Develop Reference

thymeleaf 3 form action URL with parameters and get method not working

I am using Thymeleaf 3 in Spring Boot 2 web app. Below is the form code:
<form data-th-action="#{/props/r(pg=3)}" method="get">
<div class="form-check form-check-inline">
<input class="form-check-input" type="checkbox" name="pt" id="p1" value="pr">
<label class="form-check-label" for="p1">P1</label>
</div>
<div class="form-check form-check-inline">
<input class="form-check-input" type="checkbox" name="pt" id="p2" value="pr2">
<label class="form-check-label" for="p2">P2</label>
</div>
<button type="submit" class=" mb-4">Search</button>
</form>
Unfortunately when I used method get for the form, it does not append ?pg=3 in the submitted URL, the URL looks like /props/r? if no checkbox is selected. If checkbox is selected the URL looks like /props/r?pt=p1
the pg=3 part is missing.
How to fix this problem?

The problem is that you have an action #{/props/r(pg=3)} -- which translates to /props/r?pg=3 and your form is also method get. If you have parameters in both the action and the body of the form (and usemethod="get"), browsers will not combine them. Instead, the parameters of the action are removed and replaced with the paramters in the body of the form.
This is why ?pg=3 is removed and replaced with the checkbox parameters. Either use post instead, or include pg as a hidden form element.

Instead of putting pg as parameter at the form url, consider putting it inside a hidden field like below.
<input type="hidden" name="pg" value="3">

How to understand Multitenancy is enabled or not in view?

We are not using multi-tenancy. When it is disabled most of the tenant related UI gets hidden but in the LinkedAccount page, the user can view the tenancy name(which is Default). We wanted to hide it in the UI. Tried to find a property like IsMultiTenancyEnabled but couldn't find(Actually it is in the IMultiTenancyConfig but not available to razor page). So, how can hide UI elements if Multitenancy is not enabled?
//This is the code we want to hide.
<div class="form-group">
<label>#L("TenancyName")</label>
<input type="text" name="TenancyName" class="form-control" value="#(ViewBag.TenancyName ?? "")" maxlength="#TurkKizilayi.RFL.MultiTenancy.Tenant.MaxTenancyNameLength">
</div>
And there is one thing more: What happens if we hide this code anyway? Should we change the model or app service (Yes)?

For MVC you can inject IMultiTenancyConfig into your view.
Here is the final code of what you want;
#inject IMultiTenancyConfig MultiTenancyConfig
#using Abp.Configuration.Startup
#using MyCompanyName.AbpZeroTemplate.Web.Areas.AppAreaName.Models.Common.Modals
#Html.Partial("~/Areas/AppAreaName/Views/Common/Modals/_ModalHeader.cshtml", new ModalHeaderViewModel(L("LinkNewAccount")))
<div class="modal-body">
<form name="LinkAccountModalForm" role="form" novalidate class="form-validation">
#if (MultiTenancyConfig.IsEnabled)
{
<div class="form-group">
<label>#L("TenancyName")</label>
<input type="text" name="TenancyName" class="form-control" value="#(ViewBag.TenancyName ?? "")" maxlength="#MyCompanyName.AbpZeroTemplate.MultiTenancy.Tenant.MaxTenancyNameLength">
</div>
}
<div class="form-group">
<label>#L("UserName")</label>
<input class="form-control" type="text" name="UsernameOrEmailAddress" required maxlength="#MyCompanyName.AbpZeroTemplate.Authorization.Users.User.MaxEmailAddressLength">
</div>
<div class="form-group">
<label>#L("Password")</label>
<input type="password" name="Password" autocomplete="off" class="form-control" required maxlength="#MyCompanyName.AbpZeroTemplate.Authorization.Users.User.MaxPasswordLength">
</div>
</form>
</div>
#Html.Partial("~/Areas/AppAreaName/Views/Common/Modals/_ModalFooterWithSaveAndCancel.cshtml")

There is already a service AbpMultiTenancyService in the Angular project. AppComponentBase already has definition for multiTenancy. so if your component class is inheriting from AppComponentBase then you can directly use this service.
You can define a property in *.ts file like below.
isMultiTenancyEnabled: boolean = this.multiTenancy.isEnabled
Then you can use the same in HTML like below.
*ngIf="isMultiTenancyEnabled"
Or you can simply use the following code.
abp.multiTenancy.isEnabled

Thymeleaf th:href get other input field value?

