From 244b4e8f7c722d188f8461a85280cc2cbf7c9265 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Thu, 14 Jul 2005 15:18:51 +0000
Subject: [PATCH] SC#106

Merged from MOODLE_15_STABLE
---
 lib/moodlelib.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index b09ed1f39203c..5ddf75e4c17ab 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2430,7 +2430,11 @@ function create_user_record($username, $password, $auth='') {
 
     $newuser->auth = (empty($auth)) ? $CFG->auth : $auth;
     $newuser->username = $username;
-    $newuser->password = md5($password);
+    if(empty($CFG->{$newuser->auth.'_preventpassindb'})){  //Prevent passwords in Moodle's DB
+        $newuser->password = md5($password);
+    } else {
+        $newuser->password = 'not cached';  //Unusable password
+    }
     $newuser->lang = $CFG->lang;
     $newuser->confirmed = 1;
     $newuser->lastIP = getremoteaddr();
@@ -2589,7 +2593,13 @@ function authenticate_user_login($username, $password) {
                 set_field('user', 'auth', $auth, 'username', $username);
             }
             if ($md5password <> $user->password) {   // Update local copy of password for reference
-                set_field('user', 'password', $md5password, 'username', $username);
+                if(empty($CFG->{$user->auth.'_preventpassindb'})){  //Prevent passwords in Moodle's DB
+                    set_field('user', 'password', $md5password, 'username', $username);
+                } else {
+                    if ($user->password != 'not cached') {
+                        set_field('user', 'password', 'not cached', 'username', $username); //Unusable password
+                    }
+                }
             }
             if (!is_internal_auth()) {            // update user record from external DB
                 $user = update_user_record($username);