I'm glad you understand what I'm getting at . Then at least you can evaluate it to see if it will accomplish what you need.

Also see this thread http://moodle.org/mod/forum/discuss.php?d=135630

Greetings
Marius

Hi Rascho,

You need to find your school's Moodle site. Moodle.org is where Moodle software is created and supported. If you are lost please ask your school to help you find the correct web address for your Moodle site.

I have worked with the Moodle backup/restore code myself these days.

If I am not mistaken, the restore_decode_content_links() function handles the rewriting of URLs in all text fields of all modules, blocks, courses, etc. Basically, when you backup something the URLs are those pointing to your Moodle installation. However, when you restore the data, Moodle performs URL rewriting such that you don't get broken links - they will point to the new Moodle installation address.

Hello Ricardo. Moodle has one already. If you or your site admin go to site administration block on the front page>modules>filters>multimedia plugins and ensure it is enabled "with the eye opened" then when you make a link to an mp3 file in Moodle's html editor it will play it with this player automatically so you don't need to get one yourself.
Here's one:(MP3 audio)

Alison - when they use the attachment button the pic displays in the text box anyway as if they had uploaded it Also (if your admin has multimedia filters ON for video and sound) then if they upload mp3s or certain video files they will appear in the box playing in their own player - no need to click them to open either. So do encourage them to use the attachment upload box

Quite possibly, but the best way would be to try it locally first perhaps in a Virtual Machine or local testing server.

Duplicate your Moodle install, database and PHP version locally, then upgrade PHP on your local testing machine and see what the effect is.

Ideally you would have a set number and format of tests that would run over the site to verify everything is correct, Selenium IDE is a fantastic tool for automating front end testing.

Hey Jeff.

No need to alter any code

Just Go to Site Administration ->Modules -> Blocks -> Online Users and change Remove after inactivity (minutes) to 10 mins as you want.


Hope your issue is solved.


Lak

Hi Jeff,

You can also go directly to the W3C validator itself and check your pages.

Don't be freaked out by the number of errors: I've often found I just correct one thing and they all disappear.

Cheers,
Glenys

Hi Jeff

Glad you got the quiz working.

In Firefox select: Tools>Web Developer>Tools>Validate Local HTML.

Hope it works.  It is fun when you get the nice green "Validates" message!

Deborah

Hi Bob.  Here's how to do it.

1.  Set up your groups - I would suggest naming each group for its character (Tock, Milo, Mathemagician, etc.)
2.  Set up ONE wiki (perhaps with the book title, e.g. Phantom Tollbooth).  Make it groups type, with visible groups.  This automatically sets up as many wikis as you have groups.  If you later create more groups, they will get wikis, too.  When you save the wiki description page, the HTML editor should open for you to create the first page of the wiki.  If you look at the top left, you will see that you are actually creating the first page for one specific group.  On the top right, there is a drop-down menu that will allow you to navigate to the other wikis and create their first pages, one by one.

That's it, you're done.  Each person will be able to edit their own group's wiki, and they will be able to use the drop down menu to see the other wikis.  Since the drop down menu includes the group names (in your case character names), students will be able to navigate easily.

One thing to be careful about is that each group have distinct titles for their pages.  If every group has a page titled, say, "relationships with other characters" confusion will reign.  This is tricky because most teacher's instinct is to impose a common structure on the wikis.  Perhaps insist that every page title include the character's name, e.g. "Milo's relationships", "Tock's relationships" and so on.  That will take care of it.

Good luck with it.

Russ

Hi Juan,

that should be fixed in next weekly build of Moodle 1.8 (there was one recently introduced regression there).

Ciao

Hello Jeff,

I just tried the quiz in IE8 and the questions did not show up. In Firefox the questions showed up.

When this happens to me it is usually bad code. I ran the quiz through the W3 Validator (using the Firefox Web Developer extension - you can download it free if you haven't got it) and, oops, there are 151 errors!

I would suggest you go through and try and eliminate the the errors (the first few seemed to be about "center" being undefined and end tags being ommitted - you might have repeated the same error throughout) and hope that will sort out the problem.

