Password Forget plugin for SquirrelMail
============================================================
Ver 2.3, 2011/12/15


Copyright (c) 2003-2011 Paul Lesniewski <paul@squirrelmail.org>
Copyright (c) 2000-2001 Tyler Akins



Description
===========

Many web browsers provide the capability to store all usernames
and passwords entered on any web site.  Especially on public-
access computers, this could pose the risk of stolen user login
credentials.

This plugin provides a workaround for this vulnerability, wherein
the name of the username and password input fields is changed
randomly every time the SquirrelMail login page is displayed.
The browser is also asked specifically not to cache these fields.

Please note that in some cases, the browser may still remember
user credentials (perhaps on some older or more obscure browsers),
however the chances that a same-named username or password field
would be displayed again on that computer are very small.

The administrator may, if desired, specify a list of "known clients"
for which this functionality will be disabled (for the case when
some users should be allowed to harness this browser feature to
their benefit when at their home computers).



Donations
=========

If you or your company make regular use of this software,
please consider supporting Open Source development by
donating to the authors or inquire about hiring them to
consult on other projects.  Donation/wish list links for
the author(s) are as follows:

Paul Lesniewski: https://squirrelmail.org/donate_paul_lesniewski.php



License
=======

This plugin is released under the GNU General Public
License (see the file COPYING for details).



Requirements
============

  * SquirrelMail version 1.0.1



Troubleshooting
===============

  * If changes to the configuration file don't seem to be having
    any effect, ensure that there are not two Password Forget
    configuration files, one in the password_forget directory and
    one in the main SquirrelMail config directory (named
    "config_password_forget.php").  The one in the main SquirrelMail
    config directory will always override the one in the
    password_forget directory.



Help Requests
=============

Before looking for help elsewhere, please try to help yourself:

  * Read the Troubleshooting section herein.

  * Look to see if others have already asked about the same issue.
    There are tips and links for the best places to do this in
    the SquirrelMail mailing list posting guidelines:
    http://squirrelmail.org/wiki/MailingListPostingGuidelines
    You should also try Google or some other search engine.

  * If you cannot find any information about your issue, please
    first mail your help request to the squirrelmail-plugins
    mailing list.  Information about it can be found here:
    http://lists.sourceforge.net/mailman/listinfo/squirrelmail-plugins
    You MUST read the mailing list posting guidelines (see above)
    and include as much information about your issue (and your
    system) as possible.  Including configtest output, any debug
    output, the plugin configuration settings you've made and
    anything else you can think of to make it easier to diagnose
    your problem will get you the most useful responses.  Inquiries
    that do not comply with the posting guidelines are liable to
    be ignored.

  * If you don't get any replies on the mailing list, you are
    welcome to send a help request to the authors' personal
    address(es), but please be patient with the mailing list.



TODO
====

  * Ideas?



Change Log
==========

  v2.3  2011/12/15  Paul Lesniewski <paul@squirrelmail.org>
    * This plugin will now also attempt to "tell" the browser not
      to cache usernames/passwords (by using the "autocomplete"
      attribute on the input form tags)

  v2.2  2008/10/29  Paul Lesniewski <paul@squirrelmail.org>
    * Update to work with SquirrelMail 1.5.2+
    * General cleanup and updates

  v2.1  2004/09/12  Paul Lesniewski <paul@squirrelmail.org>
    * Added ability to turn plugin off for certain known clients
    * Updated for compatibility with plugin updates plugin/plugin specs

  v2.0  2003/03/16  Paul Lesniewski <paul@squirrelmail.org>
    * Updated for compatibility with SquirrelMail version 1.4
    * New setup.php format for better overall SquirrelMail performance
  
  v1.3  2003/02/05  Paul Lesniewski <paul@squirrelmail.org>
    * Register_globals = Off compatible (and compatible with vlogin plugin)
    * Compatible with "plugin updates" plugin
  
  v1.2  2001/03/25  Tyler Akins
    * Works with changes to login form
  
  v1.1  2000/12/06  Tyler Akins
    * Works now with the focus_change plugin

  v1.0  2000  Tyler Akins
    * Initial release

