Don't show authorize.net password for security reasons. Merged from 16stable.

diff --git a/enrol/authorize/config.html b/enrol/authorize/config.html
index 5774fec9d80e246240d9bd90489b9953c5731cf4..54ad840b233a4b06111f5ac5184aafbc4150a52c 100755 (executable)
--- a/enrol/authorize/config.html
+++ b/enrol/authorize/config.html
@@ -9,6 +9,7 @@ if (!isset($frm->enrol_mailadmins)) $frm->enrol_mailadmins = '';
 if (!isset($frm->an_login)) $frm->an_login = '';
 if (!isset($frm->an_tran_key)) $frm->an_tran_key = '';
 if (!isset($frm->an_password)) $frm->an_password = '';
+if (!isset($frm->delete_current)) $frm->delete_current = '';
 if (!isset($frm->an_referer)) $frm->an_referer = 'http://';
 if (!isset($frm->an_avs)) $frm->an_avs = '';
 if (!isset($frm->an_test)) $frm->an_test = '';
@@ -84,20 +85,26 @@ if (!isset($frm->acceptccs)) {
 </tr>
 
 <tr valign="top">
-    <td align="right">#&nbsp;</td>
+    <td align="right">#&nbsp;#&nbsp;</td>
     <td colspan="2"><?php print_string("chooseone", "enrol_authorize") ?></td>
 </tr>
 
 <tr valign="top">
     <td align="right">an_tran_key:</td>
-    <td><input type="text" name="an_tran_key" value="<?php p($frm->an_tran_key) ?>" /></td>
+    <td><input type="text" name="an_tran_key" value="<?php p($frm->an_tran_key) ?>" /><sup>#1</sup></td>
     <td><?php print_string("antrankey", "enrol_authorize") ?></td>
 </tr>
 
 <tr valign="top">
     <td align="right">an_password:</td>
-    <td><input type="text" name="an_password" value="<?php p($frm->an_password) ?>" /></td>
-    <td><?php print_string("anpassword", "enrol_authorize") ?></td>
+    <td><input type="text" name="an_password" value="" /><sup>#2</sup></td>
+    <td><?php print_string("anpassword", "enrol_authorize") ?><br />(<?php print_string("leavetokeep") ?>)</td>
+</tr>
+
+<tr valign="top">
+    <td align="right">delete_current:</td>
+    <td><?php print_checkbox('delete_current', '1', !empty($frm->delete_current)) ?></td>
+    <td><?php print_string("deletecheck", "moodle", get_string('oldpassword')) ?><br /><br /></td>
 </tr>
 
 <tr valign="top">

diff --git a/enrol/authorize/enrol.php b/enrol/authorize/enrol.php
index b3652337dfb54ca837ef260f9f650a4178cf9455..df1c9870c12d863cf11a7c6ba885114e427152b3 100755 (executable)
--- a/enrol/authorize/enrol.php
+++ b/enrol/authorize/enrol.php
@@ -512,22 +512,36 @@ class enrolment_plugin_authorize
         set_config('an_emailexpiredteacher', $emailexpiredteacher);
         set_config('an_sorttype', $sorttype);
 
+        // https and openssl library is required
+        if ((substr($CFG->wwwroot, 0, 5) !== 'https' and empty($CFG->loginhttps)) or
+            !enrolment_plugin_authorize::check_openssl_loaded()) {
+            return false;
+        }
+
         // required fields
         $loginval = optional_param('an_login', '');
+        if (empty($loginval)) {
+               return false;
+        }
+        set_config('an_login', $loginval);
+
         $tranval = optional_param('an_tran_key', '');
         $passwordval = optional_param('an_password', '');
+        $deletecurrent = optional_param('delete_current', '');
 
-        if ((empty($CFG->loginhttps) and substr($CFG->wwwroot, 0, 5) !== 'https') ||
-            !enrolment_plugin_authorize::check_openssl_loaded() ||
-            empty($loginval) ||
-            (empty($tranval) and empty($passwordval))) {
+        if (!empty($passwordval)) { // password is changing
+            set_config('an_password', $passwordval);
+        }
+        elseif (!empty($deletecurrent) and !empty($tranval)) {
+            set_config('an_password', '');
+            $CFG->an_password = '';
+        }
+
+        if (empty($tranval) and empty($CFG->an_password)) {
             return false;
         }
 
-        set_config('an_login', $loginval);
-        set_config('an_password', $passwordval);
         set_config('an_tran_key', $tranval);
-
         return true;
     }