I'm working on the user registration part of my site.
User registration works fine, but there's an oddity with password
The use I registered is username: someone
After logging in, I told firefox to save the username and password.
I then went to the UserPrefs page to test both e-mail and password change.
FireFox for some reason auto-filled in the username in the verify e-mail
field for the Update E-Mail Address form.
Even though the form requires valid login to even see, for security
reasons I want valid password entered. I don't mind the auto-filling in
of the password by firefox, I do mind that it decided to put the login
name in the field before it.
Here's the html for that form:
<form id="formemail" method="post" action="UserPrefs">
<fieldset id="fieldsetemail" class="leftFloat">
<legend>Update E-Mail Address</legend>
<p><strong>NOTE</strong>: Updating your e-mail address will
result in a temporarily disabled account until your new e-mail address
has been validated.</p>
<div id="divemail" class="formFloat">
<label for="email">New E-Mail</label>
<input type="text" id="email" name="email" size="64"/>
<label for="vemail">Verify New E-Mail</label>
<input type="text" id="vemail" name="vemail" size="64"/>
<div id="divemailpassword" class="formFloat">
<label>Enter Current Password</label>
<input type="password" id="emailpassword" name="password"
<div id="email_submit" class="formFloat">
<input type="hidden" name="ptoken" value="*snip*"/>
<input type="submit" id="imail" name="imail" value="Submit"/>
The id for the input it is incorrectly auto-filling is vemail.
Is there a way to flag firefox not to autofill the username for that
form? I thought it would be smart enough not to because the field
name/id is different than the login field id/name but apparantly not.
Furthermore, when testing the e-mail change, FireFox asked if I wanted
to save the password. I said yet to see what happens - and now it has
the e-mail stored as a possible username for the site, which is
blatently wrong. There must be a way to disable it.
I suppose I could remove the password field from the form, and upon
submit - then ask for password verification on a different form, but
that seems kind of sucky.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php