From 0c9edc985c4d1ac2f243e8cbe46c28f8b981e8d3 Mon Sep 17 00:00:00 2001 From: Adrian Greeve Date: Mon, 27 Feb 2012 12:07:58 +0800 Subject: [PATCH] MDL-31248 - lib - Alteration to the rc4encrypt function to allow for old password use. --- lib/moodlelib.php | 30 ++++++++++++++++++++---------- lib/sessionlib.php | 14 +++++++++++--- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index ad2cdd34203..71dcfdc6d14 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -6804,12 +6804,17 @@ class emoticon_manager { * * @todo Finish documenting this function * - * @param string $data Data to encrypt - * @return string The now encrypted data + * @param string $data Data to encrypt. + * @param bool $usesecurekey Lets us know if we are using the old or new password. + * @return string The now encrypted data. */ -function rc4encrypt($data) { - $password = get_site_identifier(); - return endecrypt($password, $data, ''); +function rc4encrypt($data, $usesecurekey = false) { + if (!$usesecurekey) { + $passwordkey = 'nfgjeingjk'; + } else { + $passwordkey = get_site_identifier(); + } + return endecrypt($passwordkey, $data, ''); } /** @@ -6817,12 +6822,17 @@ function rc4encrypt($data) { * * @todo Finish documenting this function * - * @param string $data Data to decrypt - * @return string The now decrypted data + * @param string $data Data to decrypt. + * @param bool $usesecurekey Lets us know if we are using the old or new password. + * @return string The now decrypted data. */ -function rc4decrypt($data) { - $password = get_site_identifier(); - return endecrypt($password, $data, 'de'); +function rc4decrypt($data, $usesecurekey = false) { + if (!$usesecurekey) { + $passwordkey = 'nfgjeingjk'; + } else { + $passwordkey = get_site_identifier(); + } + return endecrypt($passwordkey, $data, 'de'); } /** diff --git a/lib/sessionlib.php b/lib/sessionlib.php index 73cbf2a1fb6..ad20c4dac76 100644 --- a/lib/sessionlib.php +++ b/lib/sessionlib.php @@ -828,7 +828,7 @@ function set_moodle_cookie($username) { if ($username !== '') { // set username cookie for 60 days - setcookie($cookiename, rc4encrypt($username), time()+(DAYSECS*60), $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly); + setcookie($cookiename, rc4encrypt($username, true), time()+(DAYSECS*60), $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly); } } @@ -849,10 +849,18 @@ function get_moodle_cookie() { if (empty($_COOKIE[$cookiename])) { return ''; } else { - $username = rc4decrypt($_COOKIE[$cookiename]); + $username = rc4decrypt($_COOKIE[$cookiename], true); + if ($username != clean_param($username, PARAM_USERNAME)) { + $username = rc4decrypt($_COOKIE[$cookiename]); + if ($username == clean_param($username, PARAM_USERNAME)) { + set_moodle_cookie($username); + } else { + $username = ''; + } + } if ($username === 'guest' or $username === 'nobody') { // backwards compatibility - we do not set these cookies any more - return ''; + $username = ''; } return $username; } -- 2.43.0