Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

See Bug #2542

  • Loading branch information...
commit ea0329f4e379f61c735bf399e23852c5601d8561 1 parent 5718d0d
fiedorow authored
Showing with 23 additions and 1 deletion.
  1. +23 −1 login/index.php
View
24 login/index.php
@@ -43,10 +43,32 @@
$frm = false;
+ $user = false;
if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,"username=guest")) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
$frm->username = "guest";
$frm->password = "guest";
+ } else if (!empty($SESSION->wantsurl) && $CFG->allowweblinktarget && preg_match('/username=([^&]+)\&clicktime=([^&]+)\&pwdauthentication=([^&]+)/',$SESSION->wantsurl,$target_matches)) {
+ //Handles the case of another Moodle site linking into a page on this site
+ $username = urldecode($target_matches[1]);
+ $clicktime = urldecode($target_matches[2]);
+ $pwdauthentication = urldecode($target_matches[3]);
+ $user = get_user_info_from_db("username", $username);
+ if ($user) {
+ $currentTime = time();
+ //guards against replay attacks
+ if (($currentTime < $clicktime) || ($currentTime - $clicktime>60)) {
+ $pwdauthentication = '';
+ }
+ if ((md5($username . $clicktime . $user->password) != $pwdauthentication)|| ($user->auth == 'disabled')) {
+ $user = false;
+ }
+ }
+ if ($user) {
+ $frm->username = $username;
+ } else {
+ $frm = data_submitted();
+ }
} else {
$frm = data_submitted();
}
@@ -62,7 +84,7 @@
if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
$user = false; /// Can't log in as guest if guest button is disabled
$frm = false;
- } else {
+ } else if (!$user) {
$user = authenticate_user_login($frm->username, $frm->password);
}
update_login_count();
Please sign in to comment.
Something went wrong with that request. Please try again.