Permalink
Browse files

MDL-31248 - lib - Retaining the old password key and creating a new c…

…ookie prefix.
  • Loading branch information...
1 parent 2c39e25 commit b48d546c9757a69c5d4b1fccb782118fc1cf98b0 @abgreeve abgreeve committed Feb 28, 2012
Showing with 24 additions and 16 deletions.
  1. +24 −16 lib/moodlelib.php
View
@@ -2741,13 +2741,13 @@ function set_moodle_cookie($thing) {
return;
}
- $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+ $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
$days = 60;
$seconds = DAYSECS*$days;
setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
- setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
+ setCookie($cookiename, rc4encrypt($thing, true), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
/**
@@ -2759,12 +2759,12 @@ function set_moodle_cookie($thing) {
function get_moodle_cookie() {
global $CFG;
- $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+ $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
- $thing = rc4decrypt($_COOKIE[$cookiename]);
+ $thing = rc4decrypt($_COOKIE[$cookiename], true);
return ($thing == 'guest') ? '': $thing; // Ignore guest account
}
}
@@ -6024,25 +6024,33 @@ function get_list_of_currencies() {
/**
* rc4encrypt
*
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data Data to encrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now encrypted data.
*/
-function rc4encrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, '');
+function rc4encrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, '');
}
/**
* rc4decrypt
*
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data Data to decrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now decrypted data.
*/
-function rc4decrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, 'de');
+function rc4decrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, 'de');
}
/**

0 comments on commit b48d546

Please sign in to comment.