Security Question for Rainlab Users

LordRazen · September 14, 2023, 7:01pm

I just configure my Rainlab User installation. It’s a pity Rainlab Users does not provide reCaptcha support for registration out of the box, but in order to make it a bit harder for bots, I thought a security question might be an easy way.

So - in case you would like to implement this, too - this is my solution:

Overwrite Register Form Partial

First you need to overwrite the register.htm from the Account component.
So copy
plugins/rainlab/user/components/account/register.htm
to
themes/<yourtheme>/partials/account/register.htm
in order to overwrite the partial.

Now add another field to the registration form (I used Bootstrap here):

<div class="form-group mb-3">
    <label for="answer">Security Question</label>
    <input name="answer" placeholder="Your not-to-obvious question as a placeholder...?" type="text" id="answer" required />
</div>

I decided to name the field “answer”, cause then the validation message will be readable automatically.

Validate Answer

Next we go for the validation. You’ve to extend the User model:

        UserModel::extend(function ($model) {
            $model->rules['answer'] = 'in:Answer1,Answer2,Answer3';
        });

Note this in any boot() function of one of your own plugins and you’re done.

What I learned: Don’t use “required|in:Answer1,Answer2” - for some reasons this is buggy and well… if the field should have a certain value it’s obviously required and the “required” can also be added in the form field from above.

Oh and the validation message in general for the in:... rule is The selected <fieldname> is invalid., so with answer as fieldname… it works quite well

Move question to config

Now if you don’t like the whole thing somewhere in the code and if you would prefer to configure it in the config, you can do this, too.

Note this to your plugins config:

return [
    'security' => [
        'question' => 'Your not-to-obvious question...',
        'validation' => 'in:Answer1,Answer2'
    ],

And modify the code from above:
Form Partial:

<div class="form-group mb-3">
    <label for="answer">Security Question</label>
    <input name="answer" placeholder="{{ config('your.plugin::security')['question'] }}" type="text" id="answer" required />
</div>

Addition: I recognized calling the config() directly in the partial is a problem if you turn debug mode off. So use this approach within the partial to fix it:

==
function onStart()
{
$this['securityQuestion'] = config("my.plugin::security.question");
}
==
{{ securityQuestion }}

Model Extension:

        UserModel::extend(function ($model) {
            $model->rules['answer'] = Config::get('your.plugin::security')['validation'];
        });

If anyone has some ideas for improvement, let me know. ^^

apinard · September 14, 2023, 8:21pm

Nice job!

You can take a look : Magic Forms plugin - October CMS

This plugin enable the captcha features inside a form.

LordRazen · September 14, 2023, 8:33pm

Uoh… thanks a lot ^^

I only searched for captcha plugins, not for form plugins in general…