Prevent ajax form submission from console

Permalink Browser Info Environment
This might be a general ajax validation security/workflow question, is there a way to prevent a form, proform specifically, submission from console ($('#my_form').submit())
In my case the forms is for redeeming a rebate, so such a submission would create a vulnerability as even though there is an admin issuing the actual rebates, a conformation email sent to a fraudulent user would create a claim for rebate, and extra validation/verification work.
Do I need to add another level of validation and can it still be ajax?

Type: Discussion
Status: New
View Replies:
RadiantWeb replied on at Permalink Reply
RadiantWeb
Every Form has a submit. There's no way around that.

What you are doing likely should be it's own custom question type that sends/saves a random code to the logged in user on form submit.(only logged in users can use it, this ensures that the email it is sent to is valid and not hacked) Then a single page with controller to redeem only once and mark that code as "used".

We would likely charge $350 to create this functionality for you.

ChadStrat
guyDesign replied on at Permalink Reply
After some though and looking at how advanced forms do it, I think it might be a workflow problem as the validation and the saving script(action_entry_form_multipart in controller) are separated, I was able to submit an empty proform that has required fields, and that is a problem, I think, regardless of my aim.
I by no means have a grasp on all the proforms code, so I might be missing something
RadiantWeb replied on at Permalink Reply
RadiantWeb
So, what you are after is to have the validation forced twice. Once in AJAX validation and once in post?

I think this is doable. Although, this is not something I will get to within the next day or so.

ChadStrat
guyDesign replied on at Permalink Reply
One validation in the post and the validation and saving of a submission are at the same place and the saving is dependent on the validation
Not inventing anything here, just looking at the advanced forms implementation, they have the action of the form set to a helper in the /tools which validates and saves if the validation passes, and they ajax to that helper (in the view.php), and that seems to solve the console issue, for even if you make a fancy ajax call with data, more meaningful validation can developed in helper as needed
Other then that I think proform have a huge advantage of doing everything the concrete5 way, with attributes etc and I want to use it for the proj
Hope I make seance and not wasting your time
Thanx
RadiantWeb replied on at Permalink Reply
RadiantWeb
Please update to v2.6.0 and see if that works for you.

ChadStrat
guyDesign replied on at Permalink Reply
Thanx that solves it.
For anybody who is interested and needs advanced security/validation in post can extend the validate_post function in the block controller.

concrete5 Environment Information

Browser User-Agent String

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You have not specified a license for this support ticket. You must have a valid license assigned to a support ticket to request a refund.