Moodle
  1. Moodle
  2. MDL-15419

When creating a new Moodle, the admin password is not verified

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Not a bug
    • Affects Version/s: 1.9.1
    • Fix Version/s: None
    • Labels:
      None
    • Database:
      PostgreSQL
    • Affected Branches:
      MOODLE_19_STABLE

      Description

      When a new Moodle is created, there is a section that creates the admin account. That section does not ask to verify the admin password. I am in an envoronment that has multiple Moodles (over 50) and it would be a pain to get locked out of Moodle after configuring all of the site settings because the password was typed wrong.

        Gliffy Diagrams

          Activity

          Brandt Meyers created issue -
          Petr Skoda made changes -
          Field Original Value New Value
          Security Possible security issue [ 10002 ]
          Hide
          Eloy Lafuente (stronk7) added a comment -

          +1 for this.

          although DB admins have ways to change that password, by introducing it twice we can save some problems as commented.... Dongsheng can you take a look to this? I think the normal registration includes that, so, for strings and reference...it's a good place.

          Note that the "double password" is also missing when adding/editing users (from admin tree). Not sure if we want to double it there or no (for easier usage by admins). Although perhaps it's a goo practice to show it doubled in all the places.

          Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - +1 for this. although DB admins have ways to change that password, by introducing it twice we can save some problems as commented.... Dongsheng can you take a look to this? I think the normal registration includes that, so, for strings and reference...it's a good place. Note that the "double password" is also missing when adding/editing users (from admin tree). Not sure if we want to double it there or no (for easier usage by admins). Although perhaps it's a goo practice to show it doubled in all the places. Ciao
          Eloy Lafuente (stronk7) made changes -
          Assignee Eloy Lafuente (stronk7) [ stronk7 ] Dongsheng Cai [ dongsheng ]
          Eloy Lafuente (stronk7) made changes -
          Fix Version/s 1.9.2 [ 10280 ]
          Hide
          Dongsheng Cai added a comment -

          Hi, Eloy, the adding user form for admin shares the same one with editing profile. The password field are double now.
          In user sign up page, the password fields doesn't double too (email fields are doubled).
          Please review this patch.

          Show
          Dongsheng Cai added a comment - Hi, Eloy, the adding user form for admin shares the same one with editing profile. The password field are double now. In user sign up page, the password fields doesn't double too (email fields are doubled). Please review this patch.
          Dongsheng Cai made changes -
          Attachment MDL-15419.patch [ 14375 ]
          Hide
          Petr Skoda added a comment - - edited

          closing as not a bug
          there is already the password unmask option - just repeating the password does not solve problems if you have several keyboard layouts, capslock or numlock problem

          anyway you can:
          1/ reset password if email correct
          2/ you can edit database directly - by default (if salts not used) it is plain md5 hash
          3/ you can make a little password change script in PHP
          4/ you can drop db and start installation again - there should be no data yet

          petr

          Show
          Petr Skoda added a comment - - edited closing as not a bug there is already the password unmask option - just repeating the password does not solve problems if you have several keyboard layouts, capslock or numlock problem anyway you can: 1/ reset password if email correct 2/ you can edit database directly - by default (if salts not used) it is plain md5 hash 3/ you can make a little password change script in PHP 4/ you can drop db and start installation again - there should be no data yet petr
          Petr Skoda made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 1.9.2 [ 10280 ]
          Resolution Not a bug [ 7 ]
          Hide
          Ryan Smith added a comment -

          This wasn't reported as a bug, just an improvement.

          Why is there a problem adding a confirm password field?

          It is standard design for creating an account on any software package or website.

          Show
          Ryan Smith added a comment - This wasn't reported as a bug, just an improvement. Why is there a problem adding a confirm password field? It is standard design for creating an account on any software package or website.
          Hide
          Brandt Meyers added a comment -

          @Petr: I see your point with caps or num.

          Show
          Brandt Meyers added a comment - @Petr: I see your point with caps or num.
          Martin Dougiamas made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          QA Assignee nobody
          Martin Dougiamas made changes -
          Workflow jira [ 27138 ] MDL Workflow [ 60158 ]
          Martin Dougiamas made changes -
          Workflow MDL Workflow [ 60158 ] MDL Full Workflow [ 89324 ]

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: