Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'wip-MDL-31248-MOODLE_21_STABLE-v3' of git://github.com/…

…abgreeve/moodle into MOODLE_21_STABLE
  • Loading branch information...
commit f03c2cb038bc3eb00d451828fabc575e9bbc3971 2 parents f852a52 + 6aadec8
@stronk7 stronk7 authored
Showing with 25 additions and 15 deletions.
  1. +20 −10 lib/moodlelib.php
  2. +5 −5 lib/sessionlib.php
View
30 lib/moodlelib.php
@@ -6852,12 +6852,17 @@ protected function prepare_emoticon_object($text, $imagename, $altidentifier = n
*
* @todo Finish documenting this function
*
- * @param string $data Data to encrypt
- * @return string The now encrypted data
+ * @param string $data Data to encrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now encrypted data.
*/
-function rc4encrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, '');
+function rc4encrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, '');
}
/**
@@ -6865,12 +6870,17 @@ function rc4encrypt($data) {
*
* @todo Finish documenting this function
*
- * @param string $data Data to decrypt
- * @return string The now decrypted data
+ * @param string $data Data to decrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now decrypted data.
*/
-function rc4decrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, 'de');
+function rc4decrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, 'de');
}
/**
View
10 lib/sessionlib.php
@@ -821,14 +821,14 @@ function set_moodle_cookie($username) {
return;
}
- $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+ $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
// delete old cookie
setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
if ($username !== '') {
// set username cookie for 60 days
- setcookie($cookiename, rc4encrypt($username), time()+(DAYSECS*60), $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
+ setcookie($cookiename, rc4encrypt($username, true), time()+(DAYSECS*60), $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
}
}
@@ -844,15 +844,15 @@ function get_moodle_cookie() {
return '';
}
- $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+ $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
- $username = rc4decrypt($_COOKIE[$cookiename]);
+ $username = rc4decrypt($_COOKIE[$cookiename], true);
if ($username === 'guest' or $username === 'nobody') {
// backwards compatibility - we do not set these cookies any more
- return '';
+ $username = '';
}
return $username;
}
Please sign in to comment.
Something went wrong with that request. Please try again.