This is more of an annoyance than a problem, but on all the login forms I have created over the years, none of them have ever asked the user in the browser if they want to remember password, what am I not doing?
Your form is using autocomplete="off" on the login inputs.
Remembering passwords (client side) is a function of the browser. There's nothing you need to do to trigger it. However, the autocomplete tags will turn it off. Simply remove them.
I looked and found out that it was in fact only some of my login forms that weren't doing the remember password mambo. I discovered that the difference was the id field being different to the name field on the password input is the key, i.e.
<label for="password">Password</label>
<input name="password" type="password" id="password" />
Doesn't work
But
<label for="pass">Password</label>
<input name="password" type="password" id="pass" />
Does
Related
Basic HTML PHP CSS. I have an edit box with a placeholder. In the case that I have edited the fields once before (like username and password), and the browser has cached them, and I return to the form again (e.g., the login page), both the placeholder text and the auto filled values are appearing over top of each other. This is using the osclass code, if that matters. Clicking in the edit box removes the placeholder text, and the auto-filled value remains.
Thanks for the help!
Here's the site -
letmeborrowthat
You should turn the autocomplete off in your code
i.e.,
<input id="email" type="text" name="email" value="" class="input-text" autocomplete="off">
<input id="password" type="password" name="password" value="" class="input-text" autocomplete="off">
You can read it from the mdn here
I have login form and it works fine, but I don't know how to make it work via enter buttom. I did try to make it with JS, but it didn't work for some reason.
Also I think I made horrible code for login :(, but it works.
Make the sign in input a type of submit. Like this,
<input type="submit" class="zzzz" onclick="auth()" value="sign in"/>
This should fix the issue. It's a type of button currently which doesn't get triggered on submitting enter key.
Firstly add required bellow 2 input
<input name="userName" required="required" placeholder="E-mail" id="username" type="text">
<input name="password" required="required" placeholder="Password" id="password" type="password">
And then change input type bellow your submit input field
<input type="submit" class="zzzz" onclick="auth()" value="sign in"/>
Make button of input type submit and add this attribute to your form
<form onsubmit="return(false);">
so that it works with your javascript
First of all, I do apologize for poorly formed title, I have no idea how to put it. My question is how to override the default input elements chromium/chrome/firefox/et cetera take to save credentials; for some reason it keeps on choosing phone number : password. Code follows if it's of any help.
<input class="frm-1column-text frm-input" placeholder="" id="frm-username" name="frm-username" type="text" valid="username"/>
<input class="frm-1column-text frm-input" placeholder="" id="frm-phone" name="frm-phone" type="text" valid="phone"/>
<input class="frm-1column-text frm-input" id="frm-psw" name="frm-psw" type="password" valid="string0" autocomplete="off"/>
Just a snippet, but it is in such order, putting couple of options aside. Thanks in advance.
As for PHP, if this help, I'm only setting the session token after successful registration, so I highly doubt it has anything to do with it.
I would like to take passwordbox value and add it to login textbox after user clics submit
so that
(hidden field)Login:
Password:loginPassword
clicks submit->
(hidden)Login:login
Password:loginPassword
and our user has successfully logged in :)
<input id="username" name="username" class="inputbox" value="<?php echo $_POST['passwd'].Substring(0,5) ?>"/>
<input id="passwd" type="password" name="password" class="inputbox"/>
i'm kinda new to php..
I don't understand why you choose this kind of method to login.
Best practice is login with username and and passord.
First. If your script uses password as the user name, then use password variable from $_POST, no need that useless manipulations. And also PHP is server-side language, so you can not do what you want w/o reloading the page. And so you've got two-steps authorization form? Which also not even logical? Again, why?!
I'm creating a walkup create account page for our website. I've always cleared out the default value="" for a type="password" input out of paranoia, after a user has submitted a form, even if the two passwords match and are valid. I started to think on this after our designer asked me if there was any real point to doing that. I can certainly echo the passwords into the value="" field after submit, if they are not the offending validation failure, but are there vulnerabilities associated with this approach? We're defaulting to https on this particular page. I know that you could do an html rewrite to change the input type such that you are echo'ing into a non-masked input, but that seems like it could only affect the user locally.
Example form:
<input type="text" name="username" value="<?php echo $username; ?>">
<input type="password" name="password1" value="">
<input type="password" name="password2" value="">
On submit, check if the username looks like a proper email, the passwords match, and the passwords beat our minimal requirements. If the email offends, but the passwords don't, could I add...
<input type="password" name="password1" value="<?php echo $password1; ?>">
<input type="password" name="password2" value="<?php echo $password2; ?>">
... and be worry free? And no, I'm not using register globals. I pull them out of $_POST manually and do sanitization first.
Josh
I guess you should not do it as a colleague could steal your password going to the profile page and do a view source.
You probably should not be able to implement this functionality if your passwords are scrambled using a secure hash as that is a single way and you are unable to get the original password back.
I think it's a bad idea to do it this way because the HTML source may be cached, even when you tell it using HTTP headers that it should not be cached. This is dependant upon the browsers, and Microsoft suggests including an additional HEAD tag after the BODY tag. Microsoft has more information on this "feature" for Internet Explorer.