Deborah

Hi Joseph, I think that solution is a bit extreme and could have undesirable consequences in the rest of the Moodle installation. I guess you're assuming that the client will definitely take good advice and elect to remove the auto play feature ;)

Personally, I'd use a 3rd party MP3 player or at least configure the Moodle MP3 player manually using some embed code. Here's an example that you can edit to meet your needs. It's strict XHTML 1.0, W3C standards compliant-ish (no declarations the the head section). Moodle will most probably mangle it but it should still work:



The problem with Moodle's embed method and this one is that it doesn't get around IE's ActiveX issues and some users might experience problems with it. Moodle really should be using SWFObject as its default embed method: http://code.google.com/p/swfobject/

If the default Moodle MP3 player doesn't meet your needs, you may find it easier to use one that I'm developing for Moodle tests: http://code.google.com/p/moodle-mp3-player-for-tests/ If you set the window dimensions to 1x1 pixel, it'll be invisible. I don't know if 0x0 will work but it's also worth a try. Please note that it's Flash Player 9+ and won't work on mobile devices that run Flash Player lite.

Hi Laura - good luck with Moodle. I am only up the road in Preston and we love it I don't know about adding one to the actual header of your course but you could add some javascript to the topic summary or a label (though beware - that sometimes causes problems) and there are plenty out there to choose from if you google javascript coundown timer. On the other hand, you could have it in a side block which might look better and is possibly safer - Have a look here for a possible countdown clock - you might be able to customise it to suit your school but this is one I used last summer and will be putting up again shortly for our mocks.

I see. Then it looks like QuizPort is not installed.

Would did you mean when you said earlier "all the update files show up"?. I thought you meant that you saw the messages sayng the database tables for QuizPort had been set up, but now that seems not to be the case, so I wonder if you could rephrase or elucidate a little more.

What to try next? Well, you could try switching Site administration -> Server -> Debugging to it's highest level, "Developer", and see if you get any error messages when you access the admin Notifications screen again.

If that doesn't help, I would love to come and have a look at the server myself. Could you send me private email with the access details to the server?
* gordon at-sign kanazawa hyphen gu dot ac dot jp

In particular I would need to be able to upload files to the QuizPort folder on your server in order to investigate properly. I have a hunch that there is some incompatability between QuizPort and PHP4.

best regards
Gordon

Hi Jeff,
no problem and thanks again for letting me have a look.

Hope you enjoy QuizPort and I am especially interested to see if it perfoms up to standard for you with regard to math teaching. I believe QuizPort is compatible with Moodle's math filters (Tex et al.) so please give them a spin and let us know how you get on.

all the best
Gordon

Quite agree with Mary. Actually, this very desirable feature has been implemented in forthcoming version 2.0 of Moodle, see attached screenshot.
Joseph

Hi Jeff,
those messages are from the theme, so you might like to pass them on to the maintainer of the "power-of-science" theme, and I am sure they will be happy to fix up the theme for you.

Thanks for giving me access to your Moodle site.

> QuizPort is not showing up in
> Site Administration -> Modules -> Activities -> Manage Activities.

Looks like some misunderstanding here. I logged in and went to Site administration -> Modules -> Acitivties -> Manage activities, (note you have to actually click on "Manage activities" link to see the page showing the list of available Activity modules), where I saw that the QuizPort module was listed. Great, it was installed after all.

However, the QuizPort module was disabled (closed eye). I enabled it, by clicking on the "closed eye" so that it changed to an "open eye", and then confirmed that QuizPort now appears in the "Add an activity ..." menus in the course pages when they are in edit mode.

QuizPort installed fine and seems to be working OK on your Moodle site. Thanks for allowing me to confirm that QuizPort installs on PHP4

