All geek questions in one place

Firefox fills in the password in the username field

This is strange: if I enter the application for my application, ask Firefox to save the username / password. Then log out and return to the login screen, and firefox fills in the password in the username input field, which makes it visible!

Any idea what might cause the problem? Here is the html of my form, although I checked it 10 million times.

<form action="<?php echo WWWROOT ?>login/" autocomplete="on" method="post" name="extranetLoginForm" id="extranetLoginForm" > <ul id="formlog"> <li id="liloginfield"> <label for="loginfield" id="loginfieldlab"><span class="required"> <img alt="user-icon" src="<?php echo WWWROOT ?>_img/icons/user.png" /> Mon nom d'utilisateur : <small style="color:#AAA">(prenom.nom)</small></span> </label> <input id="loginfield" name="loginfield" class="text required ui-corner-all" type="text" tabindex="1" accesskey="l" /> <label for="loginfield" class="error" id="error1"> <img alt="erreur-login" src="<?php echo WWWROOT ?>_img/icons/exclamation.png" />Ce champ est obligatoire, r&eacute;digez comme ceci: prenom.nom</label> </li> <li id="lipass"> <label for="password"> <span class="required"><img alt="lost-pass" src="<?php echo WWWROOT ?>_img/icons/key.png" />mot de passe <small class="help_form">(<a id="forgotPasswordLink" href="#">oublié</a> ?)</small></span> </label> <input name="password" type="password" class="text required ui-corner-all" id="password" minlength="4" maxlength="20" tabindex="2" accesskey="p" /> <small class="checker" ></small> <input type="hidden" name="errorpass" id="errorpass" value="0"/> <label for="password" class="error" id="error2"><img alt="exclamation" src="<?php echo WWWROOT ?>_img/icons/exclamation.png" />Ce champ est obligatoire.</label> </li> <li> <input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /><label for="rememberme"> Se souvenir de moi</label></p> </li> <li class="centeredtext"> <input type="hidden" name="goto" id="goto" value="<?php echo WWWROOT.$_SESSION['AFTER_LOGIN_GOTO'] ?>"/> <input type="hidden" name="login_type" id="loginTypeNormal" value="normal"/> <input type="submit" class="ui-state-default button ui-corner-all short_input" value="GO!" id="submitlogin" tabindex="1" accesskey="L" /> </li> <li id="lipassforget"> <label class="centered info"><a class="dark_link openidLink" href="#" id="openidLink">avec OpenID</a></label> </li> </ul> </form>
+4
source share
2 answers

You accidentally changed the field names, i.e. Was there a password field named "loginfield" at some point when the username / password was saved by Firefox? According to the Mozilla wiki , the password manager saves the field name with the saved credentials, so it can be associated with this.

Did you try to remove the username / password from the Firefox password manager and see if this happens again when you try to save the login information again?

+2
source

Mozilla Firefox password manager is weird. He has his own mind.

https://wiki.mozilla.org/Firefox%3aPassword_Manager

If you logged into your application using Mozilla and your login field has an identifier “L” and your password field has an identifier “P”, it remembers these identifiers so that it can insert values ​​for you. This only happens if you have this check box selected: Settings> Security> Remember Password.

enter image description here

Now, if you have a page (or form .. not entirely sure) with AT LEAST one input field with an identifier that matches "L" or "P", Mozilla Password Manager (built into the browser) will try to use your intelligence to fill in the values ​​for you, even if both fields do not exist. See the example below for a better image. This can help you solve your problem.

Let me explain ...

I am working on forensic software, where users must check everything that they do in each workflow, so this requires their password, so if our clients are ever checked by the FDA, we have a record of the workflow. Thus, we have a password field in our application with each button, but since the user is already registered, we do not want them to also enter their username, so that this field is suppressed. This is what I had to do for this methodology to work (for Mozilla). I had to add a hidden (display: none) input field.

 <input runat="server" type="text" style="display:none;"> <asp:TextBox id="TxtPassword" Runat="server" Width="80" EnableViewState="False" TextMode="Password"></asp:TextBox>

The TextBox control actually displays the input field in HTML. Before I fixed this problem, I had a search field for the page preceding the password field, and it put the username in that field. If I did not have a hidden input field in front of the input field with the identifier "P" (or in this case "TxtPassword"), he would still put the login in my search field, because it was preceded by the input field with the identifier "TxtPassword". Having a hidden field (which is hidden) should fix this problem in Mozilla.The username goes into this input field and notices that it doesn’t even have an identifier, but Mozilla puts the login in this field because of the Mozilla setting shown in the dialog box above.

0
source

Source: https://habr.com/ru/post/1299730/

More articles:


All Articles