Bug #718842 Link excluded from pages with sidebars and when
login form has been drawn.

Change-Id: Ibbcbc3c749bfbb88fd2011fee90bb3465ee5f7fa
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

Change-Id: Id7eae48294768b7192ac3921c316f2d8288de38f
Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Thanks to Darryl Hamilton.

Change-Id: If0b30cd991d8efdf0ade123399bd355873ccbe39
Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* encrypt passwords on user add, edit and imports
* upgrade to encrypt and add salt to all existing cleartext passwords
* update validate_password to prevent successful validation of cleartext passwords with no salt
Signed-off-by: Eugene Venter <eugene@catalyst.net.nz>

Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

In order to provide useful debugging information to users and
admins, make use of the right MaharaException subclass.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

All HTML output (i.e. all echo/print statements going to the browser) should
now be in this file.

This is so that we can easily review all areas of Mahara where XSS bugs could
hide (other than templates and PHP pieforms).

Note that lib/errors.php echo statements can't be moved here since we want
that file to always work and can't include other code/files.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

so that others in the chain can still be tried (bug #536959)
Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Reload user institutions from db on institutional admin pages (bug #494484 - thanks to Ruslan Kabalin)
Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

If, when creating an authinstance, we get passed an object, pretend it's a row from the authinstance table.

I hate typing. Fixes the bug reported in this forum thread:
http://mahara.org/interaction/forum/topic.php?id=1111

Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>
(cherry picked from commit 8b121283)

There is a new optional setting called $cfg->httpswwwroot. The reason we
have a new setting instead of simply substituting 'http://' with
'https://' in $cfg->wwwroot, like Moodle currently does, is that this
prevents people from using non-standard ports in their HTTPS setups.
This may be necessary if you want to run both Moodle and Mahara on the
same host/ip and use HTTPS logins for both of them.
Signed-off-by: Iñaki Arenaza <iarenaza@eps.mondragon.edu>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

We've always had the ability for auth instances to define ->logout, this
adds ->login as well, along a very similar vein.

it was using string 'name' rather than $name when fetching config
variables

Most annoying on public pages where the login box is shown. When it gets
the focus it scrolls the document there which is annoying when you were
reading something below the fold, like a forum post.

Also destroy the session when creating a new user, to prevent strange session-out-of-sync problems. I think they only happen when a crash happens while creating a user account but you can't be too careful.

Hasn't been needed since before Mahara 1.0!