Solved

lastpass auto fill login form

Posted on 2016-11-09
5
21 Views
Last Modified: 2016-11-14
We have a login form but lastpass does not detect it as a login form. The form is using an onclick event to call a php script via jQuery.

<form name="myform">
<table class="table" width=500 align="center">
        <tr>
                <td><b>Username:</b><br><input type="text" name="uuname" placeholder="User Name" size=20></td>
        </tr>
        <tr>                <td><b>Password:</b><br><input type="password" id="password" name="uupass" placeholder="Password" size=20 onkeypress="if(event.keyCode==13) { loginfrm(this.form); return false;}"></td>
        </tr>
        <tr>
                <td><center>
                <input type="button" value="Forgot Password" class="btn btn-warning" onclick="document.location.href='index.php?section=forgot_pw'">&nbsp;&nbsp;
                <input type="button" name="login" value="Login" class="btn btn-primary" onclick="loginfrm(this.form)"></center></td>
        </tr>
</table>
</form>


<script>
function loginfrm(myform) {
        $.get('ajax/login.php',
        $(myform).serialize(),
        function(php_msg) {
        $("#main_element").html(php_msg);
        });
}
</script>

Open in new window


How would I modify the onclick to tell lastpass this is a site that should be saved for auto fill.
0
Comment
Question by:Robert Saylor
5 Comments
 
LVL 42

Accepted Solution

by:
Chris Stanyon earned 500 total points
Comment Utility
LastPass advise that you don't use AJAX for your Login. It also advises that you don't use GET - you're using both.

Regardless of LastPass, you REALLY shouldn't be passing the users login details as part of the query string! That's a security problem just waiting to happen. At least use POST.

I think it would also help LastPass if you name your fields a little more in line with convention (username / password, rather than uuname / uupass)
1
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Agree with Chris (I usually do).  Use POST because this changes the state of the server.  Use HTTPS because this contains sensitive information.
0
 

Author Comment

by:Robert Saylor
Comment Utility
Thanks I am rewritting the login to use a form post instead of AJAX.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0
 
LVL 82

Expert Comment

by:leakim971
Comment Utility
If you don't want to reload the page, you may use an iframe to post your form. Just set the target attribute of your form with the name of your iframe

<form target="my_iframe_name" method="post"

</form>
<iframe name="my_iframe_name"

You should be able to read content of the iframe using its load event as he share the same origin and protocol than with the page.
1

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now