Re: [Phpslash-devel] Question about loginformCR
Brought to you by:
joestewart,
nhruby
From: Joe S. <jo...@be...> - 2001-12-14 19:28:08
|
I can't explain it very well, but the phplib docs might. The Challenge-Response login form is pretty much straight from the phplib distribution. Here's a comment from their original script ( crcloginform.ihtml) - "Changed the way of submitting the challenge:response with a 2nd login form. This fixes the problems some browsers have with overwriting the content of a password type input tag. <an...@ro...>" I believe NS4 won't clear the password field. So even if you have javascript, without this second form the password was sent clear text because the browser ignored the command to clear the field. Clear as mud, huh? On Fri, Dec 14, 2001 at 08:08:26PM +0100, Lars Heuer wrote: > Hi, > > I found something strange in loginformCR.tpl: > > Line 46: > -- > <form name="logintrue" action="{PHP_SELF}" method=post> > <input type="hidden" name="username" value=""> > <input type="hidden" name="challenge" value="{CHALLENGE}"> > <input type="hidden" name="response" value=""> > </form> > -- > > Why do we have the form "login" and "logintrue"? > > > Regards, > Lars > > |