* Don't show login name, password and transaction key at the configuration page.
* RC4Encrypt these fields and move to the config_plugins table from the config table.
* Config page is fully https.
static $conststring;
if (!isset($conststring)) {
+ $mconfig = get_config('enrol/authorize');
$constdata = array(
'x_version' => '3.1',
'x_delim_data' => 'True',
'x_delim_char' => AN_DELIM,
'x_encap_char' => AN_ENCAP,
'x_relay_response' => 'FALSE',
- 'x_login' => $CFG->an_login
+ 'x_login' => urlencode(rc4decrypt($mconfig->an_login))
);
$str = '';
foreach($constdata as $ky => $vl) {
$str .= $ky . '=' . urlencode($vl) . '&';
}
- $str .= (!empty($CFG->an_tran_key)) ?
- 'x_tran_key=' . urlencode($CFG->an_tran_key):
- 'x_password=' . urlencode($CFG->an_password);
+ $str .= (!empty($mconfig->an_tran_key)) ?
+ 'x_tran_key=' . urlencode(rc4decrypt($mconfig->an_tran_key)):
+ 'x_password=' . urlencode(rc4decrypt($mconfig->an_password));
$conststring = $str;
$str = '';
<tr valign="top"><td colspan="2"><h4><?php print_string("adminauthorizesettings", "enrol_authorize") ?></h4></td></tr>
<tr valign="top">
- <td align="right">an_login:</td>
- <td><input type="text" name="an_login" value="<?php p($frm->an_login) ?>" /><br />
- <?php print_string("anlogin", "enrol_authorize") ?></td>
+ <td align="right"> </td>
+ <td><?php print_string("logininfo", "enrol_authorize") ?></td>
</tr>
<tr valign="top">
- <td align="right"># # </td>
- <td><?php print_string("chooseone", "enrol_authorize") ?></td>
+ <td align="right">an_login:<br /><?php echo (isset($mconfig->an_login)) ? '<font color=green>'.get_string('ok').'</font>' : ''; ?></td>
+ <td><?php print_string("anlogin", "enrol_authorize") ?><br /><input type="text" name="an_login" size="26" value="" /><sup>*</sup></td>
</tr>
<tr valign="top">
- <td align="right">an_tran_key:</td>
- <td><input type="text" name="an_tran_key" value="<?php p($frm->an_tran_key) ?>" /><sup>#1</sup><br />
- <?php print_string("antrankey", "enrol_authorize") ?></td>
+ <td align="right">an_tran_key:<br /><?php echo (isset($mconfig->an_tran_key)) ? '<font color=green>'.get_string('ok').'</font>' : ''; ?></td>
+ <td><?php print_string("antrankey", "enrol_authorize") ?><br /><input type="text" name="an_tran_key" size="26" value="" /><sup>#1</sup></td>
</tr>
<tr valign="top">
- <td align="right">an_password:</td>
- <td><input type="text" name="an_password" value="" /><sup>#2</sup><br />
- <?php print_string("anpassword", "enrol_authorize") ?><br />(<?php print_string("leavetokeep") ?>)</td>
+ <td align="right">an_password:<br /><?php echo (isset($mconfig->an_password)) ? '<font color=green>'.get_string('ok').'</font>' : ''; ?></td>
+ <td><?php print_string("anpassword", "enrol_authorize") ?><br /><input type="text" name="an_password" size="26" value="" /><sup>#2</sup></td>
</tr>
<tr valign="top">
<td align="right">delete_current:</td>
<td><?php print_checkbox('delete_current', '1', !empty($frm->delete_current)) ?> <br />
- <?php print_string("deletecheck", "moodle", get_string('oldpassword')) ?><br /><br /></td>
+ <?php print_string("deletecheck", "moodle", get_string('oldpassword')) ?><br /><hr size="1" width="100%" noshade /></td>
</tr>
<tr valign="top">
<td align="right">an_referer:</td>
- <td><input type="text" name="an_referer" value="<?php p($frm->an_referer) ?>" /><br />
+ <td><input type="text" name="an_referer" size="35" value="<?php p($frm->an_referer) ?>" /><br />
<?php print_string("anreferer", "enrol_authorize") ?></td>
</tr>
}
}
+ if ($result && $oldversion < 2006112900) {
+ if (isset($CFG->an_login)) {
+ if (empty($CFG->an_login)) {
+ unset_config('an_login');
+ }
+ else {
+ $result = $result && set_config('an_login', rc4encrypt($CFG->an_login), 'enrol/authorize') && unset_config('an_login');
+ }
+ }
+ if (isset($CFG->an_tran_key)) {
+ if (empty($CFG->an_tran_key)) {
+ unset_config('an_tran_key');
+ }
+ else {
+ $result = $result && set_config('an_tran_key', rc4encrypt($CFG->an_tran_key), 'enrol/authorize') && unset_config('an_tran_key');
+ }
+ }
+ if (isset($CFG->an_password)) {
+ if (empty($CFG->an_password)) {
+ unset_config('an_password');
+ }
+ else {
+ $result = $result && set_config('an_password', rc4encrypt($CFG->an_password), 'enrol/authorize') && unset_config('an_password');
+ }
+ }
+ }
+
return $result;
}
function config_form($frm)
{
global $CFG;
+ $mconfig = get_config('enrol/authorize');
if (! check_openssl_loaded()) {
notify('PHP must be compiled with SSL support (--with-openssl)');
$captureday = intval($frm->an_capture_day);
$emailexpired = intval($frm->an_emailexpired);
if ($captureday > 0 || $emailexpired > 0) {
- $mconfig = get_config('enrol/authorize');
if ((time() - intval($mconfig->an_lastcron) > 3600 * 24)) {
notify(get_string('admincronsetup', 'enrol_authorize'));
}
}
if (data_submitted()) {
- if (empty($frm->an_login)) {
+ if (empty($mconfig->an_login)) {
notify("an_login required");
}
- if (empty($frm->an_tran_key) && empty($frm->an_password)) {
+ if (empty($mconfig->an_tran_key) && empty($mconfig->an_password)) {
notify("an_tran_key or an_password required");
}
}
function process_config($config)
{
global $CFG;
+ $mconfig = get_config('enrol/authorize');
// site settings
if (($cost = optional_param('enrol_cost', 5, PARAM_INT)) > 0) {
$emailexpired = ($emailexpired > 5) ? 5 : (($emailexpired < 0) ? 0 : $emailexpired);
if (!empty($reviewval) && ($captureday > 0 || $emailexpired > 0)) {
- $mconfig = get_config('enrol/authorize');
if (time() - intval($mconfig->an_lastcron) > 3600 * 24) {
return false;
}
return false;
}
- // required fields
+ // REQUIRED fields;
+ // an_login
$loginval = optional_param('an_login', '');
- if (empty($loginval)) {
+ if (empty($loginval) && empty($mconfig->an_login)) {
return false;
}
- set_config('an_login', $loginval);
+ $loginval = !empty($loginval) ? rc4encrypt($loginval) : strval($mconfig->an_login);
+ set_config('an_login', $loginval, 'enrol/authorize');
+ // an_tran_key, an_password
$tranval = optional_param('an_tran_key', '');
+ $tranval = !empty($tranval) ? rc4encrypt($tranval) : (isset($mconfig->an_tran_key)?$mconfig->an_tran_key:'');
$passwordval = optional_param('an_password', '');
- $deletecurrent = optional_param('delete_current', '');
-
- if (!empty($passwordval)) { // password is changing
- set_config('an_password', $passwordval);
+ $passwordval = !empty($passwordval) ? rc4encrypt($passwordval) :(isset($mconfig->an_password)?$mconfig->an_password:'');
+ $deletecurrent = optional_param('delete_current', '0', PARAM_BOOL);
+ if (!empty($deletecurrent) and !empty($tranval)) {
+ unset_config('an_password', 'enrol/authorize');
+ $passwordval = '';
}
- elseif (!empty($deletecurrent) and !empty($tranval)) {
- set_config('an_password', '');
- $CFG->an_password = '';
+ elseif (!empty($passwordval)) {
+ set_config('an_password', $passwordval, 'enrol/authorize');
}
-
- if (empty($tranval) and empty($CFG->an_password)) {
+ if (empty($tranval) and empty($passwordval)) {
return false;
}
+ if (!empty($tranval)) {
+ set_config('an_tran_key', $tranval, 'enrol/authorize');
+ }
- set_config('an_tran_key', $tranval);
return true;
}
<?php // $Id$
-$plugin->version = 2006111700;
+$plugin->version = 2006112900;
$plugin->requires = 2006100401;
?>
<?PHP // $Id$
- // enrol_authorize.php - created with Moodle 1.8 dev (2006112000)
+ // enrol_authorize.php - created with Moodle 1.8 dev (2006112200)
$string['adminacceptccs'] = 'Which credit card types will be accepted?';
$string['invalidaccnum'] = 'Invalid account number';
$string['invalidacctype'] = 'Invalid account type';
$string['logindesc'] = 'This option must be ON. <br /><br />Please ensure that you have turned <a href=\"$a->url\">loginhttps ON</a> in Admin >> Variables >> Security.<br /><br />Turning this on will make Moodle use a secure https connection just for the login and payment pages.';
+$string['logininfo'] = 'Login name, password and transaction key aren\'t shown due to security measure. There is no need to enter again if you have configured these fields before. You see a green text near the field if some fields were configured. If you enter first time these fields, the login name (*) is required and you must enter <strong>either</strong> the transaction key (#1) <strong>or</strong> the password (#2) in the appropriate box. We recommend you enter the transaction key due to more security measure. If you want to delete the current password tick the checkbox.';
$string['methodcc'] = 'Credit Card';
$string['methodecheck'] = 'eCheck (ACH)';
$string['missingaba'] = 'Missing ABA number';