Here is my form, with input field email & password
<form class="form-signin" th:action="#{/login}" method="post">
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required="required" autofocus="autofocus" />
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required="required" />
<button class="btn btn-lg btn-primary btn-block btn-signin" type="submit">Sign in</button>
</form>
I want to try Thymeleaf th:href to send get request with parameter,
here is my code:
Forgot the password?
My Spring-Boot controller as below:
#RequestMapping(value = "/forgot_password", params = {"email!="}, method = RequestMethod.GET)
public #ResponseBody RespCommon forgotPassword(
#RequestParam(value = "email", required = true) String email) {
userService.forgotPassword(email);
return new RespCommon(ResultCode.SUCCESS, "Send forget password mail succeed");
}
But it seems not working, can some share how to get other input field value, thanks a lot!

Using a link (and hence a GET method) for restoring a password doesn't look as good idea for me. It's possible that browser or e-mail client will follow it, for example.
Instead I suggest to use a form (with a POST method) that looks like a link. You can put the e-mail in the hidden field and add btn btn-link classes to a submit button. To populate e-mail value, you can export value from the controller with Model.addAttribute().

Honeypot protection with Ajax

Recently i got attacked by nasty auto-form fill bots which filled my shout form with all sorts of spam. My shout form consist from a html file with 2 textboxes,an ajax script(for refreshing without reloading) and my php file for handling all the inserting data into my DB.
I am thinking implementing a hidden textbox for a minimum protection against these bots but with no luck since i cant pass the honeypot data to my php file. My code:
HTML Form
<form class="form" method="post" action="postdata.php">
<fieldset id="inputs">
<input id="name" name="name" type="text" placeholder="name" maxlength="20">
<textarea id="message" name="message" type="text" placeholder="message" maxlength="255"></textarea>
</fieldset>
<fieldset id="actions">
<input type="submit" id="submit" value="Submit">
</fieldset>
</form>
Ajax script
$(function(){refresh_shoutbox();$("#submit").click(function(){var a=$("#name").val();var b=$("#message").val();var c="name="+a+"&message="+b;$.ajax({type:"POST",url:"postdata.php",data:c,success:function(d){$("#shout").html(d);$("#message").val("");$("#name").val("")}});return false})});
function refresh_shoutbox(){var a="refresh=1";$.ajax({type:"POST",headers:{"cache-control":"no-cache"},url:"postdata.php",data:a,success:function(b){$("#shout").html(b)}})};
postdata.php file
<?php
if($_POST['name'] or $_POST['message']) {
$name= $_POST['name'];
$message= $_POST['message'];
///do other stuff/////
?>
I will insert a hidden field in my html form
<input id="email" name="emails" style="display:none"></br>
but i cant manage to pass the extra value to my existing ajax script.Tried some code but with no luck.
Any help so i can get my shoutbox up and running again?

Multiple password forms + password completion

On a website I'm working we have an onsite login and a private login, the problem I'm having is that Firefox doesn't seem to be able to differentiate between these login forms.
Does anybody know how I can make clear that these are different logins?
I already tried giving the form fields different names and ids, ex: onsite_login and login but without success.
edit: my form-tags are not being mixed up, they aren't even on the same page
The two forms on the different pages
<form method="post" action="/en/login/1">
<fieldset>
<p>
<input type="hidden" value="login" name="form"/>
<input type="hidden" value="en" name="redirect"/>
<label for="onsite_username">Username<abbr title="Required ">*</abbr></label>
<input type="text" class="input-text" maxlength="255" value="" name="onsite_username" id="onsite_username"/>
<label for="onsite_password">Password<abbr title="Required ">*</abbr></label>
<input type="password" class="input-password" maxlength="255" value="" name="onsite_password" id="onsite_password"/>
<input type="submit" value="Log in" name="submit" class="input-submit"/>
</p>
</fieldset>
</form>
and
<form method="post" action="">
<fieldset>
<input type="hidden" value="login" name="form"/>
<div>
<label for="username">Username</label>
<input type="text" class="input-text" value="" name="username" id="username"/>
</div><div>
<label for="password">Password</label>
<input type="password" class="input-password" value="" name="password" id="password"/>
</div>
<input type="submit" value="Aanmelden" class="input-submit"/>
</fieldset>
</form>

Apparently this is not possible due to the way Firefox stores its passwords.
A password-manager entry is stored with the following data
The username (encrypted and secured with Firefox Master Password).
The password (encrypted and secured with Firefox Master Password).
The hostname of the webpage containing the login form.
The hostname of the webpage to which the form data has been submitted.
Thus Firefox does not distinguish between the two loginfields on my page.

I've not yet heard about a multiple form problem in Firefox.
But it could be that Firefox mixed up your 2 login forms if there is another tag around that is not closed properly.
I've had that problem myself with <p> tags and a not properly closed <div> around it.

I'm not sure.. but try to give them a different ID like <form method="POST" action="#" id="login1">