General developer forum

Turn off auto complete on password textbox

 
Picture of Anthony Nguyen
Turn off auto complete on password textbox
 

I am creating a form that has 2 fields of type textbox and password. 

$mform->addElement('text', 'username', get_string('onepay_username', 'admin'), $editoroptions)->setValue( array('text' => $username) );
$mform->addRule('username', get_string('onepay_username_invalid', 'course'), 'required', null, 'client');
//$mform->setType('username', PARAM_RAW);

$mform->addElement('password', 'password', get_string('onepay_password', 'admin'), $editoroptions)->setValue( array('text' => $password) );
$mform->addRule('password', get_string('onepay_password_invalid', 'course'), 'required', null, 'client');
//$mform->setType('password', PARAM_RAW);


One problem I have encountered is the password field keeps being auto-filled.


Can anyone tell me how to disable auto-complete please? Thanks.

 
Average of ratings: -
Picture of Alex Noble
Re: Turn off auto complete on password textbox
 

I think the admin settings have an option for autocomplete referenced as loginpasswordautocomplete

It is a tickbox that when selected stops the browser being able to use autocomplete but I would guess it is adding the html form tag autocomplete="off"

/admin/search.php?query=autocomplete

 
Average of ratings: -
Picture of Richard Oelmann
Re: Turn off auto complete on password textbox
Core developersParticularly helpful MoodlersPlugin developersTesters

I believe there was a discussion around this issue - i want to say not long ago, but it may have been last year - where ir was raised that this is in fact a browser function (Chrome?), rather than a moodle specific one?

 
Average of ratings: -
Picture of Marina Glancy
Re: Turn off auto complete on password textbox
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters

Hello,

we have faced the same problem with standard fields that store shared secrets that are not passwords but should not be visible.

Unfortunately latest versions of browsers completely ignore autocomplete=off and still populate <input type="password"> with the password.

There were several attempts to trick the browsers and yet browsers would release new versions and ignore all our tricks again.

In the end special form element 'passwordunmask' was added in MDL-53048 (Moodle 3.2) to both moodleforms and admin settings.


If you develop plugin for Moodle 3.1 or earlier there is no neat solution unfortunately. You can choose to use 'text' field if you really don't want autocomplete

 
Average of ratings: -
Picture of Anthony Nguyen
Re: Turn off auto complete on password textbox
 
I've found a workaround to bypass autocomplete. I set some default value for the password textbox. Amazingly that Google Chrome ignores all texboxes that have default values set.
 
Average of ratings: -
Picture of Robert Payne
Re: Turn off auto complete on password textbox
 

I've noticed this is a problem for anyone editing user profiles too. The username and password gets automatically filled in to the Address and User Salt fields at the end of the page.

example

This can lead to the editing user's username and password being leaked if they're not attentive because the user salt is displayed when you view the user's profile after.

example2

I've noticed this as a problem since our site was 2.9, we're currently on 3.3 and it's still present.

 
Average of ratings: -