best regards
Gordon

I made some modifications over the half term and am pleased to release v1.1

Pro 1.1 (Bearhug) - Released

• PIX Folder - Additional filetype icons added
• aardvark_layout.css - Forum controls added to restrict posted images to fit on to page ".forumpost {width: auto;overflow:none;}" and ".forumpost img {max-width: 100%;}"
• aardvark_layout.css - Removed "position" and "left" elements from ".cal_popup_bg ", ".surround" and ".header-profileblock" to fix calendar pop-ups.
• aardvark_layout.css - Changed .surround to #surround
• aardvark_color.css - Changed .surround to #surround
• header.html - Changed <div class="surround"> to <div id="surround">
• header.html - Correctly closed link in <link rel="stylesheet" href="<?php echo $CFG->httpsthemewww .'/'. current_theme() ?>/aardvark_print.css" type="text/css" media="print" />
• aardvark_print.css - Added
• various css - Changed header-profile classes (.) to IDs (#)
• header.html - Changed header-profileblock class to ID
• aardvark_default.css - Removed #header-home and placed contents in #logo
• header.html - Made the header elements a little more PHP and removed redundant #header-home DIV. Now reads
  <?php print_container_start(true, '', 'header');
  echo '<div id="logo">';
  echo '<a href="'.$CFG->wwwroot.'" style="display: block; width: 247px; height: 96px;"> </a>';
  echo '</div>';
  echo '<div id="header-profileblock">';
  include('profileblock.php');
  echo '</div>';
  ?>
• header.html - Validated markup! Woop!!!

Download = http://moodle.org/mod/data/view.php?d=26&rid=2618

Previous thread = http://moodle.org/mod/forum/discuss.php?d=134994

I completely agree with you on the purposes of testing, and that cheats are, ultimately, only cheating themselves.

However, it is a perfectly feasible goal when building an online assessment system to ensure that there is no way that view source can reveal information that helps work out the answer. So it just feels right to me to do that. Part of making the quiz a good and reliable tool.

Hi Wissam,

The option to search all messages from all users is available for users with the capability moodle/site:readallmessages. Thus, to hide the option, simply ensure that the capability is not set or prevented for all non-admin roles.

I did some more refining and discovered also that I have placed the isotope indexes on the wrong side of the He HiHi

I haven't corrected that in the picture included now either.

Anyhow you can see the "proof of concept" anyhow.

It can be found in the Modules and Plugins database, here http://moodle.org/mod/data/view.php?d=13&rid=2144&filter=1

It only rates courses. Moodle will allow you to rate forum posts as standard, if you switch it on when you set up the forum.

I think it may be a better idea for each location to have a proxy server that caches items such as the videos locally as they're viewed, rather than syncing all of the videos and data + Moodle to each location periodically. Syncing large amounts of video will result in a lot of data, and potentially issues with data quotas.

That way you don't have to bother about maintaining multiple Moodle instances needlessly for a few FLVs, and you'll also get benefits for their regular web traffic.

Andrea, thanks for translating the information into Italian. I've renamed it to http://docs.moodle.org/it/report/security/report_security_check_passwordsaltmain (you'll notice I had some fun in doing so ). When you upgrade your sites you'll find the exact link on the notifications page and in the security overview report.

Dear multi-lingual Moodlers,

To greatly reduce the risk of password theft, we're encouraging all Moodle site admins to set a 'password salt'. Please see the password salting documentation for details.

A password salt will be set automatically for all new 1.8.11 and 1.9.7 installations (due for release very soon) and admins will be strongly recommended to add a password salt manually when upgrading to these versions (source: Moodle 1.9.7 release notes).

To ensure everyone understands password salting, it would be great if you could help by translating the password salting documentation into your language. To create the page in the documentation wiki for your language, simply use the URL

http://docs.moodle.org/xx/report/security/report_security_check_passwordsaltmain

and replace xx with your language code. For example, for French (fr), the URL would be

http://docs.moodle.org/fr/report/security/report_security_check_passwordsaltmain

You need to make sure you are logged into your documentation wiki then you can translate the English documentation as it appears here: http://docs.moodle.org/en/report/security/report_security_check_passwordsaltmain.

A link to the password salting documentation will be provided on the notifications page in Moodle 1.8.11 and 1.9.7 and also in the security overview report. Thus French Moodle site admins will be provided with the link http://docs.moodle.org/fr/report/security/report_security_check_passwordsaltmain.

If you'd like to help translating the password salting documentation, but are confused about what to do, please let me know by replying to this discussion so I can provide further explanation (or perhaps someone else can describe things better!)

Thanks to Iñaki for translating the documentation into Spanish already, and to everyone else who is able to help out.

Latin encoding is fine for most of Europe.

