MDL-30336 - login - Added a setting in security that allows auto complete to be set to off in password fields.

2025-01-18 05:58:34 +01:00 · 2011-12-05 14:59:31 +08:00 · 2011-12-05 14:59:31 +08:00 · aa30d3e8ce
commit aa30d3e8ce
parent 42f6b3f1d7
4 changed files with 10 additions and 2 deletions
--- a/admin/settings/security.php
+++ b/admin/settings/security.php
@ -81,6 +81,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
    $temp->add(new admin_setting_configcheckbox('cookiesecure', get_string('cookiesecure', 'admin'), get_string('configcookiesecure', 'admin'), 0));
    $temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
    $temp->add(new admin_setting_configcheckbox('allowframembedding', get_string('allowframembedding', 'admin'), get_string('allowframembedding_help', 'admin'), 0));
+    $temp->add(new admin_setting_configcheckbox('loginpasswordautocomplete', get_string('loginpasswordautocomplete', 'admin'), get_string('loginpasswordautocomplete_help', 'admin'), 0));
    $ADMIN->add('security', $temp);


--- a/blocks/login/block_login.php
+++ b/blocks/login/block_login.php
@ -48,7 +48,12 @@ class block_login extends block_base {
            $this->content->text .= '<input type="text" name="username" id="login_username" value="'.s($username).'" /></div>';

            $this->content->text .= '<div class="c1 fld password"><label for="login_password">'.get_string('password').'</label>';
-            $this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
+
+            if (!empty($CFG->loginpasswordautocomplete)) {
+                $this->content->text .= '<input type="password" name="password" id="login_password" value="" autocomplete="off" /></div>';
+            } else {
+                $this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
+            }

            if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
                $checked = $username ? 'checked="checked"' : '';
--- a/lang/en/admin.php
+++ b/lang/en/admin.php
@ -613,6 +613,8 @@ $string['logguests_help'] = 'This setting enables logging of actions by guest ac
 $string['loginhttps'] = 'Use HTTPS for logins';
 $string['loginpageautofocus'] = 'Autofocus login page form';
 $string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.';
+$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form.';
+$string['loginpasswordautocomplete_help'] = 'Having this off will let users save their account password in their browser. Switching this setting on will result in your site no longer following XHTML strict validation rules.';
 $string['loglifetime'] = 'Keep logs for';
 $string['longtimewarning'] = '<b>Please note that this process can take a long time.</b>';
 $string['maintenancemode'] = 'In maintenance mode';
--- a/login/index_form.html
+++ b/login/index_form.html
@ -38,7 +38,7 @@ if ($show_instructions) {
            <div class="clearer"><!-- --></div>
            <div class="form-label"><label for="password"><?php print_string("password") ?></label></div>
            <div class="form-input">
-              <input type="password" name="password" id="password" size="15" value="" />
+              <input type="password" name="password" id="password" size="15" value="" <?php if (!empty($CFG->loginpasswordautocomplete)) {echo 'autocomplete="off"';} ?> />
              <input type="submit" id="loginbtn" value="<?php print_string("login") ?>" />
            </div>
            <div class="clearer"><!-- --></div>