Make authorize.net config page secure.

See: http://moodle.org/mod/forum/discuss.php?d=56728

diff --git a/enrol/authorize/enrol.php b/enrol/authorize/enrol.php
index 8b74461d4dcebbea462374c408809d18e30335f1..f34ab8dca303dc41aa11ef5dc83c95848df4afa0 100755 (executable)
--- a/enrol/authorize/enrol.php
+++ b/enrol/authorize/enrol.php
@@ -407,7 +407,16 @@ class enrolment_plugin_authorize
         }
 
         if (empty($CFG->loginhttps) and substr($CFG->wwwroot, 0, 5) !== 'https') {
-            notify('loginhttps must be ON');
+            $a = new stdClass;
+            $a->url = "$CFG->wwwroot/$CFG->admin/settings.php?section=httpsecurity";
+            notice(get_string('adminconfighttps', 'enrol_authorize', $a));
+        }
+        elseif (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
+            $wwwsroot = qualified_me();
+            $wwwsroot = str_replace('http:', 'https:', $wwwsroot);
+            $a = new stdClass;
+            $a->url = $wwwsroot;
+            notice(get_string('adminconfighttpsgo', 'enrol_authorize', $a));
         }
 
         if (!empty($frm->an_review)) {

diff --git a/lang/en_utf8/enrol_authorize.php b/lang/en_utf8/enrol_authorize.php
index 2e4a122fdd524ed444e030ccd21f10ba699d082b..1049ef48e10de1cd5de67776cd93af0a427e5517 100644 (file)
--- a/lang/en_utf8/enrol_authorize.php
+++ b/lang/en_utf8/enrol_authorize.php
@@ -1,4 +1,4 @@
-<?PHP // $Id$ 
+<?PHP // $Id$
       // enrol_authorize.php - created with Moodle 1.7 beta + (2006101003)
 
 
@@ -10,6 +10,8 @@ $string['adminauthorizeemail'] = 'Email Sending Settings';
 $string['adminauthorizesettings'] = 'Authorize.net Settings';
 $string['adminauthorizewide'] = 'Site-Wide Settings';
 $string['adminavs'] = 'Check this if you have activated Address Verification System (AVS) in your authorize.net account. This demands address fields like street, state, country and zip when user fills out payment form.';
+$string['adminconfighttps'] = 'Please ensure that you have \"<a href=\"$a->url\">turned loginhttps ON</a>\" to use this plugin<br />in Admin &gt;&gt; Variables &gt;&gt; Security &gt;&gt; HTTP security.';
+$string['adminconfighttpsgo'] = 'Go to the <a href=\"$a->url\">secure page</a> to configure this plugin.';
 $string['admincronsetup'] = 'The cron.php maintenance script has not been run for at least 24 hours.<br />Cron must be enabled if you want to use scheduled-capture feature.<br /><b>Enable</b> \'Authorize.net plugin\' and <b>setup cron</b> properly; or <b>uncheck an_review</b> again.<br />If you disable scheduled-capture, transactions will be cancelled unless you review them within 30 days.<br />Check <b>an_review</b> and enter <b>\'0\' to an_capture_day</b> field<br />if you want to <b>manually</b> accept/deny payments within 30 days.';
 $string['adminemailexpired'] = 'This is useful for \'Manual-Capture\'. Admins are notified <b>$a</b> days prior to pending orders expiring.';
 $string['adminemailexpiredsort'] = 'When the number of pending orders expiring are sent to the teachers via email, which one is important?';