Welcome to Geeklog, Anonymous Thursday, December 26 2024 @ 07:26 pm EST
Geeklog Forums
Saved User/Pass causing havoc in My Account
Status: offline
sacherjj
Forum User
Newbie
Registered: 05/07/07
Posts: 12
Has anyone else ran into this before?
When a user logs in with Firefox and saves the username and password (as we know many people do), then when clicking on My Account goes to the Username & Password tab. The problem is that the first field for New Password is 'passwd', the same name as the field used to login. Firefox plugs in the password, assuming the user is logging in. If the user now changes just the email, it prompts if they would like to change their password. If you are using multiple users and saved, it prompts asking which you would like to change.
I figure that I will need to either rename the password field for My Account or login to make this go away. After logging into here, I noticed it was not just my site. I believe both computers I saw this on were running Firefox 2.0.0.3. I noticed that IE 6 does not prompt to save the password, so this isn't an issue. I wonder if this would also be an issue with any third party browser add-ons that work like Firefox for saving logins.
When a user logs in with Firefox and saves the username and password (as we know many people do), then when clicking on My Account goes to the Username & Password tab. The problem is that the first field for New Password is 'passwd', the same name as the field used to login. Firefox plugs in the password, assuming the user is logging in. If the user now changes just the email, it prompts if they would like to change their password. If you are using multiple users and saved, it prompts asking which you would like to change.
I figure that I will need to either rename the password field for My Account or login to make this go away. After logging into here, I noticed it was not just my site. I believe both computers I saw this on were running Firefox 2.0.0.3. I noticed that IE 6 does not prompt to save the password, so this isn't an issue. I wonder if this would also be an issue with any third party browser add-ons that work like Firefox for saving logins.
12
10
Quote
ironmax
Anonymous
I am interested in this area and have not figured anything out about the problem firefox is having. I did run across this post that described a work around at http://forums.mozillazine.org/viewtopic.php?t=289077 but I am not sure on how I want to implement it yet. Give feedback on this, I'd like to hear about the yahs and nahs.
Michael
Michael
10
12
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
That is the proper solution. The last time I had this problem I considered creating a patch but it was easier just to delete my password info in FireFox. Renaming the form fields on the admin screens harms no one and solves an annoying problem. As noted in the listed thread, username/password have vague meaning on the admin screens. Putting a couple letters in front of them harms nothing. But does require time retesting the forms.
8
10
Quote
Status: offline
sacherjj
Forum User
Newbie
Registered: 05/07/07
Posts: 12
The form in question is under public_html/layout/[theme]/preferences/profile.thtml
Line 5: <form action="{site_url}/usersettings.php" method="POST" {enctype}>
I changed to:
<form action="{site_url}/usersettings.php" method="POST" {enctype} autocomplete="off">
It had no affect on how Firefox handled the situation.
Implementing the solution in the site you linked sort of worked, but I still get a popup to decide between which users I want to change. I will look to see if I can fix that as well.
Here are my changes to the profile.thtml file (from Professional theme)
Added after line 2:
<script language="JavaScript" type="text/javascript">
<!-- JJS 2007-05-07 Added script block for Firefox workaround
function fixFields()
{
document.userpassform.username.value = document.userpassform.temp_username.value;
document.userpassform.passwd.value = document.userpassform.temp_passwd.value;
}
-->
</script>
Changed form tag:
<!-- JJS 2007-05-07 Added autocomplete, name, onsubmit for Firefox workaround -->
<form action="{site_url}/usersettings.php" method="POST" {enctype} autocomplete="off" name="userpassform" onsubmit="fixFields();">
Changed password field from:
<td><input type="password" id="passwd" name="passwd" size="32" maxlength="32" value="{password_value}"></td>
to
<td><input type="password" id="temp_passwd" name="temp_passwd" size="32" maxlength="32" value="{password_value}"></td>
Added these hidden fields down with the other type="hidden" fields:
<input type="hidden" name="temp_username" value="{username_value}">
<input type="hidden" id="passwd" name="passwd" value="">
It fixes most of the bug. I think I am going to rename the fields for a more permanent solution. Luckily, I am forcing one theme on all users. So I won't have to change multiple themes. I will post where to make that change when I do so.
Line 5: <form action="{site_url}/usersettings.php" method="POST" {enctype}>
I changed to:
<form action="{site_url}/usersettings.php" method="POST" {enctype} autocomplete="off">
It had no affect on how Firefox handled the situation.
Implementing the solution in the site you linked sort of worked, but I still get a popup to decide between which users I want to change. I will look to see if I can fix that as well.
Here are my changes to the profile.thtml file (from Professional theme)
Added after line 2:
<script language="JavaScript" type="text/javascript">
<!-- JJS 2007-05-07 Added script block for Firefox workaround
function fixFields()
{
document.userpassform.username.value = document.userpassform.temp_username.value;
document.userpassform.passwd.value = document.userpassform.temp_passwd.value;
}
-->
</script>
Changed form tag:
<!-- JJS 2007-05-07 Added autocomplete, name, onsubmit for Firefox workaround -->
<form action="{site_url}/usersettings.php" method="POST" {enctype} autocomplete="off" name="userpassform" onsubmit="fixFields();">
Changed password field from:
<td><input type="password" id="passwd" name="passwd" size="32" maxlength="32" value="{password_value}"></td>
to
<td><input type="password" id="temp_passwd" name="temp_passwd" size="32" maxlength="32" value="{password_value}"></td>
Added these hidden fields down with the other type="hidden" fields:
<input type="hidden" name="temp_username" value="{username_value}">
<input type="hidden" id="passwd" name="passwd" value="">
It fixes most of the bug. I think I am going to rename the fields for a more permanent solution. Luckily, I am forcing one theme on all users. So I won't have to change multiple themes. I will post where to make that change when I do so.
11
11
Quote
Status: offline
jmucchiello
Forum User
Full Member
Registered: 08/29/05
Posts: 985
Changing the templates doesn't help without changing the code. It's the kind of fix that if you make full patch, one of the devs might put it into CVS.
10
10
Quote
Status: offline
sacherjj
Forum User
Newbie
Registered: 05/07/07
Posts: 12
I understand that. I haven't had a chance to look at the back end code that receives the post, hence the band-aide I posted yesterday. When I get the full fix done, I will post. A few things on my site are higher priority at the moment.
8
10
Quote
All times are EST. The time is now 07:26 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content