[fix] autocomplete honeypot field to trick firefox: prevent auto-fili…

…ng of non-needed form passwords.

bureau/admin/adm_add.php

@@ -59,7 +59,12 @@
 	echo "<p class=\"alert alert-danger\">$error</p>";
 }
 ?>
-<form method="post" action="adm_doadd.php" id="main" name="main">
+<form method="post" action="adm_doadd.php" id="main" name="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table class="tedit">
 <tr><th><label for="login"><?php __("Username"); ?></label></th><td>
 	<input type="text" class="int" name="login" id="login" value="<?php ehe($login); ?>" size="20" maxlength="16" />
@@ -144,7 +149,6 @@
 </form>
 <script type="text/javascript">
  document.forms['main'].login.focus();
- document.forms['main'].setAttribute('autocomplete', 'off');
 </script>
 
 <?php include_once("foot.php"); ?>

bureau/admin/adm_edit.php

@@ -62,7 +62,12 @@
     echo "<p class=\"alert alert-danger\">$error</p>";
   }
 ?>
-<form method="post" action="adm_doedit.php" name="main" id="main">
+<form method="post" action="adm_doedit.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table class="tedit">
 <tr>
 	<th><input type="hidden" name="uid" value="<?php echo $uid ?>" />
@@ -173,6 +178,5 @@
 </p>
 <script type="text/javascript">
  document.forms['main'].pass.focus();
- document.forms['main'].setAttribute('autocomplete', 'off');
 </script>
 <?php include_once("foot.php"); ?>

bureau/admin/adm_mxaccount.php

@@ -90,7 +90,12 @@
 </table>
     <?php } ?>
 <p><?php __("If you want to allow a new server to access your mx-hosted domain list, give him an account."); ?></p>
-<form method="post" action="adm_mxaccount.php" name="main" id="main">
+<form method="post" action="adm_mxaccount.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table class="tedit">
 <tr><th><label for="newlogin"><?php __("Login"); ?></label></th><th><label for="newpass"><?php __("Password"); ?></label></th></tr>
 <tr>
@@ -106,6 +111,5 @@
 
 <script type="text/javascript">
 document.forms['main'].newlogin.focus();
-document.forms['main'].setAttribute('autocomplete', 'off');
 </script>
 <?php include_once("foot.php"); ?>

bureau/admin/adm_slavedns.php

@@ -153,7 +153,12 @@
 
 <p><?php __("If you want to allow a new server to access your domain list, give him an account."); ?></p>
 
-<form method="post" action="adm_slavedns.php" name="main" id="main">
+<form method="post" action="adm_slavedns.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
   <table class="tedit">
     <tr><th><label for="newlogin"><?php __("Login"); ?></label></th><th><label for="newpass"><?php __("Password"); ?></label></th></tr>
     <tr>
@@ -165,7 +170,6 @@
 </form>
 
 <script type="text/javascript">
-  document.forms['main'].setAttribute('autocomplete', 'off');
   document.forms['main'].newip.focus();
 $(function(){
 	$(".toggle-next").on("click",function(){

bureau/admin/ftp_edit.php

@@ -64,7 +64,12 @@
 	echo "<p class=\"alert alert-danger\">$error</p>";
 }
 ?>
-<form method="post" action="ftp_doedit.php" name="main" id="main">
+<form method="post" action="ftp_doedit.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
   <input type="hidden" name="id" value="<?php echo $id ?>" />
   <input type="hidden" name="create" value="<?php echo $create ?>" />
   <table border="1" cellspacing="0" cellpadding="4" class="tedit">
@@ -102,7 +107,6 @@
 
 <script type="text/javascript">
 document.forms['main'].login.focus();
-document.forms['main'].setAttribute('autocomplete', 'off'); 
 
 function ftp_edit_pass_toggle() {
   $('#ftp_tr_pass1').toggle();

bureau/admin/hta_adduser.php

@@ -44,7 +44,12 @@
 	}
 ?>
 
-<form method="post" action="hta_doadduser.php" name="main" id="main">
+<form method="post" action="hta_doadduser.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table border="1" cellspacing="0" cellpadding="4" class='tedit'>
 	<tr>
 		<th><input type="hidden" name="dir" value="<?php ehe($dir); ?>" /><?php __("Folder"); ?></th>

bureau/admin/hta_edit.php

@@ -90,7 +90,12 @@
 <fieldset>
   <legend><h3><?php __("Adding an authorized user"); ?></h3></legend>
 
-  <form method="post" action="hta_doadduser.php" name="main" id="main">
+  <form method="post" action="hta_doadduser.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
     <table class="tedit">
       <tr>
         <th><input type="hidden" name="dir" value="<?php echo $dir ?>" /><?php __("Folder"); ?></th>
@@ -118,7 +123,6 @@
 
 <script type="text/javascript">
   document.forms['main'].user.focus();
-  document.forms['main'].setAttribute('autocomplete', 'off'); 
 </script>
 
 <?php include_once("foot.php"); ?>

bureau/admin/hta_edituser.php

@@ -43,7 +43,12 @@
 
 <?php if (!empty($error) ) { echo "<p class=\"alert alert-danger\">$error</p>"; } ?>
 
-<form method="post" action="hta_doedituser.php" name="main" id="main">
+<form method="post" action="hta_doedituser.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
   <input type="hidden" name="dir" value="<?php echo $dir ?>">
   <input type="hidden" name="user" value="<?php echo $user ?>">
   <table border="1" cellspacing="0" cellpadding="4" class='tedit'>
@@ -70,7 +75,6 @@
 
