Merge branch 'wip-MDL-31248-master-v3' of git://github.com/abgreeve/moodle

2025-01-19 06:18:28 +01:00 · 2012-03-09 09:44:30 +01:00 · 2012-03-09 09:44:30 +01:00 · e45cad3e5e
commit e45cad3e5e
parent a0808e8eda 40fe364713
2 changed files with 39 additions and 15 deletions
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -7383,27 +7383,51 @@ class emoticon_manager {
 /**
 * rc4encrypt
 *
- * @todo Finish documenting this function
+ * Please note that in this version of moodle that the default for rc4encryption is
+ * using the slightly more secure password key. There may be an issue when upgrading
+ * from an older version of moodle.
 *
- * @param string $data Data to encrypt
- * @return string The now encrypted data
+ * @todo MDL-31836 Remove the old password key in version 2.4
+ * Code also needs to be changed in sessionlib.php
+ * @see get_moodle_cookie()
+ * @see set_moodle_cookie()
+ *
+ * @param string $data        Data to encrypt.
+ * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
+ * @return string             The now encrypted data.
 */
-function rc4encrypt($data) {
-    $password = get_site_identifier();
-    return endecrypt($password, $data, '');
+function rc4encrypt($data, $usesecurekey = true) {
+    if (!$usesecurekey) {
+        $passwordkey = 'nfgjeingjk';
+    } else {
+        $passwordkey = get_site_identifier();
+    }
+    return endecrypt($passwordkey, $data, '');
 }

 /**
 * rc4decrypt
 *
- * @todo Finish documenting this function
+ * Please note that in this version of moodle that the default for rc4encryption is
+ * using the slightly more secure password key. There may be an issue when upgrading
+ * from an older version of moodle.
 *
- * @param string $data Data to decrypt
- * @return string The now decrypted data
+ * @todo MDL-31836 Remove the old password key in version 2.4
+ * Code also needs to be changed in sessionlib.php
+ * @see get_moodle_cookie()
+ * @see set_moodle_cookie()
+ *
+ * @param string $data        Data to decrypt.
+ * @param bool $usesecurekey  Lets us know if we are using the old or new secure password key.
+ * @return string             The now decrypted data.
 */
-function rc4decrypt($data) {
-    $password = get_site_identifier();
-    return endecrypt($password, $data, 'de');
+function rc4decrypt($data, $usesecurekey = true) {
+    if (!$usesecurekey) {
+        $passwordkey = 'nfgjeingjk';
+    } else {
+        $passwordkey = get_site_identifier();
+    }
+    return endecrypt($passwordkey, $data, 'de');
 }

 /**
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@ -1016,7 +1016,7 @@ function set_moodle_cookie($username) {
        return;
    }

-    $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+    $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;

    // delete old cookie
    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
@ -1043,7 +1043,7 @@ function get_moodle_cookie() {
        return '';
    }

-    $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
+    $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;

    if (empty($_COOKIE[$cookiename])) {
        return '';
@ -1051,7 +1051,7 @@ function get_moodle_cookie() {
        $username = rc4decrypt($_COOKIE[$cookiename]);
        if ($username === 'guest' or $username === 'nobody') {
            // backwards compatibility - we do not set these cookies any more
-            return '';
+            $username = '';
        }
        return $username;
    }