From: thepurpleblob Date: Wed, 26 Nov 2008 14:34:40 +0000 (+0000) Subject: MDL-11090 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=4d22ec8144cddb941457c78499cf4a70c65adc76;p=moodle.git MDL-11090 Passwords are now held in clear text so you can see what the password is on the config screen. Still backward compatible with old md5 passwords (which are still not displayed of course) Merged from STABLE_19 --- diff --git a/mod/lesson/lib.php b/mod/lesson/lib.php index 7df57c3e40..1d7ab950ed 100644 --- a/mod/lesson/lib.php +++ b/mod/lesson/lib.php @@ -554,9 +554,7 @@ function lesson_process_pre_save(&$lesson) { unset($lesson->completed); unset($lesson->gradebetterthan); - if (!empty($lesson->password)) { - $lesson->password = md5($lesson->password); - } else { + if (empty($lesson->password)) { unset($lesson->password); } diff --git a/mod/lesson/mod_form.php b/mod/lesson/mod_form.php index 21318f1733..bf03b0c557 100644 --- a/mod/lesson/mod_form.php +++ b/mod/lesson/mod_form.php @@ -182,10 +182,9 @@ class mod_lesson_mod_form extends moodleform_mod { $mform->setHelpButton('usepassword', array('usepassword', get_string('usepassword', 'lesson'), 'lesson')); $mform->setDefault('usepassword', 0); - $mform->addElement('text', 'password', get_string('password', 'lesson')); + $mform->addElement('passwordunmask', 'password', get_string('password', 'lesson')); $mform->setHelpButton('password', array('password', get_string('password', 'lesson'), 'lesson')); $mform->setDefault('password', ''); - //never displayed converted to md5 $mform->setType('password', PARAM_RAW); $mform->addElement('date_time_selector', 'available', get_string('available', 'lesson'), array('optional'=>true)); @@ -300,14 +299,15 @@ class mod_lesson_mod_form extends moodleform_mod { **/ function data_preprocessing(&$default_values) { global $DB; - //var_dump($default_values); + global $module; if (isset($default_values['conditions'])) { $conditions = unserialize($default_values['conditions']); $default_values['timespent'] = $conditions->timespent; $default_values['completed'] = $conditions->completed; $default_values['gradebetterthan'] = $conditions->gradebetterthan; } - if (isset($default_values['password'])) { + // after this passwords are clear text, MDL-11090 + if (isset($default_values['password']) and ($module->version<2008112600)) { unset($default_values['password']); } if (isset($default_values['add']) and $defaults = $DB->get_record('lesson_default', array('course' => $default_values['course']))) { diff --git a/mod/lesson/view.php b/mod/lesson/view.php index e845a07f5c..dc22327544 100644 --- a/mod/lesson/view.php +++ b/mod/lesson/view.php @@ -16,6 +16,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID $pageid = optional_param('pageid', NULL, PARAM_INT); // Lesson Page ID $edit = optional_param('edit', -1, PARAM_BOOL); + $userpassword = optional_param('userpassword','',PARAM_CLEAN); list($cm, $course, $lesson) = lesson_get_basics($id); @@ -50,8 +51,9 @@ } else if ($lesson->usepassword and empty($USER->lessonloggedin[$lesson->id])) { // Password protected lesson code $correctpass = false; - if ($password = optional_param('userpassword', '', PARAM_CLEAN)) { - if ($lesson->password == md5(trim($password))) { + if (!empty($userpassword)) { + // with or without md5 for backward compatibility (MDL-11090) + if (($lesson->password == md5(trim($userpassword))) or ($lesson->password == $userpassword)) { $USER->lessonloggedin[$lesson->id] = true; $correctpass = true; if ($lesson->highscores) {