From 1a33f699b263e647f0b4c053165b1ef255d8a563 Mon Sep 17 00:00:00 2001 From: defacer Date: Wed, 12 Jan 2005 11:40:46 +0000 Subject: [PATCH] Merging fix for bug 2264 & improvements from MOODLE_14_STABLE --- admin/user.php | 2 +- blocks/admin/block_admin.php | 2 +- lib/moodlelib.php | 21 ++++++++++++++++++--- login/index.php | 8 ++++---- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/admin/user.php b/admin/user.php index e857cca0593..876d986f7c3 100644 --- a/admin/user.php +++ b/admin/user.php @@ -62,12 +62,12 @@ $USER = $user; $USER->loggedin = true; - $USER->sesskey = random_string(10); // for added security, used to check script parameters $USER->sessionIP = md5(getremoteaddr()); // Store the current IP in the session $USER->site = $CFG->wwwroot; $USER->admin = true; $USER->teacher["$site->id"] = true; $USER->newadminuser = true; + set_user_sesskey(); // for added security, used to check script parameters redirect("$CFG->wwwroot/user/edit.php?id=$user->id&course=$site->id"); exit; diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php index cb9747cde2c..87e25480a94 100644 --- a/blocks/admin/block_admin.php +++ b/blocks/admin/block_admin.php @@ -48,7 +48,7 @@ class block_admin extends block_base { } if (iscreator()) { - $this->content->items[] = ''.get_string('courses').''; + $this->content->items[] = ''.get_string('courses').''; $this->content->icons[] = ''; } diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 78966e09551..9a7b27a809e 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -793,6 +793,23 @@ function get_user_timezone($tz = 99) { /// USER AUTHENTICATION AND LOGIN //////////////////////////////////////// +// Makes sure that $USER->sesskey exists, if $USER itself exists. It sets a new sesskey +// if one does not already exist, but does not overwrite existing sesskeys. Returns the +// sesskey string if $USER exists, or boolean false if not. +function set_user_sesskey() { + global $USER; + + if(!isset($USER)) { + return false; + } + + if (empty($USER->sesskey)) { + $USER->sesskey = random_string(10); + } + + return $USER->sesskey; +} + /** * This function checks that the current user is logged in, and optionally * whether they are "logged in" or allowed to be in a particular course. @@ -863,9 +880,7 @@ function require_login($courseid=0, $autologinguest=true) { } // Make sure the USER has a sesskey set up. Used for checking script parameters. - if (empty($USER->sesskey)) { - $USER->sesskey = random_string(10); - } + set_user_sesskey(); // Check that the user has agreed to a site policy if there is one if (!empty($CFG->sitepolicy)) { diff --git a/login/index.php b/login/index.php index 0a1c4ab106a..b35ba4e7923 100644 --- a/login/index.php +++ b/login/index.php @@ -78,12 +78,12 @@ $USER = $user; if (!empty($USER->description)) { - $USER->description = true; // No need to cart all of it around + $USER->description = true; // No need to cart all of it around } $USER->loggedin = true; - $USER->site = $CFG->wwwroot; // for added security, store the site in the session - $USER->sesskey = random_string(10); // for added security, used to check script parameters - + $USER->site = $CFG->wwwroot; // for added security, store the site in the session + set_user_sesskey(); // for added security, used to check script parameters + if ($USER->username == "guest") { $USER->lang = $CFG->lang; // Guest language always same as site $USER->firstname = get_string("guestuser"); // Name always in current language