Of course, most software has supported Unicode just fine for some years, but Excel seems to be an exception.

Darlene,

If a user has already been subscribed to a forum, they will need to unsubscribe themselves from the forum. There is a page that shows all the forums in the course and gives the users a way to unsubscribe from forums in the course. Here's one way to get there.

1. Log in to your Moodle site
2. Enter the course under discussion
3. Enter any of the forums in the course
4. Look near the top of the page for the navigation menu "Your site name --> Course Name --> Forums --> the forum name" and click the "Forums" link.
5. Click the "Yes" button for every forum you don't want subscribed to.

Another way is if you have the "Activities" block enabled, you just need to click the "Forums" link provided in the "Activities" block.

Now, how about a quick explanation for why your approach didn't quite work as you expected.

Changing the subscription settings for a specific forum only affects how that forum behaves in the future. It doesn't change what has already happened.

Setting the user's subscription settings in their profile again only affects future forum posts.

Does this help?

Scott

This is related to the gradehistorylifetime setting on the cleanup page.

It is crazy to do this every 15 minutes. Once per day would be more than enough. Please put a bug/patch in the tracker.

I just made a clone of the teacher role to get round this problem. We were seeing it in forums where teachers had a single group and they were getting forum posts from all groups emailed to them.

I cloned the teacher role and then set access all groups to deny.

I then assigned the teachers of the course who were only responsible for one group to this role instead of the standard teacher role...

Seems to be working OK...

The administrator has the ability to allow different language packs to be used. Go to Administration Block->Langague-> Language Settings. There you can choose to autodetect the language from the user's browser and to display a language menu. Once you have installed language packs, they will appear in the language menu and users can select them.

When you create a course (or click on the settings under the course administration block) you can select "Force Language" and set that to the correct language. That way even if the end user has choosen a different language, when they enter the German course all of the blocks will be titled in German.

Thanks, Jon, much appreciated. What do folks think about making anonymous access to one's profile customisable (on/off) by the user? Would this be a usability topic or a feature request for elsewhere?

Another resource is the Moodle developers' course on how to write a block at http://dev.moodle.org/.

Hi
You need to add him a site-wide administrator role. It is been done on
(Site) Administration► Users ► Permissions ► Assign system roles
Then you both should have same permissions.
Hope this helps

Hi
You need to set capability role:unassignself for Student role to Allow.
You can find global setting for roles on
(Site) Administration ► Users ► Permissions ► Define roles

I can't see how you can do it with ONE quiz but you could do it with 8 IE -in the feedback at the end according to what they get in quiz one, you give them the password for quiz 2 if they pass and if they fail you don't. Then you set up quiz 2 with that password and do the same at the end of the quiz -in the feedback give them the password for quiz three if they pass etc..

Finally worked this out... too simple for it to be obvious, I guess.

I've set up three categories within the top level: Public, Collaborative and Private.

All I had to do then was allocate the collaborating users a guest role in the private category and a 'collaborative user' role in the others.

I can sleep well now.

Try turning on Debugging to see if you get something non-empty instead. And try the other Excel encoding setting.

Hello,

your post and linked article does not contain enough information to evaluate this problem.

The full list of vulnerabilities of phpMyAdmin is available from http://www.phpmyadmin.net/home_page/security/. Everybody should upgrade when new version with any fix is available. I would personally recommend all admins using this software package to subscribe to RSS feed on this page.

We are distributing a customised version phpMyAdmin with Moodle, it is updated regularly and each new version is announced at http://moodle.org/security/ - each Moodle server administrator should be subscribed there, you do not need to watch the phpMyAdmin site directly

Our customisations and server requirements sometimes neutralise some vulnerabilities, for example Moodle is forcing admins to turn off evil register globals which were the biggest source of security problems in PHP applications.


Petr
(maintainer of phpMyAdmin Moodle integration)

To get a new Forum RSS to work.

1. Add a new post into this forum.
2. Allow subscribe (don't force)
3. Run cron
4. Clean your cache
5. Logout your admin role.
6. Login use any user account
7. Click on that RSS icon and subscribe it
8. Login again as Admin and to see the 'RSS error' disappeared!!
9. Change subscribe to force if you want to
   

I tried it out just to make sure it worked. See the included picture. I see that the mouse (which was hovering over the correct answer) wasn't captured in the picture. Don't think that the feedback is connected to the incorrect answer!

