mirror of
https://github.com/moodle/moodle.git
synced 2025-03-18 14:40:06 +01:00
MDL-30673 fix login autocompletion protection
This commit is contained in:
parent
2117dcb591
commit
4eaee2c85c
@ -35,6 +35,12 @@ class block_login extends block_base {
|
||||
// TODO: now that we have multiauth it is hard to find out if there is a way to change password
|
||||
$forgot = $wwwroot . '/login/forgot_password.php';
|
||||
|
||||
if (empty($CFG->xmlstrictheaders) and !empty($CFG->loginpasswordautocomplete)) {
|
||||
$autocomplete = 'autocomplete="off"';
|
||||
} else {
|
||||
$autocomplete = '';
|
||||
}
|
||||
|
||||
$username = get_moodle_cookie();
|
||||
|
||||
$this->content->footer = '';
|
||||
@ -42,18 +48,14 @@ class block_login extends block_base {
|
||||
|
||||
if (!isloggedin() or isguestuser()) { // Show the block
|
||||
|
||||
$this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'">';
|
||||
$this->content->text .= "\n".'<form class="loginform" id="login" method="post" action="'.get_login_url().'" '.$autocomplete.'>';
|
||||
|
||||
$this->content->text .= '<div class="c1 fld username"><label for="login_username">'.get_string('username').'</label>';
|
||||
$this->content->text .= '<input type="text" name="username" id="login_username" value="'.s($username).'" /></div>';
|
||||
|
||||
$this->content->text .= '<div class="c1 fld password"><label for="login_password">'.get_string('password').'</label>';
|
||||
|
||||
if (!empty($CFG->loginpasswordautocomplete)) {
|
||||
$this->content->text .= '<input type="password" name="password" id="login_password" value="" autocomplete="off" /></div>';
|
||||
} else {
|
||||
$this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
|
||||
}
|
||||
$this->content->text .= '<input type="password" name="password" id="login_password" value="" '.$autocomplete.' /></div>';
|
||||
|
||||
if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
|
||||
$checked = $username ? 'checked="checked"' : '';
|
||||
|
@ -613,7 +613,7 @@ $string['logguests_help'] = 'This setting enables logging of actions by guest ac
|
||||
$string['loginhttps'] = 'Use HTTPS for logins';
|
||||
$string['loginpageautofocus'] = 'Autofocus login page form';
|
||||
$string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.';
|
||||
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form.';
|
||||
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form';
|
||||
$string['loginpasswordautocomplete_help'] = 'Having this off will let users save their account password in their browser. Switching this setting on will result in your site no longer following XHTML strict validation rules.';
|
||||
$string['loglifetime'] = 'Keep logs for';
|
||||
$string['longtimewarning'] = '<b>Please note that this process can take a long time.</b>';
|
||||
|
@ -4,6 +4,12 @@ if ($show_instructions) {
|
||||
} else {
|
||||
$columns = 'onecolumn';
|
||||
}
|
||||
|
||||
if (empty($CFG->xmlstrictheaders) and !empty($CFG->loginpasswordautocomplete)) {
|
||||
$autocomplete = 'autocomplete="off"';
|
||||
} else {
|
||||
$autocomplete = '';
|
||||
}
|
||||
?>
|
||||
<div class="loginbox clearfix <?php echo $columns ?>">
|
||||
<div class="loginpanel">
|
||||
@ -29,7 +35,7 @@ if ($show_instructions) {
|
||||
echo '</div>';
|
||||
}
|
||||
?>
|
||||
<form action="<?php echo $CFG->httpswwwroot; ?>/login/index.php" method="post" id="login">
|
||||
<form action="<?php echo $CFG->httpswwwroot; ?>/login/index.php" method="post" id="login" <?php echo $autocomplete; ?> >
|
||||
<div class="loginform">
|
||||
<div class="form-label"><label for="username"><?php print_string("username") ?></label></div>
|
||||
<div class="form-input">
|
||||
@ -38,7 +44,7 @@ if ($show_instructions) {
|
||||
<div class="clearer"><!-- --></div>
|
||||
<div class="form-label"><label for="password"><?php print_string("password") ?></label></div>
|
||||
<div class="form-input">
|
||||
<input type="password" name="password" id="password" size="15" value="" <?php if (!empty($CFG->loginpasswordautocomplete)) {echo 'autocomplete="off"';} ?> />
|
||||
<input type="password" name="password" id="password" size="15" value="" <?php echo $autocomplete; ?> />
|
||||
<input type="submit" id="loginbtn" value="<?php print_string("login") ?>" />
|
||||
</div>
|
||||
<div class="clearer"><!-- --></div>
|
||||
|
Loading…
x
Reference in New Issue
Block a user