From f18496a375a8499d8e4a7c7a99fd7446eedb980a Mon Sep 17 00:00:00 2001
From: Jakub Jalowiec <jjalowie@mion.elka.pw.edu.pl>
Date: Mon, 30 Sep 2019 21:38:53 +0200
Subject: [PATCH 1/2] formtools/module-submission_accounts#11 enabling
 encryption of passwords

---
 global/code/field_types/Password.class.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/global/code/field_types/Password.class.php b/global/code/field_types/Password.class.php
index a84db695..c2d55c08 100644
--- a/global/code/field_types/Password.class.php
+++ b/global/code/field_types/Password.class.php
@@ -7,10 +7,20 @@
 class Password
 {
 
+    private static function getPhpProcessing()
+    {
+        $content =<<< END
+\$field_name     = \$vars["field_info"]["field_name"];
+\$password           = \$vars["data"][\$field_name];
+\$encryptedPassword = \$General.encode(\$password);
+return \$encryptedPassword;
+END;
+        return $content;
+    }
     public static function get()
     {
         $password_edit_field =<<< END
-<input type="password" name="{\$NAME}" value="{\$VALUE|escape}" class="cf_password" />
+<input type="password" name="{\$NAME}" value="{\$VALUE|escape}" class="cf_password" placeholder="password"/>
 {if \$comments}
   <div class="cf_field_comments">{\$comments}</div>
 {/if}
@@ -33,7 +43,7 @@ public static function get()
                 "view_field_php_function"        => "",
                 "view_field_smarty_markup"       => "",
                 "edit_field_smarty_markup"       => $password_edit_field,
-                "php_processing"                 => "",
+                "php_processing"                 => getPhpProcessing(),
                 "resources_css"                  => "input.cf_password {\r\n  width: 120px;\r\n}",
                 "resources_js"                   => ""
             ),

From 019889e39ba3b7adfb359e0ec9d7727491e09981 Mon Sep 17 00:00:00 2001
From: Jakub Jalowiec <jjalowie@mion.elka.pw.edu.pl>
Date: Wed, 2 Oct 2019 22:54:19 +0200
Subject: [PATCH 2/2] formtools/module-submission_accounts#11 hiding password
 value in user frontend

---
 global/smarty_plugins/function.edit_custom_field.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/global/smarty_plugins/function.edit_custom_field.php b/global/smarty_plugins/function.edit_custom_field.php
index 69018ecc..03aec6bb 100644
--- a/global/smarty_plugins/function.edit_custom_field.php
+++ b/global/smarty_plugins/function.edit_custom_field.php
@@ -39,7 +39,11 @@ function smarty_function_edit_custom_field($params, &$smarty)
 
             // TODO make sense of this. Both are required in different contexts
             // - in form builder, review page - the latter is needed.
-            if (isset($field_info["submission_value"]) || is_null($field_info["submission_value"])) {
+            
+            // hide password
+            if($field_type_info["field_type_identifier"] == "password")
+                echo "********";
+            else if (isset($field_info["submission_value"]) || is_null($field_info["submission_value"])) {
                 echo $field_info["submission_value"];
             } else {
                 echo $field_info["submission_info"]["value"];
@@ -51,6 +55,7 @@ function smarty_function_edit_custom_field($params, &$smarty)
     }
 
     // now construct all available placeholders
+    // note that we don't send the encrypted value of password, instead "********" is sent
     $placeholders = array(
         "FORM_ID" => $form_id,
         "VIEW_ID" => $field_info["view_id"],
@@ -58,7 +63,9 @@ function smarty_function_edit_custom_field($params, &$smarty)
         "FIELD_ID" => $field_info["field_id"],
         "NAME" => $field_info["field_name"],
         "COLNAME" => $field_info["col_name"],
-        "VALUE" => isset($field_info["submission_value"]) ? $field_info["submission_value"] : "",
+        "VALUE" => $curr_field_type["field_type_identifier"] != "password" ?
+                    (isset($field_info["submission_value"]) ? $field_info["submission_value"] : "")
+                    : "********",
         "SETTINGS" => $settings,
         "CONTEXTPAGE" => "edit_submission",
         "ACCOUNT_INFO" => Sessions::getWithFallback("account", array()),