html and password management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm working on the user registration part of my site.
User registration works fine, but there's an oddity with password management. 

The use I registered is username: someone

After logging in, I told firefox to save the username and password.

I then went to the UserPrefs page to test both e-mail and password change.

http://www.clfsrpm.net/someone.png
FireFox for some reason auto-filled in the username in the verify e-mail field for the Update E-Mail Address form.
Even though the form requires valid login to even see, for security reasons I want valid password entered. I don't mind the auto-filling in of the password by firefox, I do mind that it decided to put the login name in the field before it. 

Here's the html for that form:

<h2>Account Settings</h2>
      <form id="formemail" method="post" action="UserPrefs">
        <fieldset id="fieldsetemail" class="leftFloat">
          <legend>Update E-Mail Address</legend>
<p><strong>NOTE</strong>: Updating your e-mail address will result in a temporarily disabled account until your new e-mail address has been validated.</p> 
          <div id="divemail" class="formFloat">
            <p>
              <label for="email">New E-Mail</label>
              <br/>
              <input type="text" id="email" name="email" size="64"/>
            </p>

            <p>
              <label for="vemail">Verify New E-Mail</label>
              <br/>
              <input type="text" id="vemail" name="vemail" size="64"/>
            </p>
          </div>
          <div id="divemailpassword" class="formFloat">
            <p>

              <label>Enter Current Password</label>
              <br/>
<input type="password" id="emailpassword" name="password" size="20"/> 
            </p>
          </div>
        </fieldset>
        <div id="email_submit" class="formFloat">
          <input type="hidden" name="ptoken" value="*snip*"/>

          <input type="submit" id="imail" name="imail" value="Submit"/>
        </div>
      </form>

The id for the input it is incorrectly auto-filling is vemail.
Is there a way to flag firefox not to autofill the username for that form? I thought it would be smart enough not to because the field name/id is different than the login field id/name but apparantly not.
Furthermore, when testing the e-mail change, FireFox asked if I wanted to save the password. I said yet to see what happens - and now it has the e-mail stored as a possible username for the site, which is blatently wrong. There must be a way to disable it.
I suppose I could remove the password field from the form, and upon submit - then ask for password verification on a different form, but that seems kind of sucky. 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux