MDL-11090

Passwords are now held in clear text so you can see what the password
is on the config screen.
Still backward compatible with old md5 passwords (which are still not displayed
of course)

Merged from STABLE_19

diff --git a/mod/lesson/lib.php b/mod/lesson/lib.php
index 7df57c3e4061cac10c34c9e5671be2c515455d91..1d7ab950ed9b01cd2b3574ce07d780e632cb6de0 100644 (file)
--- a/mod/lesson/lib.php
+++ b/mod/lesson/lib.php
@@ -554,9 +554,7 @@ function lesson_process_pre_save(&$lesson) {
     unset($lesson->completed);
     unset($lesson->gradebetterthan);
 
-    if (!empty($lesson->password)) {
-        $lesson->password = md5($lesson->password);
-    } else {
+    if (empty($lesson->password)) {
         unset($lesson->password);
     }
 

diff --git a/mod/lesson/mod_form.php b/mod/lesson/mod_form.php
index 21318f1733750e81819becfb3be1b48547f4bf35..bf03b0c557ecbc972e537cdb9f52938f7a0a1a23 100644 (file)
--- a/mod/lesson/mod_form.php
+++ b/mod/lesson/mod_form.php
@@ -182,10 +182,9 @@ class mod_lesson_mod_form extends moodleform_mod {
         $mform->setHelpButton('usepassword', array('usepassword', get_string('usepassword', 'lesson'), 'lesson'));
         $mform->setDefault('usepassword', 0);
 
-        $mform->addElement('text', 'password', get_string('password', 'lesson'));
+        $mform->addElement('passwordunmask', 'password', get_string('password', 'lesson'));
         $mform->setHelpButton('password', array('password', get_string('password', 'lesson'), 'lesson'));
         $mform->setDefault('password', '');
-        //never displayed converted to md5
         $mform->setType('password', PARAM_RAW);
 
         $mform->addElement('date_time_selector', 'available', get_string('available', 'lesson'), array('optional'=>true));
@@ -300,14 +299,15 @@ class mod_lesson_mod_form extends moodleform_mod {
      **/
     function data_preprocessing(&$default_values) {
         global $DB;
-        //var_dump($default_values);
+        global $module;
         if (isset($default_values['conditions'])) {
             $conditions = unserialize($default_values['conditions']);
             $default_values['timespent'] = $conditions->timespent;
             $default_values['completed'] = $conditions->completed;
             $default_values['gradebetterthan'] = $conditions->gradebetterthan;
         }
-        if (isset($default_values['password'])) {
+        // after this passwords are clear text, MDL-11090
+        if (isset($default_values['password']) and ($module->version<2008112600)) {
             unset($default_values['password']);
         }
         if (isset($default_values['add']) and $defaults = $DB->get_record('lesson_default', array('course' => $default_values['course']))) {

diff --git a/mod/lesson/view.php b/mod/lesson/view.php
index e845a07f5c6a6c907fb848c23019e1735d049e0e..dc22327544c5e4a5b4b85a6604f138ec2f884be0 100644 (file)
--- a/mod/lesson/view.php
+++ b/mod/lesson/view.php
@@ -16,6 +16,7 @@
     $id      = required_param('id', PARAM_INT);             // Course Module ID
     $pageid  = optional_param('pageid', NULL, PARAM_INT);   // Lesson Page ID
     $edit    = optional_param('edit', -1, PARAM_BOOL);
+    $userpassword = optional_param('userpassword','',PARAM_CLEAN);
     
     list($cm, $course, $lesson) = lesson_get_basics($id);
 
@@ -50,8 +51,9 @@
         
         } else if ($lesson->usepassword and empty($USER->lessonloggedin[$lesson->id])) { // Password protected lesson code
             $correctpass = false;
-            if ($password = optional_param('userpassword', '', PARAM_CLEAN)) {
-                if ($lesson->password == md5(trim($password))) {
+            if (!empty($userpassword)) {
+                // with or without md5 for backward compatibility (MDL-11090)
+                if (($lesson->password == md5(trim($userpassword))) or ($lesson->password == $userpassword)) {
                     $USER->lessonloggedin[$lesson->id] = true;
                     $correctpass = true;
                     if ($lesson->highscores) {