allow less verbose operation of forget_password.php SC#282

diff --git a/admin/settings/security.php b/admin/settings/security.php
index e8d1fb32788eeb354279c1303f534d257557f46f..3b1deee51e126e530ad748bc6c5d93721605dc5b 100644 (file)
--- a/admin/settings/security.php
+++ b/admin/settings/security.php
@@ -5,6 +5,7 @@
 // "sitepolicies" settingpage
 $temp = new admin_settingpage('sitepolicies', get_string('sitepolicies', 'admin'));
 $temp->add(new admin_setting_configselect('showsiteparticipantslist', get_string('showsiteparticipantslist', 'admin'), get_string('configshowsiteparticipantslist', 'admin'), 0, array(0 => get_string('siteteachers'), 1 => get_string('allteachers'), 2 => get_string('studentsandteachers'))));
+$temp->add(new admin_setting_configcheckbox('protectusernames', get_string('protectusernames', 'admin'), get_string('configprotectusernames', 'admin'), 1));
 $temp->add(new admin_setting_configcheckbox('forcelogin', get_string('forcelogin', 'admin'), get_string('configforcelogin', 'admin'), 0));
 $temp->add(new admin_setting_configcheckbox('forceloginforprofiles', get_string('forceloginforprofiles', 'admin'), get_string('configforceloginforprofiles', 'admin'), 0));
 $temp->add(new admin_setting_configcheckbox('opentogoogle', get_string('opentogoogle', 'admin'), get_string('configopentogoogle', 'admin'), 0));

diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php
index 951146fc09df394b4e9e1552dd335df6de4fdf21..6e2896704dff41e9f9ad00e6ca95d4e39cdbb569 100644 (file)
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@@ -141,6 +141,7 @@ $string['configopentogoogle'] = 'If you enable this setting, then Google will be
 $string['configpathtoclam'] = 'Path to clam AV.  Probably something like /usr/bin/clamscan or /usr/bin/clamdscan. You need this in order for clam AV to run.';
 $string['configpathtodu'] = 'Path to du. Probably something like /usr/bin/du. If you enter this, pages that display directory contents will run much faster for directories with a lot of files.';
 $string['configperfdebug'] = 'If you turn this on, performance info will be printed in the footer of the standard theme';
+$string['configprotectusernames'] = 'By default forget_password.php does not display any hints that would allow guessing of usernames or passwords.';
 $string['configproxyhost'] = 'If this <b>server</b> needs to use a proxy computer (eg a firewall) to access the Internet, then provide the proxy hostname and port here.  Otherwise leave it blank.';
 $string['configquarantinedir'] = 'If you want clam AV to move infected files to a quarantine directory, enter it here. It must be writable by the webserver.  If you leave this blank, or if you enter a directory that doesn\'t exit or isn\'t writable, infected files will be deleted.  Do not include a trailing slash.';
 $string['configrequestedteachername'] = 'Word for teacher used in requested courses';
@@ -317,4 +318,4 @@ $string['updateaccounts']  = 'Update existing accounts';
 $string['updatetimezones'] = 'Update timezones';
 $string['upwards']  = 'upwards';
 
-?>
+?>
\ No newline at end of file

diff --git a/lang/en_utf8/moodle.php b/lang/en_utf8/moodle.php
index 908f1c3fe3abc2402340f636dc3ebf790a049457..0726c720f05f117372198bf87558bfc7d9bced72 100644 (file)
--- a/lang/en_utf8/moodle.php
+++ b/lang/en_utf8/moodle.php
@@ -410,6 +410,9 @@ line at the top of your web browser window.
 If you need help, please contact the site administrator,
 $a->admin';
 $string['emailconfirmationsubject'] = '$a: account confirmation';
+$string['emailpasswordconfirmmaybesent'] = '   <p>If you supplied correct username or address an email should have been sent to you.</p>
+   <p>It contains easy instructions to confirm and complete this password change.
+If you continue to have difficulty, please contact the site administrator.</p>';
 $string['emailconfirmsent'] = '   <p>An email should have been sent to your address at <b>$a</b></p>
    <p>It contains easy instructions to complete your registration.</p>
    <p>If you continue to have difficulty, contact the site administrator.</p>';
@@ -1449,4 +1452,4 @@ $string['yourself'] = 'yourself';
 $string['yourteacher'] = 'your $a';
 $string['zippingbackup'] = 'Zipping backup';
 
-?>
+?>
\ No newline at end of file

diff --git a/login/forgot_password.php b/login/forgot_password.php
index 384726b9a4420956e8665eb3ea8c83c1760195d3..7b20442955d4266edd412d37fa3beb57598aafbc 100644 (file)
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -164,6 +164,12 @@ if ($param->action=='find' and confirm_sesskey()) {
     if (empty($param->username) and empty($param->email)) {
         $errors[] = 'no email or username';
     }
+
+    if ($page != 'external' and !empty($CFG->protectusernames)) {
+        // do not give any hints about usernames or email!
+        $errors = array();
+        $page = 'emailmaybeconfirmed';
+    }
 }
 
 // ACTION = AUTHENTICATE
@@ -204,15 +210,10 @@ if (!empty($param->p) and !empty($param->s)) {
 print_header( $txt->forgotten, $txt->forgotten,
     "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
     'form.email' );
-print_simple_box_start('center');
 
-// display any errors
-if (count($errors)) {
-    echo "<ul class=\"errors\">\n";
-    foreach ($errors as $error) {
-        echo "    <li>$error</li>\n";
-    }
-    echo "</ul>\n";
+if ($page=='emailmaybeconfirmed') {
+    // Print general confirmation message
+    notice(get_string('emailpasswordconfirmmaybesent'),$CFG->wwwroot.'/index.php'); 
 }
 
 // check $page for appropriate page to display
@@ -244,6 +245,18 @@ elseif ($page=='duplicateemail') {
 }
 
 else {
+    echo '<br />';
+    print_simple_box_start('center','50%','','20');
+
+    // display any errors
+    if (count($errors)) {
+        echo "<ul class=\"errors\">\n";
+        foreach ($errors as $error) {
+            echo "    <li>$error</li>\n";
+        }
+        echo "</ul>\n";
+    }
+
 ?>
 
 <p><?php echo $txt->forgotteninstructions; ?></p>