I'm working on the user registration part of my site.

User registration works fine, but there's an oddity with password management.

The use I registered is username: someone

After logging in, I told firefox to save the username and password.

I then went to the UserPrefs page to test both e-mail and password change.


FireFox for some reason auto-filled in the username in the verify e-mail field for the Update E-Mail Address form.

Even though the form requires valid login to even see, for security reasons I want valid password entered. I don't mind the auto-filling in of the password by firefox, I do mind that it decided to put the login name in the field before it.

Here's the html for that form:

<h2>Account Settings</h2>
      <form id="formemail" method="post" action="UserPrefs">
        <fieldset id="fieldsetemail" class="leftFloat">
          <legend>Update E-Mail Address</legend>

<p><strong>NOTE</strong>: Updating your e-mail address will result in a temporarily disabled account until your new e-mail address has been validated.</p>
          <div id="divemail" class="formFloat">
              <label for="email">New E-Mail</label>
              <input type="text" id="email" name="email" size="64"/>

              <label for="vemail">Verify New E-Mail</label>
              <input type="text" id="vemail" name="vemail" size="64"/>
          <div id="divemailpassword" class="formFloat">

              <label>Enter Current Password</label>
<input type="password" id="emailpassword" name="password" size="20"/>
        <div id="email_submit" class="formFloat">
          <input type="hidden" name="ptoken" value="*snip*"/>

          <input type="submit" id="imail" name="imail" value="Submit"/>

The id for the input it is incorrectly auto-filling is vemail.
Is there a way to flag firefox not to autofill the username for that form? I thought it would be smart enough not to because the field name/id is different than the login field id/name but apparantly not.

Furthermore, when testing the e-mail change, FireFox asked if I wanted to save the password. I said yet to see what happens - and now it has the e-mail stored as a possible username for the site, which is blatently wrong. There must be a way to disable it.

I suppose I could remove the password field from the form, and upon submit - then ask for password verification on a different form, but that seems kind of sucky.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to