diff --git a/admin/user.php b/admin/user.php
index e857cca0593..876d986f7c3 100644
--- a/admin/user.php
+++ b/admin/user.php
@@ -62,12 +62,12 @@
$USER = $user;
$USER->loggedin = true;
- $USER->sesskey = random_string(10); // for added security, used to check script parameters
$USER->sessionIP = md5(getremoteaddr()); // Store the current IP in the session
$USER->site = $CFG->wwwroot;
$USER->admin = true;
$USER->teacher["$site->id"] = true;
$USER->newadminuser = true;
+ set_user_sesskey(); // for added security, used to check script parameters
redirect("$CFG->wwwroot/user/edit.php?id=$user->id&course=$site->id");
exit;
diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php
index cb9747cde2c..87e25480a94 100644
--- a/blocks/admin/block_admin.php
+++ b/blocks/admin/block_admin.php
@@ -48,7 +48,7 @@ class block_admin extends block_base {
}
if (iscreator()) {
- $this->content->items[] = ''.get_string('courses').'';
+ $this->content->items[] = ''.get_string('courses').'';
$this->content->icons[] = '
';
}
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 78966e09551..9a7b27a809e 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -793,6 +793,23 @@ function get_user_timezone($tz = 99) {
/// USER AUTHENTICATION AND LOGIN ////////////////////////////////////////
+// Makes sure that $USER->sesskey exists, if $USER itself exists. It sets a new sesskey
+// if one does not already exist, but does not overwrite existing sesskeys. Returns the
+// sesskey string if $USER exists, or boolean false if not.
+function set_user_sesskey() {
+ global $USER;
+
+ if(!isset($USER)) {
+ return false;
+ }
+
+ if (empty($USER->sesskey)) {
+ $USER->sesskey = random_string(10);
+ }
+
+ return $USER->sesskey;
+}
+
/**
* This function checks that the current user is logged in, and optionally
* whether they are "logged in" or allowed to be in a particular course.
@@ -863,9 +880,7 @@ function require_login($courseid=0, $autologinguest=true) {
}
// Make sure the USER has a sesskey set up. Used for checking script parameters.
- if (empty($USER->sesskey)) {
- $USER->sesskey = random_string(10);
- }
+ set_user_sesskey();
// Check that the user has agreed to a site policy if there is one
if (!empty($CFG->sitepolicy)) {
diff --git a/login/index.php b/login/index.php
index 0a1c4ab106a..b35ba4e7923 100644
--- a/login/index.php
+++ b/login/index.php
@@ -78,12 +78,12 @@
$USER = $user;
if (!empty($USER->description)) {
- $USER->description = true; // No need to cart all of it around
+ $USER->description = true; // No need to cart all of it around
}
$USER->loggedin = true;
- $USER->site = $CFG->wwwroot; // for added security, store the site in the session
- $USER->sesskey = random_string(10); // for added security, used to check script parameters
-
+ $USER->site = $CFG->wwwroot; // for added security, store the site in the session
+ set_user_sesskey(); // for added security, used to check script parameters
+
if ($USER->username == "guest") {
$USER->lang = $CFG->lang; // Guest language always same as site
$USER->firstname = get_string("guestuser"); // Name always in current language