 <script type="text/javascript">
   document.forms['main'].newpass.focus();
-  document.forms['main'].setAttribute('autocomplete', 'off');
 </script>
 
 <?php include_once("foot.php"); ?>

bureau/admin/mail_edit.php

@@ -61,7 +61,12 @@
 }
 ?>
 
-<form action="mail_doedit.php" method="post" name="main" id="main">
+<form action="mail_doedit.php" method="post" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <input type="hidden" name="mail_id" value="<?php echo $mail_id; ?>" />
 <table class="tedit">
   <tr><th colspan="2"><b><?php __("Is this email enabled?"); ?></b></th></tr>
@@ -93,8 +98,8 @@
       <div id="poptbl">
 	<table class="tedit" >
           <tr id='mail_edit_pass' style='display: none;'><td colspan='2'><a href='javascript:mail_edit_pass();'><?php __("Click here to edit the existing password");?></a></td></tr>
-	  <tr id='mail_edit_pass1'><td><label for="pass"><?php __("Enter a POP/IMAP password"); ?></label></td><td><input type="password" class="int" autocomplete="off" name="pass" id="pass" value="" size="20" maxlength="32" autocomplete="off" /><?php display_div_generate_password(DEFAULT_PASS_SIZE,"#pass","#passconf"); ?></td></tr>
-	  <tr id='mail_edit_pass2'><td><label for="passconf"><?php __("Confirm password"); ?></label></td><td><input type="password" class="int" autocomplete="off" name="passconf" id="passconf" value="" size="20" maxlength="32" autocomplete="off" /></td></tr>
+	  <tr id='mail_edit_pass1'><td><label for="pass"><?php __("Enter a POP/IMAP password"); ?></label></td><td><input type="password" class="int" autocomplete="off" name="pass" id="pass" value="" size="20" maxlength="32" /><?php display_div_generate_password(DEFAULT_PASS_SIZE,"#pass","#passconf"); ?></td></tr>
+	  <tr id='mail_edit_pass2'><td><label for="passconf"><?php __("Confirm password"); ?></label></td><td><input type="password" class="int" autocomplete="off" name="passconf" id="passconf" value="" size="20" maxlength="32" /></td></tr>
 	  <tr><td><label for="quotamb"><?php __("Maximum allowed size of this Mailbox"); ?></label></td><td><input type="text" class="int intleft" style="text-align: right" name="quotamb" id="quotamb" value="<?php ehe($quotamb); ?>" size="7" maxlength="6" /><span class="int intright"><?php __("MB"); ?></span></td></tr>
 	</table>
       </div>
@@ -122,15 +127,7 @@
 }
 ?>
 <script type="text/javascript">
-    $(document).ready(function() {
-    $('#email').focus();
-    <?php if (!$islocal) { ?>
-    popoff();
-    <?php } ?>
-    $('#turnoff').hide();
-    $('#pass').attr('autocomplete','off');
-    $('#passconf').attr('autocomplete','off');
-});
+
 function popoff() {
     $('#turnoff').show(); 
     $('#poptbl').addClass('grey'); 

bureau/admin/mem_param.php

@@ -77,7 +77,12 @@
 echo "<p>";
  __("help_chg_passwd"); ?>
 </p>
-<form method="post" action="mem_passwd.php" name="main" id="main">
+<form method="post" action="mem_passwd.php" name="main" id="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table border="1" cellspacing="0" cellpadding="4" class="tedit" >
 <tr><th><?php __("Old password"); ?></th><td><input type="password" class="int" name="oldpass" value="<?php isset($oldpass) ? : $oldpass=""; echo $oldpass; ?>" size="20" maxlength="128" /></td></tr>
 <tr><th><?php __("New password"); ?> (1)</th><td><input type="password" class="int" autocomplete="off" id="newpass" name="newpass" value="<?php isset($newpass) ? : $newpass=""; echo $newpass;  ?>" size="20" maxlength="60" /><?php display_div_generate_password(DEFAULT_PASS_SIZE,"#newpass","#newpass2"); ?></td></tr>

bureau/admin/sql_list.php

@@ -110,8 +110,4 @@
 }
 }
 ?>
-<script type="text/javascript">
-//document.forms['main'].pass.focus();
-//document.forms['main'].setAttribute('autocomplete', 'off');
-</script>
 <?php include_once("foot.php"); ?>

bureau/admin/sql_users_add.php

@@ -53,7 +53,12 @@
 		}
 	}
 ?>
-<form method="post" action="sql_users_doadd.php" id="main" name="main">
+<form method="post" action="sql_users_doadd.php" id="main" name="main" autocomplete="off">
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table class="tedit">
 <tr>
   <th><label for="usern"><?php __("Username"); ?></label></th>
@@ -80,7 +85,5 @@
   } else {
     document.forms['main'].usern.focus();
   }
-  document.forms['main'].setAttribute('autocomplete', 'off');
-
 </script>
 <?php include_once("foot.php"); ?>

bureau/admin/sql_users_password.php

@@ -52,8 +52,13 @@
 
 ?>
 
-<form method="post" action="sql_users_dopassword.php">
+<form method="post" action="sql_users_dopassword.php" autocomplete="off">
 <input type="hidden" name="id" value="<?php echo $id; ?>" />
+
+<!-- honeypot fields -->
+<input type="text" style="display: none" id="fakeUsername" name="fakeUsername" value="" />
+<input type="password" style="display: none" id="fakePassword" name="fakePassword" value="" />
+
 <table cellspacing="0" cellpadding="4" class="tedit">
   <tr>
     <th><label for="password"><?php __("Password"); ?></label></th>