By using various HTML parameters one can adjust the alignment and division of a table in all kinds of ways.

1. Withdraw the user from the course altogether. Course Creators should be assigned to categories, and if they create a course they do not have any rights to that course, unless they assign themselves as either Teacher or Student at creation of the course. Chances are, that user assigned themselves as Student, not Teacher - which is easy to do. Short answer, do not assign Course Creators to Courses. Reassign the user as a Teacher, that should fix the problem.

2. WHAT????? You have assigned the default Front Page Role as Adminstrator????? NO, NO, NO.... If you have a default role it should be no higher than Student.
Solution 1. Go to Administration > Front Page > Front Page Settings and the last item on the page is Default frontpage role If that reads anything other than Student or Authorized User, change it.
Solution 2. Go to Administration > Front page > Front Page Roles and look at the list of Roles. If there is any name in any of the roles, remove it. Mine never reads anyone's name as I never assign anyone to a Front page role.

These are two different issues but can have the same effect, so they have two different solutions.

3. NEVER create a role higher than an Admininstrator. Create a role that is based on the Administrator's role, but you can remove some rights, like the role should have access to configuration files, or give the role read privileges everywhere, but no write priveleges anywhere. This is a tricky one, because you want them to have silent access, but not change anything. This is a matter of trial and error, unless you know someone who may be an expert on Roles and Permissions.

This is an interesting question though, you may want to put it on the Moodle Tracker and see if there is anything there that may help you out.

Wouldn't a Metacourse provide exactly that functionality?

Frank

How about creating a meta-course for this purpose that has all other courses as children? Put the videos into the metacourse as resources. You can even copy the links to the resources and put the links into the child courses.

See User profile fields.

We had a fruitful discussion at http://docs.moodle.org/en/Talk:Filters_used_on_the_Moodle.org_forums

I've been brushing up my rusty Greasemonkey skills and here is the result: moodle_tracker_info.user.js. The script will display the title of any linked tracker id as a tooltip as Tim suggested (see screenshot).

Frank

Hi James,

I think many of us would see this as a happy problem because you've clearly got loads of people into Moodle!

For my 2c I think there are two approaches that you should consider:

a) Back-end: file management. Set out a file naming protocol and a file management structure ditto. This means that whoever adds material to Moodle will have to use a standardised system. New staff adding material will find it easier to locate/check/store. If it helps, I learned this the hard way as shifting files in Moodle does not carry over any hyperlinks from their parent pages (as it does in Dreamweaver for example);

b) Front end: have a common look and feel between all courses. This gets staff used to where things go and allows students to be more confident they can locate information. I tend to use banner logos on all topics with the admin side having the same image and different headings followed by topics with their own distinctive style. The content of each topic depends on the year group but for my senior people (screenshot as requested) I have a lesson plan outline, forum (my must-have to gather comments), book (THE way IMHO to gather data, lesson notes, key material - in colour not the usual B&W photocopying, extension material, websites etc in a neat package with each webpage/"chapter" being a specific lesson or lesson set). Any extra work e.g. fieldwork in my case, gets its own logo and a link to another webpage.

I've used this for a couple of years. Student response is good and getting better. My latest crop sorted out the senior work before the class formally started (and told me that they had a Facebook page to swap meeting times, ideas etc.!!) so it's clear that this works, at least for my lot.

Hope this helps,

Paul

Well, Moodle 2.0 will contain a utility for migrating your Moodle site from one database to another. So, if you can delay for a while, this will be easier to do later.

If you really want to migrate, just trying to convert the database using generic migration tools probably requires you to know a bit about Moodle, and fiddle around to make things work.

Another option is that, with some fiddling, it is possible to use the Moodle 2.0 migration facility to convert a Moodle 1.9 site, but again it is not pretty. I did it once with Jordan, and documented it at Hacking the Moodle 2.0 database transfer script to convert a Moodle 1.9 site.

