Revert "MDL-31248 - lib - Alteration to the rc4encrypt function to allow for old password use."

This reverts commit 6aa13eb36b79677a0a98058e048f74ed4b89f2e8.
2025-03-14 12:40:01 +01:00 · 2012-03-09 09:37:06 +01:00 · 2012-03-09 09:37:06 +01:00 · a0808e8eda
commit a0808e8eda
parent d395ad7042
2 changed files with 13 additions and 45 deletions
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -7383,51 +7383,27 @@ class emoticon_manager {
 /**
 * rc4encrypt
 *
- * Please note that in this version of moodle that the default for rc4encryption is
- * using the slightly more secure password key. There may be an issue when upgrading
- * from an older version of moodle.
+ * @todo Finish documenting this function
 *
- * @todo MDL-31836 Remove the old password key in version 2.4
- * Code also needs to be changed in sessionlib.php
- * @see get_moodle_cookie()
- * @see set_moodle_cookie()
- *
- * @param string $data        Data to encrypt.
- * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
- * @return string             The now encrypted data.
+ * @param string $data Data to encrypt
+ * @return string The now encrypted data
 */
-function rc4encrypt($data, $usesecurekey = true) {
-    if (!$usesecurekey) {
-        $passwordkey = 'nfgjeingjk';
-    } else {
-        $passwordkey = get_site_identifier();
-    }
-    return endecrypt($passwordkey, $data, '');
+function rc4encrypt($data) {
+    $password = get_site_identifier();
+    return endecrypt($password, $data, '');
 }

 /**
 * rc4decrypt
 *
- * Please note that in this version of moodle that the default for rc4encryption is
- * using the slightly more secure password key. There may be an issue when upgrading
- * from an older version of moodle.
+ * @todo Finish documenting this function
 *
- * @todo MDL-31836 Remove the old password key in version 2.4
- * Code also needs to be changed in sessionlib.php
- * @see get_moodle_cookie()
- * @see set_moodle_cookie()
- *
- * @param string $data        Data to decrypt.
- * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
- * @return string             The now decrypted data.
+ * @param string $data Data to decrypt
+ * @return string The now decrypted data
 */
-function rc4decrypt($data, $usesecurekey = true) {
-    if (!$usesecurekey) {
-        $passwordkey = 'nfgjeingjk';
-    } else {
-        $passwordkey = get_site_identifier();
-    }
-    return endecrypt($passwordkey, $data, 'de');
+function rc4decrypt($data) {
+    $password = get_site_identifier();
+    return endecrypt($password, $data, 'de');
 }

 /**
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@ -1049,17 +1049,9 @@ function get_moodle_cookie() {
        return '';
    } else {
        $username = rc4decrypt($_COOKIE[$cookiename]);
-        if ($username != clean_param($username, PARAM_USERNAME)) {
-            $username = rc4decrypt($_COOKIE[$cookiename], false);
-            if ($username == clean_param($username, PARAM_USERNAME)) {
-                set_moodle_cookie($username);
-            } else {
-                $username = '';
-            }
-        }
        if ($username === 'guest' or $username === 'nobody') {
            // backwards compatibility - we do not set these cookies any more
-            $username = '';
+            return '';
        }
        return $username;
    }