summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2009-05-16 13:01:49 +0000
committeralecpl <alec@alec.pl>2009-05-16 13:01:49 +0000
commit2471d3a979d00e0cecca64e0d5889ca40c02c5fe (patch)
tree80a707b81bfba636d004107f5c04a59a3a0eebf7 /plugins
parent34ee9e7498f84394bfc7d5a4a845720aed8e0b2f (diff)
- Added possibility to encrypt received header, option 'http_received_header_encrypt',
added some more logic in encrypt/decrypt functions for security
Diffstat (limited to 'plugins')
-rw-r--r--plugins/password/password.php19
-rw-r--r--plugins/sasl_password/sasl_password.php4
2 files changed, 11 insertions, 12 deletions
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 75befc0d1..0920c32f8 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -7,7 +7,7 @@
* (Settings -> Password tab)
*
* @version 1.1
- * @author Aleksander 'A.L.E.C' Machniak
+ * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl>
* @editor Daniel Black
*
* Configuration Items (config/main.inc.php):
@@ -113,11 +113,11 @@ class password extends rcube_plugin
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
- if ($confirm && $_SESSION['password'] != $rcmail->encrypt_passwd($curpwd))
+ if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd)
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
else if (!($res = $this->_save($curpwd,$newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
- $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+ $_SESSION['password'] = $rcmail->encrypt($newpwd);
} else
$rcmail->output->command('display_message', $res, 'error');
}
@@ -147,14 +147,11 @@ class password extends rcube_plugin
// return the complete edit form as table
$out = '<table' . $attrib_str . ">\n\n";
- $a_show_cols = array('newpasswd' => array('type' => 'text'),
- 'confpasswd' => array('type' => 'text'));
-
if ($confirm) {
- $a_show_cols['curpasswd'] = array('type' => 'text');
// show current password selection
$field_id = 'curpasswd';
- $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 20));
+ $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
@@ -164,7 +161,8 @@ class password extends rcube_plugin
// show new password selection
$field_id = 'newpasswd';
- $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 20));
+ $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
@@ -173,7 +171,8 @@ class password extends rcube_plugin
// show confirm password selection
$field_id = 'confpasswd';
- $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 20));
+ $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id,
+ 'size' => 20, 'autocomplete' => 'off'));
$out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n",
$field_id,
diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php
index 3a23557e9..ed1624e71 100644
--- a/plugins/sasl_password/sasl_password.php
+++ b/plugins/sasl_password/sasl_password.php
@@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin
$curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
- if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+ if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
}
else if ($this->_save($newpwd)) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
- $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+ $_SESSION['password'] = $rcmail->encrypt($newpwd);
}
else {
$rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');