll start with adding a check to block IP addresses that try to register with 'Not Recognized' etc. in the name field I guess.
can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?
I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?
If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?
I know this might be an unusual question, but I would appreciate any feedback.
By Robin S
Adds a password generator to InputfieldPassword.
Install the Password Generator module.
Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
*Settings not supported by the generator:
Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.
Being a newbie in ProcessWire I was wondering, whether I could have simple subdirectories on my webserver (serving specific self-developed php-apps) and use PW's built-in user management, to grant or deny access to those directories for specific users and groups. I was trying to wrap my head around LDAP for this, but it's not too easy to install on virtual servers running Plesk from my experience. So I thought I could possibly use PW's built in mechanisms for this purpose. Any ideas? Thanks in advance to the community!