0

It seems that Firefox (v 39.0) cannot send a form via http if the form contains a field of type password. After submitting the following form Firefox clears the page and stops execution of the page. Firebug shows status code 200 for this post and no erros or warnings. In Chrome the script works as expected.

<!DOCTYPE html>
<html>
<head>
    <title>Password Test</title>
</head>
<body>
    <?php 
    echo '<pre>Post-Data: '; print_r($_POST); echo '</pre>';

    if (isset($_POST['password'])) { 
        echo '<div>Password is: ' . $_POST['password'] . '</div>'; 
    }
    ?>

    <form action="./" method="post">
    Password: <input name="password" type="password" placeholder="Password">
    <button type="submit">Submit</button>
    </form>
</body>
</html>

I guess it's some security restriction. And I know that I should use https for password forms, but this is a decision of my boss. So, how can I change this Firefox behaviour?

Fabian_Z071
  • 275
  • 1
  • 11
  • 1
    Could try making the form action PHP_SELF. – Steve Jan 08 '16 at 15:56
  • What is your original form action, is it really `./`? You should put the name of the target page there, ideally it is an absolute URL. – martinstoeckli Jan 08 '16 at 16:01
  • Oddly enough it works as anticipated with`action=""` though this is not recommended. It does also work as per martinstoeckli's method. – Steve Jan 08 '16 at 16:13
  • 3
    Using `./` as an action means to fetch the index file in the current folder your form is executed in. If your form isn't `index.php` then that could be an issue here. Use `action=""` for "self" as in the current file. – Funk Forty Niner Jan 08 '16 at 16:14
  • Try `
    `
     – Steve Jan 08 '16 at 16:23
  • 2
    Again, perhaps oddly, the spec for html4 says action="" can be used but in html5 the spec says action= should be left out altogether if it is not specified as a valid url ...but it still does seem to work. Interesting background http://stackoverflow.com/questions/9401521/is-action-really-required-on-forms – Steve Jan 08 '16 at 16:28
  • 1
    Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Jan 08 '16 at 16:46

2 Answers2

0

I have tested your code and I believe your action to be wrong and should be just action="?"

online Thomas
  • 8,864
  • 6
  • 44
  • 85
0

Ok, Problem was not the action attribute. I started Firefox with a new profile and now the script works fine. But I'm not sure which setting in the old profile caused the issue.

Fabian_Z071
  • 275
  • 1
  • 11