Hello,

we try to fix all problems we find or that get reported, sometimes the solutions are a bit complex and it takes some time to get it implemented. Unfortunately the main "security problem" is in the browsers and the whole design of web. Web was designed for distribution of information, not as a security framework

It is always better to not put sensitive data into any web based system and instead keep it outside in some locked down database.

There are many configuration options in Moodle that help you get the desired compromise between security and flexibility. We can not make the default Moodle install fit all regulations and school needs world wide, you have to:
* educate the admins
* configure moodle properly
* educate teachers
* maintain your moodle regularly

To everybody: Please do not blame the developers that Moodle is not "secure", it is definitely not worse than other similar systems. Instead please help us create better documentation and guides for admins and teachers.


Petr

Jacqueline,

I wasn't quite sure what you mean by register.  I thought of two different possibilities, hopefully one of them is what you are looking for!

• Students receive a confirmation email when they create a user account.  This text can be found in the lang/?/moodle.php as the emailconfirmation "variable".
• Students receive a welcome email when they enroll in a course.  This text can be found in the lang/?/moodle.php file as the welcometocoursetext "variable".

? depends on what version of moodle you are using as well as what language.

Hope this helps!

Scott

If you use an authentication plugin that does not store the passwords in the Moodle database, then you don't need to worry about salting in Moodle.

I have a Biome unit that utilizes group work and some constructivist activities... I will have to double check all the pictures and handouts and make sure that they can be posted on an internet site... it might take a few weeks, if you are still interested.  I have a copy posted in our district site as a sample, so I can send it to you without students.

Paula Clough

Hi Petr,
after Martin's post today as reaction to someones irresponsible behaviour of posting and detailing security issues public on youtube I followed this discussion and must say I am very disappointed and disgusted on how some people who obviously want to damage moodle's reputation keep pulling out the most strange arguments. I absolutely agree with your postings on the trust we need into teachers - but also students and want to stress the fact that this is not a moodle problem but a social problem nowadays- we need to educate kids and students to keep them safe and make them use social media in a responsible way. THIS is the task for us teachers and I am ever so grateful that there are people like you out there in the moodle community who with their work and dedication help us fulfill these tasks!
Thanks again!

One last example, but no screenshots of this one.

Last year I created a database for our Year 12 students to allow for them to share their study notes with each other. It was set up so they could only view other students notes once they had uploaded at least 2 of their own. this was immensely successfully and ended up with about 40+ files collected.

The students could upload, categorize and summarize their study notes while finally attaching the file itself. With our year 12's offsite for some time before the HSC kicks in, this still allowed them to network and share information with each other while offsite.

Hi Helen
A thought - could we have a repository of database presets in the moodle exchange? Thoughts?
Thanks
Tabitha

Here is an example of how my Junior School librarian used the Database tool for a book review project.

Students are encouraged to review books that they have read and to add them to the database for other students to see.

Screenshot attached.

I have received a few PM's about this one. Remember all, it is usually best to post questions in the thread so that everyone can get the benefit of the response.

I have attached the template file for this book review database to this post so tht anyone else can use it or maybe dissect it a bit to see how it works.

Would be great to see more people sharing their Database presets as I am sure there are many other fantastic uses out there.

---

To use someone else's templates (called a preset) follow these steps.

1. Create your database activity as normal.
2. Click on the "presets" tab
3. Scroll down to the "Import from zip file" and upload then choose the zip file of the preset . (mine is attached to this post)
4. Click "import"
5. You are done. you can now use your own new Book Reviews Database.
   

Julian

The best bet would be to install the Activity Locking course format (have a look in the docs) In Moodle 2 coming out next year this will be standard but in the meantime if you want to set conditions on progression this is worth a look. There are other options you could do such as setting a quiz/lesson with a password at the end and they can only go on to the next set of activities if they know the password - but try Activity locking first.

With reference to Helen's blog post on Moodle.org forums Code of Conduct, it would be useful to put a reference in the 'Before posting' section to the Tracker pages on Moodle Docs.

Also, if people are going to ask for help in the forums, then it really will save time and engender support if people list the core information like server details, php version, database version, operating system, moodle version, etc.

And I've found the discussions on how to manipulate Moodle developers, started by Don Hinkleman useful.

