Permalink
Browse files

MDL-31248 - lib - Alteration to the rc4encrypt function to allow for …

…old password use.
  • Loading branch information...
1 parent 2c39e25 commit f8adbd6a02f69db3b267e50a27da15de4c76813b @abgreeve abgreeve committed Feb 28, 2012
Showing with 38 additions and 15 deletions.
  1. +38 −15 lib/moodlelib.php
View
@@ -2747,7 +2747,7 @@ function set_moodle_cookie($thing) {
$seconds = DAYSECS*$days;
setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
- setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
+ setCookie($cookiename, rc4encrypt($thing, true), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
/**
@@ -2764,8 +2764,23 @@ function get_moodle_cookie() {
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
- $thing = rc4decrypt($_COOKIE[$cookiename]);
- return ($thing == 'guest') ? '': $thing; // Ignore guest account
+ $username = rc4decrypt($_COOKIE[$cookiename], true);
+ $username = moodle_strtolower($username);
+ $userdata = preg_replace('/[^-\.@_a-z0-9]/', '', $username);
+ if ($username != $userdata) {
+ $username = rc4decrypt($_COOKIE[$cookiename]);
+ $username = moodle_strtolower($username);
+ $userdata = preg_replace('/[^-\.@_a-z0-9]/', '', $username);
+ if ($userdata == $userdata) {
+ set_moodle_cookie($username);
+ } else {
+ $username = '';
+ }
+ }
+ if ($username == 'guest') { // Ignore guest account
+ $username = '';
+ }
+ return $username;
}
}
@@ -6024,25 +6039,33 @@ function get_list_of_currencies() {
/**
* rc4encrypt
*
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data Data to encrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now encrypted data.
*/
-function rc4encrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, '');
+function rc4encrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, '');
}
/**
* rc4decrypt
*
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data Data to decrypt.
+ * @param bool $usesecurekey Lets us know if we are using the old or new password.
+ * @return string The now decrypted data.
*/
-function rc4decrypt($data) {
- $password = get_site_identifier();
- return endecrypt($password, $data, 'de');
+function rc4decrypt($data, $usesecurekey = false) {
+ if (!$usesecurekey) {
+ $passwordkey = 'nfgjeingjk';
+ } else {
+ $passwordkey = get_site_identifier();
+ }
+ return endecrypt($passwordkey, $data, 'de');
}
/**

0 comments on commit f8adbd6

Please sign in to comment.