From: Ted B. <ted...@mo...> - 2003-03-13 05:34:37
|
I administer a Squirrelmail server with 60 users, many of whose caps lock keys are permanently soldered to the ON position. :) To improve usability, I've modified /src/login.php to check the username and password fields prior to form submission, using Javascript. If either field is all caps, an OK/Cancel dialog prompts the user to convert that field to lowercase. If the user clicks Cancel, the field will remain in all caps. If JavaScript is disabled, the form will submit normally. The use of this code at all can be toggled by setting $login_uppercase_prompt in /config/config.php . I had a terrific discussion with Erin Schnabel and Rick Castello tonight about this patch, in #squirrelmail on sterling.freenode.net. Erin and Rick both disagreed philosophically with this feature. To my understanding, they feel code should never alter a user's password, for fear that the user will think his password is being handled insecurely. Alternatively, they said users with stuck caps lock keys should be assigned all caps passwords. :) Following is a patch for /src/login.php against 1.2.11. You will need to add "$login_uppercase_prompt = true" to /config/config.php or the top of /src/login.php for this to work. This is my first patch, so hopefully it's in the right format. FWIW, I copied login.php to login_old.php before making changes. If this passes muster, I'd like this to appear as a plugin, under the "Logging in" section. diff -u login_old.php login.php --- login_old.php Wed Mar 12 23:34:17 2003 +++ login.php Wed Mar 12 23:37:54 2003 @@ -102,6 +102,21 @@ " }\n". "// -->\n". "</script>\n"; + +if ($login_uppercase_prompt) { + $header .= + '<script type="text/javascript"> + function check_caps(field_name, field_obj) { + if (field_obj.value == field_obj.value.toUpperCase()) { + if (confirm("Your " + field_name + " is in ALL CAPS. Should it be lowercase instead?")) { + field_obj.value = field_obj.value.toLowerCase(); + } + } + return true; + }'. + "\n</script>\n"; +} + $custom_css = 'none'; displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE ); @@ -157,7 +172,10 @@ " </TR>\n". " </TABLE></TD></TR>\n". " <TR><TD>\n". - ' <CENTER><INPUT TYPE=SUBMIT VALUE="' . _("Login") . "\"></CENTER>\n". + ' <CENTER><INPUT TYPE=SUBMIT VALUE="' . _("Login") . '"'. + ( $login_uppercase_prompt ? " ONCLICK=\"check_caps('username', $username_form_name);". + "check_caps('password', $password_form_name)\"" : '' ) . + "></CENTER>\n". " </TD></TR>\n". "</TABLE>\n". "</CENTER>\n"; Ted Behling, Chief Penguin Surgeon Monarch Information Systems, Inc. tbe...@mo... |