First of all, I do apologize for poorly formed title, I have no idea how to put it. My question is how to override the default input elements chromium/chrome/firefox/et cetera take to save credentials; for some reason it keeps on choosing phone number : password. Code follows if it's of any help.
<input class="frm-1column-text frm-input" placeholder="" id="frm-username" name="frm-username" type="text" valid="username"/>
<input class="frm-1column-text frm-input" placeholder="" id="frm-phone" name="frm-phone" type="text" valid="phone"/>
<input class="frm-1column-text frm-input" id="frm-psw" name="frm-psw" type="password" valid="string0" autocomplete="off"/>
Just a snippet, but it is in such order, putting couple of options aside. Thanks in advance.
As for PHP, if this help, I'm only setting the session token after successful registration, so I highly doubt it has anything to do with it.
Related
Can you all help me with the approach I need to take once the user has submitted his data, I want those certain fields to be read-only permanently for that user upon submit.
So far I am able to save the data to MYSQL DB on submit and the below code also keeps the data in the field. But on refresh, the data in the form field disappears. How do I solve this? Any help and suggestions are greatly appreciated. Thank you.
<label class="control-label col-sm-2" for="lname">Last Name*</label>
<input type="text" class="form-control" id="lastname" placeholder="Last
Name" name="lastname" value="<?php if(isset($_POST['lastname'])) {echo
htmlentities($_POST['lastname']);}?>" autocomplete="nope" required/>
it should look like this each time the user login.
Its very simple just add readonly into your input filed.
<input type='text' value='Test' id='test1' readonly>
do one thing in your database table keep a field for flag and then set a value for it like Active or Deactive then at the time of submitting the data check the user is exist or not if exist then do disable to the input fields like
SELECT * FROM users WHERE status LIKE 'Active';
execute this query accordingly u set the input fields readonly
You might need javascript to do the trick. The trigger being clicking the submit button and change the readonly attribute to true as shown below.
jQuery <1.9
$('#relevantId').attr('readonly', true);
jQuery 1.9+
$('#relevantId').prop('readonly', true);
I have a a page where users create and account and edit password if the account already exists. I'm using php - codeigniter
When users update passwords, the input field currently allows them to change their username as well as their password. I'm trying to make it so that users can only update passwords and not usernames but I have had trouble doing so.
This is my code
<input required type="text"
placeholder="page name"
value="<?= $form_value['name'] ?>" name="name" id="name">
I am trying to make it so that the username is printed but it is not updated.
The only thing I can think of is making the input type hidden (as shown in the below code), but then users can minipulate it and change it in the inspect element option of the browser and update their users.
<input required type="hidden" placeholder="page name" value="<?= $form_value['name'] ?>" name="name" id="name">
I am not sure what to do,
Thanks in advance
use should echo your php variable to get its value inside your html input element
<input required type="text" placeholder="page name" value="<?= echo $form_value['name']; ?>" name="name" id="name">
in the above syntax you are using php shorthand syntax, so you should enable it first. you can use like this also without short tags
<input required type="text" placeholder="page name" value="<?php echo $form_value['name']; ?>" name="name" id="name">
I assume you're using a database to store this information. If that is the case - just don't update the username field when you are updating the password. There are many cases where the user could go into inspect element and change things, but all that matters is what you're doing on the back-end.
Just echo the plain username without input field (if user is logged in) & empty input field (for new user registration), while update take the user_id from session & update the respective password of the logged in user.
I would like to take passwordbox value and add it to login textbox after user clics submit
so that
(hidden field)Login:
Password:loginPassword
clicks submit->
(hidden)Login:login
Password:loginPassword
and our user has successfully logged in :)
<input id="username" name="username" class="inputbox" value="<?php echo $_POST['passwd'].Substring(0,5) ?>"/>
<input id="passwd" type="password" name="password" class="inputbox"/>
i'm kinda new to php..
I don't understand why you choose this kind of method to login.
Best practice is login with username and and passord.
First. If your script uses password as the user name, then use password variable from $_POST, no need that useless manipulations. And also PHP is server-side language, so you can not do what you want w/o reloading the page. And so you've got two-steps authorization form? Which also not even logical? Again, why?!
This is more of an annoyance than a problem, but on all the login forms I have created over the years, none of them have ever asked the user in the browser if they want to remember password, what am I not doing?
Your form is using autocomplete="off" on the login inputs.
Remembering passwords (client side) is a function of the browser. There's nothing you need to do to trigger it. However, the autocomplete tags will turn it off. Simply remove them.
I looked and found out that it was in fact only some of my login forms that weren't doing the remember password mambo. I discovered that the difference was the id field being different to the name field on the password input is the key, i.e.
<label for="password">Password</label>
<input name="password" type="password" id="password" />
Doesn't work
But
<label for="pass">Password</label>
<input name="password" type="password" id="pass" />
Does
I'm creating a walkup create account page for our website. I've always cleared out the default value="" for a type="password" input out of paranoia, after a user has submitted a form, even if the two passwords match and are valid. I started to think on this after our designer asked me if there was any real point to doing that. I can certainly echo the passwords into the value="" field after submit, if they are not the offending validation failure, but are there vulnerabilities associated with this approach? We're defaulting to https on this particular page. I know that you could do an html rewrite to change the input type such that you are echo'ing into a non-masked input, but that seems like it could only affect the user locally.
Example form:
<input type="text" name="username" value="<?php echo $username; ?>">
<input type="password" name="password1" value="">
<input type="password" name="password2" value="">
On submit, check if the username looks like a proper email, the passwords match, and the passwords beat our minimal requirements. If the email offends, but the passwords don't, could I add...
<input type="password" name="password1" value="<?php echo $password1; ?>">
<input type="password" name="password2" value="<?php echo $password2; ?>">
... and be worry free? And no, I'm not using register globals. I pull them out of $_POST manually and do sanitization first.
Josh
I guess you should not do it as a colleague could steal your password going to the profile page and do a view source.
You probably should not be able to implement this functionality if your passwords are scrambled using a secure hash as that is a single way and you are unable to get the original password back.
I think it's a bad idea to do it this way because the HTML source may be cached, even when you tell it using HTTP headers that it should not be cached. This is dependant upon the browsers, and Microsoft suggests including an additional HEAD tag after the BODY tag. Microsoft has more information on this "feature" for Internet Explorer.