Closed Bug 213619 Opened 22 years ago Closed 22 years ago

Problem with password manager and admin accounts using phpBB 2.04's administration panel

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: tlgjaymz, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030714 Mozilla Firebird/0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030714 Mozilla Firebird/0.6 If you use the password manager to save an admin account's username and password on a phpBB based forum, you'll discover that when using the administration panel to change another user's account, it'll change their username and the first password line to your own username and password. Reproducible: Always Steps to Reproduce: 1. Login to a phpBB forum where you have administrator access. 2. Allow Firebird to save your username/password details. 3. Select 'Administration Panel' at the bottom of the screen. 4. Select 'Management' under the 'User Admin' section at the bottom of the menu. 5. Type in the name of, or search for, a user account other than the one you are using. Actual Results: The person's username will be replaced with your one, and the first password entry will be automatically filled in. However, the second password line (for confirmation) will remain blank. Expected Results: The browser should not automatically fill in a username/password box if the page defines a default username (for when you are editing another user's account).
James, I have a feeling that this is invalid for the following reason that you will need to confirm since you apparently have access: The passwords are filled in by looking at the field name. The HTML code (look at View Source) of both pages probably has something like: <input type="password" name="password"> If both name attributes are the same on the administrator login and the user change forms then this is INVALID and is an issue you should submit to the phpBB forum people and tell why it should use different form control names. If not the same field name, then this may indeed be a valid bug. If you would take a look at the code on the two pages, and report the findings, we can move your bug through the bug fixing process.
In that case, it appears the problem is with phpBB, and not really an issue with Firebird after all. The source for the admin_users.php page (where this problem occurs) does indeed use the values "username" and "password" to identify the user's name and an entry to type the original password, ie: &lt;input class="post" type="text" name="username" size="35" maxlength="40" value="Kathleen" /&gt; &lt;input class="post" type="password" name="password" size="35" maxlength="100" value="" /&gt; For now, the work around is to simply not remember passwords for that particular site (which is probably the smartest thing to do anyways, if you're an admin for a board).
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.