One of the missing parts for the Magento Admin Panel is the security test on all POST forms. This may be a serious problem in 2 cases:
- Highly sensitive forms like the Magento Admin Panel login form, which is very vulnerable to attacks
- And forms that need manual processing like Contact Us form, which can be an easy target for spamming.
The industry standard solution is to add a challenge-response test, like CAPTCHA, to ensure that the response is not generated by a computer, and ReCAPTCHA (http://recaptcha.net) is a well-packaged free CAPTCHA service.
Adding a reCaptcha box to a Magento page or to the Magento Admin Panel is not difficult, but it is going to be time consuming if you need to add it to multiple pages. To deal with this, I created a recaptcha module so that the recaptcha form can be inserted into a page in a nice and easy way.
To setup the module, you should first get the public & private key for your domain, and set them in the admin panel under System->Configuration->Harapartners Extension->Recaptcha.
Then you should open the template file for the form, for example, \app\design\frontend\default\default\template\contacts\form.phtml
After that, add the code as below to places where you want the recaptcha to be:
[codesyntax lang=”php” lines=”fancy”]
<?php echo Mage::getModel('recaptcha/recaptcha')->getRecaptchaForm()?>
Finally, in the <form> tag, add something like <form …… onsubmit=”return validateRecaptcha()” />, then that is it.