From 1a33f699b263e647f0b4c053165b1ef255d8a563 Mon Sep 17 00:00:00 2001
From: defacer <defacer>
Date: Wed, 12 Jan 2005 11:40:46 +0000
Subject: [PATCH] Merging fix for bug 2264 & improvements from MOODLE_14_STABLE
---
admin/user.php | 2 +-
blocks/admin/block_admin.php | 2 +-
lib/moodlelib.php | 21 ++++++++++++++++++---
login/index.php | 8 ++++----
4 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/admin/user.php b/admin/user.php
index e857cca059..876d986f7c 100644
--- a/admin/user.php
+++ b/admin/user.php
@@ -62,12 +62,12 @@
$USER = $user;
$USER->loggedin = true;
- $USER->sesskey = random_string(10); // for added security, used to check script parameters
$USER->sessionIP = md5(getremoteaddr()); // Store the current IP in the session
$USER->site = $CFG->wwwroot;
$USER->admin = true;
$USER->teacher["$site->id"] = true;
$USER->newadminuser = true;
+ set_user_sesskey(); // for added security, used to check script parameters
redirect("$CFG->wwwroot/user/edit.php?id=$user->id&course=$site->id");
exit;
diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php
index cb9747cde2..87e25480a9 100644
--- a/blocks/admin/block_admin.php
+++ b/blocks/admin/block_admin.php
@@ -48,7 +48,7 @@ class block_admin extends block_base {
}
if (iscreator()) {
- $this->content->items[] = '<a href="'.$CFG->wwwroot.'/course/index.php?edit=on&sesskey='.$USER->sesskey.'">'.get_string('courses').'</a>';
+ $this->content->items[] = '<a href="'.$CFG->wwwroot.'/course/index.php?edit=on&sesskey='.set_user_sesskey().'">'.get_string('courses').'</a>';
$this->content->icons[] = '<img src="'.$CFG->pixpath.'/i/course.gif" height="16" width="16" alt="" />';
}
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 78966e0955..9a7b27a809 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -793,6 +793,23 @@ function get_user_timezone($tz = 99) {
/// USER AUTHENTICATION AND LOGIN ////////////////////////////////////////
+// Makes sure that $USER->sesskey exists, if $USER itself exists. It sets a new sesskey
+// if one does not already exist, but does not overwrite existing sesskeys. Returns the
+// sesskey string if $USER exists, or boolean false if not.
+function set_user_sesskey() {
+ global $USER;
+
+ if(!isset($USER)) {
+ return false;
+ }
+
+ if (empty($USER->sesskey)) {
+ $USER->sesskey = random_string(10);
+ }
+
+ return $USER->sesskey;
+}
+
/**
* This function checks that the current user is logged in, and optionally
* whether they are "logged in" or allowed to be in a particular course.
@@ -863,9 +880,7 @@ function require_login($courseid=0, $autologinguest=true) {
}
// Make sure the USER has a sesskey set up. Used for checking script parameters.
- if (empty($USER->sesskey)) {
- $USER->sesskey = random_string(10);
- }
+ set_user_sesskey();
// Check that the user has agreed to a site policy if there is one
if (!empty($CFG->sitepolicy)) {
diff --git a/login/index.php b/login/index.php
index 0a1c4ab106..b35ba4e792 100644
--- a/login/index.php
+++ b/login/index.php
@@ -78,12 +78,12 @@
$USER = $user;
if (!empty($USER->description)) {
- $USER->description = true; // No need to cart all of it around
+ $USER->description = true; // No need to cart all of it around
}
$USER->loggedin = true;
- $USER->site = $CFG->wwwroot; // for added security, store the site in the session
- $USER->sesskey = random_string(10); // for added security, used to check script parameters
-
+ $USER->site = $CFG->wwwroot; // for added security, store the site in the session
+ set_user_sesskey(); // for added security, used to check script parameters
+
if ($USER->username == "guest") {
$USER->lang = $CFG->lang; // Guest language always same as site
$USER->firstname = get_string("guestuser"); // Name always in current language
--
2.39.5