Disable Autocomplete / AutoFill across WHMCS Admin
-
myworksdesign shared this idea 8 years ago
- Admin Area
- 19 Comments
64
Votes
Login to Vote
This topic has already unfortunately been broached on a smaller issue for the SMTP fields in settings, but there is an annoying issue across all of the WHMCS admin, where any browser will autofill / autocomplete the WHMCS admin (or any saved login info) login to any username/password fields in WHMCS. This is extremely annoying in the following cases, to name a few.
- Editing / Viewing a client Profile
- Editing / Viewing custom support ticket fields that contain a username/password field
- Editing / Viewing custom module options that contain a username/password
- Editing / Viewing WHMCS General Settings > SMTP settings
- And many more scenarios.
This can be resolved very easily by either adding a hidden username/password field to the top of the page code to trap this browser autocomplete/autofill or using the autocomplete="off" css setting in the fields above.
This is a very simple fix that will save 100% of WHMCS users grief every day.
- Editing / Viewing a client Profile
- Editing / Viewing custom support ticket fields that contain a username/password field
- Editing / Viewing custom module options that contain a username/password
- Editing / Viewing WHMCS General Settings > SMTP settings
- And many more scenarios.
This can be resolved very easily by either adding a hidden username/password field to the top of the page code to trap this browser autocomplete/autofill or using the autocomplete="off" css setting in the fields above.
This is a very simple fix that will save 100% of WHMCS users grief every day.
Merged Ideas
Disable autocomplete in Setup->General->Mail on smtp user/pass fields
Well this "feature" is a bit annoying:If I save my access credentials to whmcs in Firefox and then go to Setup->General Settings->Mail, those SMTP user/pass fields are autocompleted with my whmcs credentials. If I change anything else, it gets saved to database in plain text.The relevant HTML is here:<tr><td class="fieldlabel">SMTP Username</td><td class="fieldarea"><input type="text" name="smtpusername" size="35" value=""></td></tr><tr><td class="fieldlabel">SMTP Password</td><td class="fieldarea"><input type="password" name="smtppassword" size="20" value=""></td></tr>All that is needed is adding a parameter to both fields:autocomplete="off"This surely can be done easily and in a timely manner, right? :)b.
Well this "feature" is a bit annoying:If I save my access credentials to whmcs in Firefox and then go to Setup->General Settings->Mail, those SMTP user/pass fields are autocompleted with my whmcs credentials. If I change anything else, it gets saved to database in plain text.The relevant HTML is here:<tr><td class="fieldlabel">SMTP Username</td><td class="fieldarea"><input type="text" name="smtpusername" size="35" value=""></td></tr><tr><td class="fieldlabel">SMTP Password</td><td class="fieldarea"><input type="password" name="smtppassword" size="20" value=""></td></tr>All that is needed is adding a parameter to both fields:autocomplete="off"This surely can be done easily and in a timely manner, right? :)b.
22 Comments
Login to post a comment.
annoying behaviour.
Apache's mod_substitute (https://httpd.apache.org/docs/2.4/mod/mod_substitute.html) can be used to change test/password field type to 'hidden'.
Here are the directives for 6.1.1 (remove line breaks if this website inserts them):
Substitute 's|<tr><td class="fieldlabel">SMTP Username</td><td class="fieldarea"><input type="text" name="smtpusername" size="35" value=""></td></tr>|<tr><td class="fieldlabel">SMTP Username</td><td class="fieldarea"><input type="hidden" name="smtpusername" size="35" value=""></td></tr>|n'
Substitute 's|<tr><td class="fieldlabel">SMTP Password</td><td class="fieldarea"><input type="password" name="smtppassword" size="20" value=""></td></tr>|<tr><td class="fieldlabel">SMTP Password</td><td class="fieldarea"><input type="hidden" name="smtppassword" size="20" value=""></td></tr>|n'
Have fun,
b.