MDL-31248 - lib - Alteration to the rc4encrypt function to allow for …

…old password use.
moodle · Mar 8, 2012 · f8adbd6 · f8adbd6
1 parent 2c39e25
commit f8adbd6
Showing 1 changed file with 38 additions and 15 deletions.
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2747,7 +2747,7 @@ function set_moodle_cookie($thing) {
     $seconds = DAYSECS*$days;
 
     setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
-    setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
+    setCookie($cookiename, rc4encrypt($thing, true), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
 }
 
 /**
@@ -2764,8 +2764,23 @@ function get_moodle_cookie() {
     if (empty($_COOKIE[$cookiename])) {
         return '';
     } else {
-        $thing = rc4decrypt($_COOKIE[$cookiename]);
-        return ($thing == 'guest') ? '': $thing;  // Ignore guest account
+        $username = rc4decrypt($_COOKIE[$cookiename], true);
+        $username = moodle_strtolower($username);
+        $userdata = preg_replace('/[^-\.@_a-z0-9]/', '', $username);
+        if ($username != $userdata) {
+            $username = rc4decrypt($_COOKIE[$cookiename]);
+            $username = moodle_strtolower($username);
+            $userdata = preg_replace('/[^-\.@_a-z0-9]/', '', $username);
+            if ($userdata == $userdata) {
+                set_moodle_cookie($username);
+            } else {
+                $username = '';
+            }
+        }
+        if ($username == 'guest') {   // Ignore guest account
+                $username = '';
+        }
+        return $username;
     }
 }
 
@@ -6024,25 +6039,33 @@ function get_list_of_currencies() {
 /**
  * rc4encrypt
  *
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data        Data to encrypt.
+ * @param bool $usesecurekey  Lets us know if we are using the old or new password.
+ * @return string             The now encrypted data.
  */
-function rc4encrypt($data) {
-    $password = get_site_identifier();
-    return endecrypt($password, $data, '');
+function rc4encrypt($data, $usesecurekey = false) {
+    if (!$usesecurekey) {
+        $passwordkey = 'nfgjeingjk';
+    } else {
+        $passwordkey = get_site_identifier();
+    }
+    return endecrypt($passwordkey, $data, '');
 }
 
 /**
  * rc4decrypt
  *
- * @param string $data ?
- * @return string
- * @todo Finish documenting this function
+ * @param string $data        Data to decrypt.
+ * @param bool $usesecurekey  Lets us know if we are using the old or new password.
+ * @return string             The now decrypted data.
  */
-function rc4decrypt($data) {
-    $password = get_site_identifier();
-    return endecrypt($password, $data, 'de');
+function rc4decrypt($data, $usesecurekey = false) {
+    if (!$usesecurekey) {
+        $passwordkey = 'nfgjeingjk';
+    } else {
+        $passwordkey = get_site_identifier();
+    }
+    return endecrypt($passwordkey, $data, 'de');
 }
 
 /**