Hi,
I've noticed a couple issues with the how fantastico script does a moodle upgrade from one version to next. I'm specifically referring to an moodle 1.9.7 to 1.9.8.
Upon upgrade, a new config.php gets written to the public_html directory. Two issues:
1. Data directory: The line reads something like $CFG->dataroot = '/home/accountname/public_html/uploaddata' ; It is more secure to locate this directory outside webroot and sysadmins expect this dir to be titled 'moodledata'. so a path like '/home/accountname/moodledata' is best practice. Upon upgrade, unsuspecting teachers and student may not be able to access their courses and sysadmins may not realise that there config file is no longer pointing the 'moodledata' located outside webroot.
2. Password salt: This is a new feature from moodle 1.9.7. A random string or salt is added to all user passwords. The line reads something like $CFG->passwordsaltmain = ',Fpw4B[wAEA1*rb3&~07zeox' ; Upon upgrade, the new config file replaces the 'old' salt with a 'new' salt. This effectively locks all users out of the LMS, including admins, because the md5 hash passwords stored in the mysql database contain the 'old' salt. Users may be able to use the password retrieve function, but this will inconvenience many thousands of users. Unsuspecting sysadmins will not be aware that the password salt has been changed and not understand why users cannot login to the LMS.
http://docs.moodle.org/en/Password_saltingMy strong recommendation is that the fantastico script does NOT edit the config.php file during a moodle upgrade. What do other Moodlers think? I'd encourage the fantastico developers to join the dialogue.
