Solved

lastpass auto fill login form

Posted on 2016-11-09
5
89 Views
Last Modified: 2016-11-14
We have a login form but lastpass does not detect it as a login form. The form is using an onclick event to call a php script via jQuery.

<form name="myform">
<table class="table" width=500 align="center">
        <tr>
                <td><b>Username:</b><br><input type="text" name="uuname" placeholder="User Name" size=20></td>
        </tr>
        <tr>                <td><b>Password:</b><br><input type="password" id="password" name="uupass" placeholder="Password" size=20 onkeypress="if(event.keyCode==13) { loginfrm(this.form); return false;}"></td>
        </tr>
        <tr>
                <td><center>
                <input type="button" value="Forgot Password" class="btn btn-warning" onclick="document.location.href='index.php?section=forgot_pw'">&nbsp;&nbsp;
                <input type="button" name="login" value="Login" class="btn btn-primary" onclick="loginfrm(this.form)"></center></td>
        </tr>
</table>
</form>


<script>
function loginfrm(myform) {
        $.get('ajax/login.php',
        $(myform).serialize(),
        function(php_msg) {
        $("#main_element").html(php_msg);
        });
}
</script>

Open in new window


How would I modify the onclick to tell lastpass this is a site that should be saved for auto fill.
0
Comment
Question by:Robert Saylor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 43

Accepted Solution

by:
Chris Stanyon earned 500 total points
ID: 41881079
LastPass advise that you don't use AJAX for your Login. It also advises that you don't use GET - you're using both.

Regardless of LastPass, you REALLY shouldn't be passing the users login details as part of the query string! That's a security problem just waiting to happen. At least use POST.

I think it would also help LastPass if you name your fields a little more in line with convention (username / password, rather than uuname / uupass)
1
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41881158
Agree with Chris (I usually do).  Use POST because this changes the state of the server.  Use HTTPS because this contains sensitive information.
0
 

Author Comment

by:Robert Saylor
ID: 41881161
Thanks I am rewritting the login to use a form post instead of AJAX.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41881191
0
 
LVL 82

Expert Comment

by:leakim971
ID: 41881194
If you don't want to reload the page, you may use an iframe to post your form. Just set the target attribute of your form with the name of your iframe

<form target="my_iframe_name" method="post"

</form>
<iframe name="my_iframe_name"

You should be able to read content of the iframe using its load event as he share the same origin and protocol than with the page.
1

Featured Post

Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question