Autofill password incorrect! Need to login twice. Has this ever been solved???

[Mr Cat]

OK thanks. It would be nice to know exactly why I have to disable a standard function in SMF without knowing exactly why it's broken in this particular situation, and if and when the situation is likely to occur for my forum users though.

[Arantor]

Because IE doesn't adhere to any kind of standard properly, and tries to store values it's not supposed to. Since the behaviour changes every version, if only slightly, getting a consistent fix has been problematic.

The Javascript tries to do its part to protect your password, and has no ability to influence what mess IE makes of the rest of it.

[Mr Cat]

Thanks I do appreciate your help here.
I was confused by other posts that said other browsers had problems also. I'm on a steep learning curve re SMF and I don't know Javascript

Sounds like it boils down to IE striking again!

[Arantor]

Mostly the same basic thing: there's no standard for auto complete, no guidance for app developers (or browser writers) to follow. It's only just become part of HTML 5 that there's a consistent way to turn the damn thing off, which was a rather nasty bug in SMF 2.0 for a while in Chrome. (Where you change passwords in user profiles and it had a habit of reusing supplied passwords and overwriting other users' passwords if you're an admin...)

There are other factors that you don't see considered in these debates - if you've brought your users from another forum, they'll have to enter their password twice regardless of browser, so that hashing can be turned off (since the hashes from other forums are different) and the password resent in plain for the benefit of re-encoding it later.

[Mr Cat]

The coding solution at the bottom of this thread works for me so far:
http://www.simplemachines.org/community/index.php?topic=95019.0

Thanks again Arantor

[Arantor]

Let me repeat myself again. Maybe this time it'll be heard.

And that talks about doing exactly what I said: disabling the hashing.

It's sent in plain text to the server, any packet sniffer could retrieve it. Forget the whole concept of security over wifi in that case.

It's also stored in your browser in plain text, where even the most basic tools will find it.

[Hj Ahmad Rasyid Hj Ismail]

I need some clarifications; is yours a configuration problem that is solved by repair_settings.php then or you disabled java in IE or you disable login hashing?

[Arantor]

I never had this problem

The solution used above turns off the hashing of the password, which means it's exclusively sent in plain text the whole time. Like I've said multiple times in this thread. This is not good for security, and it's not done that way by default for a reason.

[Mr Cat]

I turned off password hashing and that seems to have fixed it.
You've said "multiple times" that the solution is not good - well could you repeat your solution please?

Because I do need a solution, and I would rather have one that doesn't involve hacking code that's there for a reason.

If you think I'm not listening or being rude (which I'm not - I'm a newbie trying to understand what's being said) then you don't need to get rude. Just don't post.

[Mr Cat]

This appears (to me) to be the same issue:
http://www.simplemachines.org/community/index.php?topic=295188.0

[Arantor]

well could you repeat your solution please?

I didn't say I had a solution. I'm pointing out the problems in that solution, and why you shouldn't use it. You see, in the 5 years I've been using SMF (every day!) I haven't had this problem, across a range of browsers, a range of systems and I've never been able to reproduce it myself. If I had, I would have long since properly started debugging it and supplying the fix to the team, in addition to the other bugs I'd reported with fixes.

[Hj Ahmad Rasyid Hj Ismail]

Thanks for the info. Solutions method noted with its warning too. It seems IE still needs a lot of improvements. I will stay with FF and Chrome until IE shows some significant improvements.

[Dever]

Doesn't seem to me this was ever really solved?

I'm having the exact same problem with 1.1.13 with Firefox and users reporting same problem with Chrome. I definately don't want to disable hashing or risk security in any way. Is there any real solution to this at all?

[Rob Lightbody]

I get this problem in all my browsers (latest IE9, latest Chrome, Latest Firefox and also the browser on my Android Gingerbread 2.3.3 phone) and would love a solution for it.

Forum installed January 2009 with the latest version then, and upgraded incrementally to 1.1.14 since.