Hi there. Did you put some coding like javascript into your topic header - that is what usually does it. If you turn on your editing and then click on a different topic icon that does work, copy and paste that link into another tab in your browser. Then change the number at the end (it is the  number of the topic section) Try a number before it first although this won;t necessarily take you to your topic section 1. Eventually you should end up in the editing screen of your topic 1 that you cannot access. Delete everything - and I would click on the code icon (the two brackets second from the far right in the bottom toolbar) and delete everything in there too. Scroll down and save and it should work again. If it doesn't post back for more help

Have you come across flex page I think it might give you what you need, I am currently using it happily (I am told by the guy I'm working with that it is simaliar to book) it allows you to construct pages that have activitivies blocks or html and resources on them that have forward and back buttons on.

The tutorial is here I suggest you follow the link, login as a guest then try the link again.
the download is here

Hope that helps

Actually this is not a function of Moodle, it is a function of the SCORM course.  Depending on the tool you are using to develop the SCORM course, there is typically a setting for bookmarking or saving the last visited location.

Check your publish settings for SCORM if you are using Captivate or Lectora.

It was just a salty joke - this current solution is already super saturated solution

Just for fun I counted how long would it take to count and crack all possible combinations of passwords and salts for current super computers (or cracker networks) - for 3 example values (using brute force for all possible strings like Hubert suggested)

If they can count about 1 quadrillion calculations per second (one petaflop) calculating all MD5 hashed passwords lasts for unsalted passwords that Steve presented (only lowercase letters & numbers) about 0.003 seconds. If crackers want to find out all possible MD5 hashed combinations of 28 printable ascii characters from 95 possible characters (for example 8 characters in password and 20 characters in salt, 14 characters in password and salt (both) or 20 characters in password and 8 characters in salt) it might take 753 627 922 450 796 000 000 000 000 000 000 years but we are no more alive to see that happen

In reality it won't take so long because computers get better and better all the time but I think this solution is good enough to protect passwords even with MD5 hashing.

Password+Salt	Ascii	Combinations	sec
8	36	2.82111E+12	0.00282111
8	62	2.1834E+14	0.218340106
8	95	6.6342E+15	6.634204313
Password+Salt	Ascii	Combinations	sec	min	hours	days	years
14	36	6.14094E+21	6140942.214	102349.0369	1705.817282	71.07572007	0.194594716
14	62	1.24018E+25	12401769435	206696157.2	3444935.954	143538.9981	392.9883589
14	95	4.87675E+27	4.87675E+12	81279163186	1354652720	56443863.32	154534.8756
Password+Salt	Ascii	Combinations	sec	min	hours	days	years
28	36	3.77112E+43	3.77112E+28	6.2852E+26	1.04753E+25	4.36472E+23	1.19499E+21
28	62	1.53804E+50	1.53804E+35	2.5634E+33	4.27233E+31	1.78014E+30	4.87375E+27
28	95	2.37827E+55	2.37827E+40	3.96378E+38	6.6063E+36	2.75263E+35	7.53628E+32

MS and other companies creating browsers or browser plugins are releasing security fixes every week. If somebody gets access to your computer directly you are in much bigger trouble than if somebody gets access to your Moodle data. Are you proposing to not allow children to use Internet?

I am personally more scared from blogs, twitter, facebook and other Web 2.0 things - children do not send highly sensitive and personal information into their schools' Moodle, they do send it into these systems without any thinking

Some time ago new feature was added into Moodle - the security overview report. This tool is designed to help administrators configure their Moodle servers.


Petr

This is no experiment, password salt is just a new concept for our users

Is it possible to convert all old password hashes in DB to use new salt?

No, it is not possible, because we need to know old password in plain text - we only have md5 hashes now. We have to wait until user logs in and then use the new salt and password in plaintext and create a md5 hash from salt+password.

If system does not know the original salt the password can not be verified/cracked - that is the actual security improvement

Petr

If you still remember the old salt, put it in $CFG->passwordsaltalt1 in config.php and Moodle will use it.

Would others find this useful? If so please reply and I will add it to tracker.

One way that I woudl use it would be to setup a FORUM called something like PRIVATE DISCUSSIONS WITH THE TEACHER & IN EACH GROUP.

