User password: hide base64 conversion

plugins/dynamix/UserAdd.page

@@ -55,15 +55,17 @@ function checkUsername(form) {
     swal({title:"Invalid user name",text:"Do not use reserved names",type:"error"});
     return false;
   }
-  if (form.userPassword.value.length > 128 || form.userPasswordConf.value.length > 128) {
+  if (form.userPasswordGUI.value.length > 128 || form.userPasswordConfGUI.value.length > 128) {
     swal({title:"Password too long",text:"Use a password up to 128 characters",type:"error"});
     return false;
   }
   if (filename) {
     $.post("/webGui/include/FileUpload.php",{cmd:'save',path:path,filename:filename,output:username+'.png'});
   }
-  form.userPassword.value = base64(form.userPassword.value);
-  form.userPasswordConf.value = base64(form.userPasswordConf.value);
+  form.userPassword.value = base64(form.userPasswordGUI.value);
+  form.userPasswordConf.value = base64(form.userPasswordConfGUI.value);
+  form.userPasswordGUI.disabled = true;
+  form.userPasswordConfGUI.disabled = true;
   return true;
 }
 
@@ -138,12 +140,14 @@ Custom image:
 > The image will be scaled to 48x48 pixels in size. The maximum image file upload size is 95 kB (97,280 bytes).
 
 Password:
-: <input type="password" name="userPassword" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userName.value=='' || this.form.userPassword.value!=this.form.userPasswordConf.value)">
+<input type="hidden" name="userPassword" value="">
+: <input type="password" name="userPasswordGUI" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userName.value=='' || this.form.userPasswordGUI.value!=this.form.userPasswordConfGUI.value)">
 
 > Up to 128 characters.
 
 Retype password:
-: <input type="password" name="userPasswordConf" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userName.value=='' || this.form.userPassword.value!=this.form.userPasswordConf.value)">
+<input type="hidden" name="userPasswordConf" value="">
+: <input type="password" name="userPasswordConfGUI" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userName.value=='' || this.form.userPasswordGUI.value!=this.form.userPasswordConfGUI.value)">
 
 &nbsp;
 : <input type="submit" name="cmdUserEdit" value="Add" disabled><input type="button" value="Done" onclick="done('UserAdd')">

plugins/dynamix/UserEdit.page

@@ -47,12 +47,14 @@ var path = '/boot/config/plugins/dynamix/users';
 var filename = '';
 
 function checkPassword(form) {
-  if (form.userPassword.value.length > 128 || form.userPasswordConf.value.length > 128) {
+  if (form.userPasswordGUI.value.length > 128 || form.userPasswordConfGUI.value.length > 128) {
     swal({title:"Password too long",text:"Use a password up to 128 characters",type:"error"});
     return false;
   }
-  form.userPassword.value = base64(form.userPassword.value);
-  form.userPasswordConf.value = base64(form.userPasswordConf.value);
+  form.userPassword.value = base64(form.userPasswordGUI.value);
+  form.userPasswordConf.value = base64(form.userPasswordConfGUI.value);
+  form.userPasswordGUI.disabled = true;
+  form.userPasswordConfGUI.disabled = true;
   return true;
 }
 
@@ -157,12 +159,14 @@ Delete<input type="checkbox" name="confirmDelete" onChange="chkDelete(this.form,
 <form markdown="1" method="POST" action="/update.htm" target="progressFrame" onsubmit="return checkPassword(this)">
 <input type="hidden" name="userName" value="<?=htmlspecialchars($name)?>">
 Password:
-: <input type="password" name="userPassword" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userPassword.value != this.form.userPasswordConf.value);">
+<input type="hidden" name="userPassword" value="">
+: <input type="password" name="userPasswordGUI" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userPasswordGUI.value != this.form.userPasswordConfGUI.value);">
 
 > Up to 128 characters.
 
 Retype password:
-: <input type="password" name="userPasswordConf" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userPassword.value != this.form.userPasswordConf.value);">
+<input type="hidden" name="userPasswordConf" value="">
+: <input type="password" name="userPasswordConfGUI" maxlength="129" onKeyUp="this.form.cmdUserEdit.disabled=(this.form.userPasswordGUI.value != this.form.userPasswordConfGUI.value);">
 
 &nbsp;
 : <input type="submit" name="cmdUserEdit" value="Change" disabled><input type="button" value="Done" onclick="done('UserEdit')">