From 9257903bc8c7ba250e95bf7c60fe283ad7e39d0b Mon Sep 17 00:00:00 2001
From: matlam <matz-josh@gmx.de>
Date: Sun, 8 Jan 2017 05:33:04 +0100
Subject: [PATCH 1/3] prevent chrome from filling in the password field in the
 form for new members

if a system user saved their username amd password in their browser,
the browser uses it not only in the login form, but also in other
forms which have a input field of type password. That is the case
in the membership module when creating a new member

in Google Chrome/Chromium(tested with Chromium 55.0.2883.87 on Ubuntu 16.10)
the email-field shows the username in a popup and if the user clicks on it
the password is put in the first password field
also the password fields show a popup "Use password for: <username>"

with this commit the popup from the email-field is prevented

unfortunately firefox still autofills the password even though there is documentation saying something else:
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion
---
 admin/modules/membership/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin/modules/membership/index.php b/admin/modules/membership/index.php
index e70a22b1..b725ecb2 100755
--- a/admin/modules/membership/index.php
+++ b/admin/modules/membership/index.php
@@ -510,9 +510,9 @@ function getimagesizefromstring($string_data)
     // member email
     $form->addTextField('text', 'memberEmail', __('E-mail'), $rec_d['member_email'], 'style="width: 40%;"');
     // member password
-    $form->addTextField('password', 'memberPasswd', __('New Password'), null, 'style="width: 40%;"');
+    $form->addTextField('password', 'memberPasswd', __('New Password'), null, 'style="width: 40%;" autocomplete="new-password"');
     // member password confirmation
-    $form->addTextField('password', 'memberPasswd2', __('Confirm New Password'), null, 'style="width: 40%;"');
+    $form->addTextField('password', 'memberPasswd2', __('Confirm New Password'), null, 'style="width: 40%;" autocomplete="new-password"');
 
     // edit mode messagge
     if ($form->edit_mode) {

From d5c6938e1092c36f0a0c422f08ecbdf0300ec6cc Mon Sep 17 00:00:00 2001
From: matlam <matz-josh@gmx.de>
Date: Fri, 16 Sep 2016 00:59:59 +0200
Subject: [PATCH 2/3] add id to tr elements in forms for better styling

also add ids to labels in the bibliography form
---
 admin/modules/bibliography/index.php                         | 4 ++--
 simbio2/simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/admin/modules/bibliography/index.php b/admin/modules/bibliography/index.php
index ceab86be..f73963e9 100755
--- a/admin/modules/bibliography/index.php
+++ b/admin/modules/bibliography/index.php
@@ -591,14 +591,14 @@ function getimagesizefromstring($string_data)
   }
   $str_input  = '<a class="notAJAX btn btn-primary openPopUp notIframe" href="'.MWB.'bibliography/pop_pattern.php" height="420px" title="'.__('Add new pattern').'"><i class="glyphicon glyphicon-plus"></i> Add New Pattern</a>&nbsp;';
   $str_input .= simbio_form_element::selectList('itemCodePattern', $pattern_options, '', 'style="width: auto"').' &nbsp;';
-  $str_input .= __('Total item(s)').': <input type="text" class="small_input" style="width: 100px;" name="totalItems" value="0" /> &nbsp;';
+  $str_input .= '<label id="totalItemsLabel">' . __('Total item(s)').':</label> <input type="text" class="small_input" style="width: 100px;" name="totalItems" value="0" /> &nbsp;';
   // get collection type data related to this record from database
     $coll_type_q = $dbs->query("SELECT coll_type_id, coll_type_name FROM mst_coll_type");
     $coll_type_options = array();
     while ($coll_type_d = $coll_type_q->fetch_row()) {
         $coll_type_options[] = array($coll_type_d[0], $coll_type_d[1]);
     }
-  $str_input .= __('Collection Type').': '.simbio_form_element::selectList('collTypeID', $coll_type_options, '', 'style="width: 100px;"');;
+  $str_input .= '<label id="collTypeIDLabel">' . __('Collection Type').':</label> '.simbio_form_element::selectList('collTypeID', $coll_type_options, '', 'style="width: 100px;"');;
   $form->addAnything(__('Item(s) code batch generator'), $str_input);
   // biblio item add
   if (!$in_pop_up AND $form->edit_mode) {
diff --git a/simbio2/simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php b/simbio2/simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php
index 215c2196..a879217a 100755
--- a/simbio2/simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php
+++ b/simbio2/simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php
@@ -83,6 +83,10 @@ public function printOut()
          }
          // append row
          $_table->appendTableRow(array($row['label'], ':', $_form_element));
+         if(!empty($row['element']->element_name))
+         {
+            $_table->setCellAttr($_row_num+1, null, 'id="simbioFormRow' . $row['element']->element_name . '"');
+         }
          // set the column header attr
          $_table->setCellAttr($_row_num+1, 0, 'width="20%" valign="top"'.$this->table_header_attr);
          $_table->setCellAttr($_row_num+1, 1, 'width="1%" valign="top"'.$this->table_header_attr);

From 2526e5478ea3ddfcb16f63d2fc4ce38241baa88c Mon Sep 17 00:00:00 2001
From: matlam <matz-josh@gmx.de>
Date: Sun, 8 Jan 2017 08:36:20 +0100
Subject: [PATCH 3/3] prevent firefox from filling in the password field in the
 form for new members

if a system user saved their username amd password in their browser,
the browser uses it not only in the login form, but also in other
forms which have a input field of type password. That is the case
in the membership module when creating a new member

in Firefox(tested with Firefox 50.1.0 on Ubuntu 16.10), if only one password
was saved for the site, the email-field is automatically filled with the username
and the password is put in the first password field

with this commit a hidden dummyUserField and dummyPasswdField are added before
the email and password fields. These fields get filled with the username and password,
but it is not visible to the user, because the fields are hidden via css.

unfortunately the solution which was used for chrome (add autocomplete="new-password")
doesn't seem to work in firefox even though there is documentation saying something else:
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion
maybe this will be implemented on day and this commit can be reverted
---
 admin/modules/membership/index.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/admin/modules/membership/index.php b/admin/modules/membership/index.php
index b725ecb2..f672c486 100755
--- a/admin/modules/membership/index.php
+++ b/admin/modules/membership/index.php
@@ -507,6 +507,11 @@ function getimagesizefromstring($string_data)
 
     $form->addAnything(__('Photo'), $str_input);
 
+    // hidden username and password fields so that the password manager of the browser will not fill in the username in the memberEmail and the password in the memberPasswd field
+    $form->addTextField('text', 'dummyUserField', null, null, '');
+    $form->addTextField('password', 'dummyPasswdField', null, null, '');
+    echo '<style type="text/css">#simbioFormRowdummyPasswdField, #simbioFormRowdummyUserField {display: none}</style>';
+
     // member email
     $form->addTextField('text', 'memberEmail', __('E-mail'), $rec_d['member_email'], 'style="width: 40%;"');
     // member password