diff options
author | alecpl <alec@alec.pl> | 2009-05-16 13:01:49 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2009-05-16 13:01:49 +0000 |
commit | 2471d3a979d00e0cecca64e0d5889ca40c02c5fe (patch) | |
tree | 80a707b81bfba636d004107f5c04a59a3a0eebf7 /plugins | |
parent | 34ee9e7498f84394bfc7d5a4a845720aed8e0b2f (diff) |
- Added possibility to encrypt received header, option 'http_received_header_encrypt',
added some more logic in encrypt/decrypt functions for security
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/password/password.php | 19 | ||||
-rw-r--r-- | plugins/sasl_password/sasl_password.php | 4 |
2 files changed, 11 insertions, 12 deletions
diff --git a/plugins/password/password.php b/plugins/password/password.php index 75befc0d1..0920c32f8 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -7,7 +7,7 @@ * (Settings -> Password tab) * * @version 1.1 - * @author Aleksander 'A.L.E.C' Machniak + * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> * @editor Daniel Black * * Configuration Items (config/main.inc.php): @@ -113,11 +113,11 @@ class password extends rcube_plugin $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - if ($confirm && $_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) + if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); - $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd); + $_SESSION['password'] = $rcmail->encrypt($newpwd); } else $rcmail->output->command('display_message', $res, 'error'); } @@ -147,14 +147,11 @@ class password extends rcube_plugin // return the complete edit form as table $out = '<table' . $attrib_str . ">\n\n"; - $a_show_cols = array('newpasswd' => array('type' => 'text'), - 'confpasswd' => array('type' => 'text')); - if ($confirm) { - $a_show_cols['curpasswd'] = array('type' => 'text'); // show current password selection $field_id = 'curpasswd'; - $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, 'size' => 20)); + $input_newpasswd = new html_passwordfield(array('name' => '_curpasswd', 'id' => $field_id, + 'size' => 20, 'autocomplete' => 'off')); $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n", $field_id, @@ -164,7 +161,8 @@ class password extends rcube_plugin // show new password selection $field_id = 'newpasswd'; - $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, 'size' => 20)); + $input_newpasswd = new html_passwordfield(array('name' => '_newpasswd', 'id' => $field_id, + 'size' => 20, 'autocomplete' => 'off')); $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n", $field_id, @@ -173,7 +171,8 @@ class password extends rcube_plugin // show confirm password selection $field_id = 'confpasswd'; - $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, 'size' => 20)); + $input_confpasswd = new html_passwordfield(array('name' => '_confpasswd', 'id' => $field_id, + 'size' => 20, 'autocomplete' => 'off')); $out .= sprintf("<tr><td class=\"title\"><label for=\"%s\">%s</label></td><td>%s</td></tr>\n", $field_id, diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php index 3a23557e9..ed1624e71 100644 --- a/plugins/sasl_password/sasl_password.php +++ b/plugins/sasl_password/sasl_password.php @@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) { + if ($rcmail->decrypt($_SESSION['password']) != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); } else if ($this->_save($newpwd)) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); - $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd); + $_SESSION['password'] = $rcmail->encrypt($newpwd); } else { $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error'); |