The advantage of using a FORUM for private discusisons with the teacher is is that the communication is all deates stampted, easily searchable and threaded under each topic. Another advantage over DIALOGUE is that the threads can be renamed or split if needed.

PeterEvans

I don't get this - salt should be optional spice in passwords and people should be able to use strong passwords also without salt - or has it changed ???

You are able to use strong passwords without salt. Most people simply don't. That's why salting will be enabled by default from 1.9.7 (or so I've heard).

In fact, Moodle tries to verify your password with all the configured salts and without any salting at all.

It has to do it as it isn't storing the salt with the password (to make it even more difficult to crack it). So it doesn't know if your password is salted or not, and which salt was used to salt it.

That's why everytime you change your main salt value, you have to store all the previous ones in $CFG->passwordsaltaltXX (where XX is in 1..20).

If you forget password and ask new password does moodle use now automatically first salt $CFG->passwordsaltalt1 together with new password ?

It always salts new passwords with your main salt ($CFG->passwordsaltmain).

Saludos, Iñaki.

Hello Simon - not too far from me it would appear, looking at your profile

Well the obvious answer would be the sitefiles directory #1 but those are accessible from the outside if you know the url and so not really secure.Alternatively you could put the files in a course and enrol everyone in your Moodle into that course.Then when you refer to the files in a different course, users will be able to see them as they will be enrolled in the "repository" course.

"some minutes" is too long for a single sign-on solution. And your rainbow tables won't work against a long-enough/good-enough password.

Anyways, Moodle really does need to switch to per-password salting (and a stronger hash function).

Forum is one of those activities that all students are usually allowed to use and iframe on the other hand is one of those tags that can be used for attacks by malicious people - if you let them do it.

If you trust your students you can add iframe to $ALLOWED_TAGS in weblib.php

Otherwise you could for example add iframes to such resources, labels, blocks etc that students can see but may not edit and add just links or attachments to your forum posts...

Yes.

There is a 2.0 version already available in CONTRIB HEAD. You can also download the zip at the downloads screen (link).

mike

I just checked our Moodle install out for vulnerability to this exploit. It turns out we're pretty safe - here's why:

• The vast majority of our accounts are authenticated using LDAP - no passwords stored in Moodle.
• Teachers don't have the capability of enrolling students themselves - this is handled by the flatfile enrolment plugin.
• The passwords that are stored in Moodle are the admin account and test accounts - the former has a strong password, and the latter have no permissions to speak of.

Definitely worth checking if you're vulnerable, and taking similar steps to those above if you are - particularly in terms of enforcing strong passwords!

Hello Chuck,

Thanks for your comments. I'm glad to hear that you find this project interesting and useful. I really have high expectations for the future of this integration. My main motivations were also to provide a good alternative to places without a reliable connection and to speed up the performance when these connections are slow.

The module was intended to work on 2.0 only, and we still need to implement it with the most updated version of this release. If there is enough interest, I will be happy to help backporting it to 1.9.5, but that will come after we fully integrate it and test it with 2.0. It will require some work because many APIs have changed. For the same reason, the module requires constant updating, which I haven't done recently. You probably got the error in the test site because of the stability of 2.0 and the fact that any new features/changes have an effect on the offline module. In this particular case, my guess is that there is a bug related to the manifest file creation and I'm trying to find some free time from school to work on this. By the way, if you are interested in helping, the source code can be downloaded here. The last time I checked it worked with Safari 4.0 and Firefox 3.5.3.

Hi,

By default, Moodle detects a user's language from their browser setting. You can disable language auto-detection so that the default site language is used instead in Administration > Language > Language settings.

Hi,

Unfortunately it's not currently possible to make certain fields mandatory. However, this feature has been requested previously - MDL-5583. Please vote for the issue if you'd like it to be fixed (you'll need a tracker account) to help developers determine development priorities.

If that theme is using custom pix ( theme config.php has $THEME->custompix = true; ) you can add icon for module feedback to

yoursite/theme/nameofyourtheme/pix/mod/feedback/icon.gif

Feedback is not a standard module (before moodle 2.0) and all themes with custom pix don't have icons for all activities.

Copy that icon.gif from folder mod/feedback...