Multiple form authentication in the same domain

Question

I have a website with two form authentication in different pages, have different input name and link to different pages . The problem is that when I save my authentication to a browser (chrome) of a form , the browser fill in the fields with the same data in the other form . How is it possible?

First form

<form action="" method="POST" enctype="multipart/form-data">
              <div class="form-group">
                <label for="exampleInputEmail1">Email</label>
                <input type="email" name="private_email" class="form-control" id="email1" value="" placeholder="Enter email" required>
              </div>
              <div class="form-group">
                <label for="exampleInputPassword1">Password</label>
                <input type="password" class="form-control" name="private_password" value="" id="password1" placeholder="Password" required>
              </div>
              <input type="submit" name="login" class="btn btn-default" value="Login">
            </form>

Second Form (It is a form of a cms)

<form action="http://escuolainsieme.it/shop/login" method="post" id="login_form" class="box">
            <h3 class="page-subheading">Sei già registrato?</h3>
            <div class="form_content clearfix">
                <div class="form-group form-ok">
                    <label for="email">Indirizzo email</label>
                    <input class="is_required validate account_input form-control" data-validate="isEmail" type="text" id="email" name="email" value="">
                </div>
                <div class="form-group">
                    <label for="passwd">Password</label>
                    <span><input class="is_required validate account_input form-control" type="password" data-validate="isPasswd" id="passwd" name="passwd" value=""></span>
                </div>
                <p class="lost_password form-group"><a href="http://escuolainsieme.it/shop/recupero-password" title="Recupera la password dimenticata" rel="nofollow">Hai dimenticato la password?</a></p>
                <p class="submit">
                    <input type="hidden" class="hidden" name="back" value="my-account">                     <button type="submit" id="SubmitLogin" name="SubmitLogin" class="button btn btn-default button-medium">
                        <span>
                            <i class="icon-lock left"></i>
                            Entra
                        </span>
                    </button>
                </p>
            </div>
        </form>

Login.php

<?php session_start(); // Starting Session
$error = ''; // Variable To Store Error Message 
if (isset($_POST['private_login'])) {
if (empty($_POST['private_email']) || empty($_POST['private_password'])) {
    $error = "<div class='alert alert-danger'>Compila tutti i campi</div>";
} else {
    $email = mysqli_real_escape_string(conn(), $_POST['private_email']);
    $password = mysqli_real_escape_string(conn(), $_POST['private_password']);
    $cls_utente = new utente();
    if ($cls_utente->check_user($email, $password) == 1) {
        $_SESSION['login_user'] = $email; // Initializing Session
        $_SESSION['is_logged']  = true;
    } else {
        $error .= "<div class='alert alert-danger'>Email o password errati</div>";
    }
}}?>

Are you asking how to make it stop, or how it is doing that? — Epodax, Jun 09 '15 at 08:43
@KarthikKeyan no the problem is that when I save my login details by chrome or any other browser , and I access another form, fill in the fields of the other form . This happens when i have two identical email saved in tables of belonging — Eliana, Jun 09 '15 at 09:48
@KarthikKeyan as in the code that I posted there one submit for form — Eliana, Jun 09 '15 at 09:58
Just Try, i am not understand the clear, Use different name for input type button and if(isset($_POST['BUTTON_NAME'])){ //some code} — Karthik Keyan, Jun 09 '15 at 10:03
@KarthikKeyan I do this already. In the settings of browser, section of saved passwords, I have the url where is one of the form with the saved password , but the other form no , and that's fine ok . But when I go into the form where I did not save my login , I find instead the fields of the login form filled by the other form . — Eliana, Jun 09 '15 at 10:12
Impossible, How another from values can posted inside the if condition — Karthik Keyan, Jun 09 '15 at 10:22
@KarthikKeyan i add the login.php . but the problem not this. the problem is with saving the password through the browser . In the section of the saved passwords i have the url of the form of reference correctly , but when I access the other form in which NOT I saved my password , however I find the fields filled , but of course with the wrong password (being that of another form) and this happens when I do I have two identical email is in a form that the other. — Eliana, Jun 09 '15 at 10:32

Murugan Vellaisamy · Answer 1 · 2015-06-09T08:51:14.067

0

You must add another one column in your user table, example if you add type column the value set default super admin,moderator, user. Now you can check the login authentication with this column.If user-name and password and type is equal redirect to particular page.so you can redirect different page depends upon the user type..

edited Jun 09 '15 at 08:51

answered Jun 09 '15 at 08:44

Murugan Vellaisamy

334
3
15

score 0 · Accepted Answer · edited May 23 '17 at 11:58

0

You can try using autocomplete="false" or autocomplete="off" to disable it, not sure if it will work but give it a try.

As far as i am concerned it's not possible to make the browser 'realize' that they are different forms and they should not be auto-filled with the same data.

Have a look at these 2 answers, answer1 answer2 for more information how browser detects the forms.

edited May 23 '17 at 11:58

Community

1
1

answered Jun 09 '15 at 11:19

Sotiris Kiritsis

3,178
3
23
31

Thank you so much.. i read the second answer and i solved my problem! But I don't understand this behavior on all browsers. – Eliana Jun 09 '15 at 12:20

Multiple form authentication in the same domain

2 Answers2