Home > blog > castlin > 2010 > 02

Disable login field memory

February 16th, 2010
in

Here's a tweak that makes the login form a little more secure. It attempts to disable the auto-complete features of browsers to remember the values of the username and password fields.

<?php
function example_form_alter(&$form, $form_state, $form_id) {
  if ($form_id == 'user_login') {
    $form['name']['#attributes']['autocomplete'] = 'off';
    $form['name']['#attributes']['disableAutoComplete'] = 'true';
    $form['pass']['#attributes']['autocomplete'] = 'off';
    $form['pass']['#attributes']['disableAutoComplete'] = 'true';
  }
}
?>

Sadly, the "autocomplete" and "disableAutoComplete" aren't standard attributes, so the form won't W3 validate, but for a site where it usually lives on its own page, it might be worth the tradeoff.

on the user edit screen

On April 28th, 2010 castlin said:

Here's how to apply this to the user edit screen, so you don't constantly get "The specified passwords don't match" when trying to edit an account as an admin.

<?php
function example_form_alter(&$form, &$form_state, $form_id) {
  if ($form_id == 'user_profile_form' && $form['_category']['#value'] == 'account') {
    $form['account']['pass']['#after_build'][] = '_disable_password_memory';
  }
}

function _disable_password_memory($form_element, &$form_state) {
  $form_element['pass1']['#attributes']['autocomplete'] = 'off';
  $form_element['pass2']['#attributes']['autocomplete'] = 'off';
  $form_element['pass1']['#attributes']['disableAutoComplete '] = 'true';
  $form_element['pass2']['#attributes']['disableAutoComplete '] = 'true';
  return $form_element;
}
?>

Great content

On November 15th, 2012 Anonymous (not verified) said:

Great content
http://nhanvienseo.com

Full Sail tell us that every year their brewers

On November 20th, 2012 bep ga (not verified) said:

Great content