diff options
| author | alecpl <alec@alec.pl> | 2009-05-16 13:01:49 +0000 |
|---|---|---|
| committer | alecpl <alec@alec.pl> | 2009-05-16 13:01:49 +0000 |
| commit | 2471d3a979d00e0cecca64e0d5889ca40c02c5fe (patch) | |
| tree | 80a707b81bfba636d004107f5c04a59a3a0eebf7 /plugins/sasl_password/sasl_password.php | |
| parent | 34ee9e7498f84394bfc7d5a4a845720aed8e0b2f (diff) | |
- Added possibility to encrypt received header, option 'http_received_header_encrypt',
added some more logic in encrypt/decrypt functions for security
Diffstat (limited to 'plugins/sasl_password/sasl_password.php')
| -rw-r--r-- | plugins/sasl_password/sasl_password.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php index 3a23557e9..ed1624e71 100644 --- a/plugins/sasl_password/sasl_password.php +++ b/plugins/sasl_password/sasl_password.php @@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) { + if ($rcmail->decrypt($_SESSION['password']) != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); } else if ($this->_save($newpwd)) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); - $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd); + $_SESSION['password'] = $rcmail->encrypt($newpwd); } else { $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error'); |