Revert "MDL-31248 - lib - Alteration to the rc4encrypt function to al…

…low for old password use." This reverts commit 6aa13eb.
moodle · Mar 9, 2012 · a0808e8 · a0808e8
1 parent d395ad7
commit a0808e8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 47 deletions.
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -7383,51 +7383,27 @@ protected function prepare_emoticon_object($text, $imagename, $altidentifier = n
 /**
  * rc4encrypt
  *
- * Please note that in this version of moodle that the default for rc4encryption is
- * using the slightly more secure password key. There may be an issue when upgrading
- * from an older version of moodle.
- *
- * @todo MDL-31836 Remove the old password key in version 2.4
- * Code also needs to be changed in sessionlib.php
- * @see get_moodle_cookie()
- * @see set_moodle_cookie()
- *
- * @param string $data        Data to encrypt.
- * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
- * @return string             The now encrypted data.
- */
-function rc4encrypt($data, $usesecurekey = true) {
-    if (!$usesecurekey) {
-        $passwordkey = 'nfgjeingjk';
-    } else {
-        $passwordkey = get_site_identifier();
-    }
-    return endecrypt($passwordkey, $data, '');
+ * @todo Finish documenting this function
+ *
+ * @param string $data Data to encrypt
+ * @return string The now encrypted data
+ */
+function rc4encrypt($data) {
+    $password = get_site_identifier();
+    return endecrypt($password, $data, '');
 }
 
 /**
  * rc4decrypt
  *
- * Please note that in this version of moodle that the default for rc4encryption is
- * using the slightly more secure password key. There may be an issue when upgrading
- * from an older version of moodle.
- *
- * @todo MDL-31836 Remove the old password key in version 2.4
- * Code also needs to be changed in sessionlib.php
- * @see get_moodle_cookie()
- * @see set_moodle_cookie()
+ * @todo Finish documenting this function
  *
- * @param string $data        Data to decrypt.
- * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
- * @return string             The now decrypted data.
+ * @param string $data Data to decrypt
+ * @return string The now decrypted data
  */
-function rc4decrypt($data, $usesecurekey = true) {
-    if (!$usesecurekey) {
-        $passwordkey = 'nfgjeingjk';
-    } else {
-        $passwordkey = get_site_identifier();
-    }
-    return endecrypt($passwordkey, $data, 'de');
+function rc4decrypt($data) {
+    $password = get_site_identifier();
+    return endecrypt($password, $data, 'de');
 }
 
 /**

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
@@ -1049,17 +1049,9 @@ function get_moodle_cookie() {
         return '';
     } else {
         $username = rc4decrypt($_COOKIE[$cookiename]);
-        if ($username != clean_param($username, PARAM_USERNAME)) {
-            $username = rc4decrypt($_COOKIE[$cookiename], false);
-            if ($username == clean_param($username, PARAM_USERNAME)) {
-                set_moodle_cookie($username);
-            } else {
-                $username = '';
-            }
-        }
         if ($username === 'guest' or $username === 'nobody') {
             // backwards compatibility - we do not set these cookies any more
-            $username = '';
+            return '';
         }
         return $username;
     }