summaryrefslogtreecommitdiff
path: root/program/lib
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-11-26 10:27:19 +0100
committerAleksander Machniak <alec@alec.pl>2012-11-26 10:27:19 +0100
commit5b06e24265ca9dfcb9ced320b8f78716372fcc56 (patch)
treecf6401da057b53ba42c4f51045f35bc6962a4f79 /program/lib
parent789e5988aaebb78d368b137b98169ec1e616159c (diff)
Cleaner way of handling user password in framework-based programs with no session
Diffstat (limited to 'program/lib')
-rw-r--r--program/lib/Roundcube/rcube.php16
-rw-r--r--program/lib/Roundcube/rcube_ldap.php2
-rw-r--r--program/lib/Roundcube/rcube_smtp.php4
3 files changed, 19 insertions, 3 deletions
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 27e10a918..c798465ed 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -1220,6 +1220,22 @@ class rcube
return $this->user->get_username('mail');
}
}
+
+
+ /**
+ * Getter for logged user password.
+ *
+ * @return string User password
+ */
+ public function get_user_password()
+ {
+ if ($this->password) {
+ return $this->password;
+ }
+ else if ($_SESSION['password']) {
+ return $this->decrypt($_SESSION['password']);
+ }
+ }
}
diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php
index e3ba8c29f..c9a14d863 100644
--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -269,7 +269,7 @@ class rcube_ldap extends rcube_addressbook
if ($this->prop['user_specific']) {
// No password set, use the session password
if (empty($bind_pass)) {
- $bind_pass = $rcube->decrypt($_SESSION['password']);
+ $bind_pass = $rcube->get_user_password();
}
// Get the pieces needed for variable replacement.
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index 490ea8ad6..96534c0b8 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -135,8 +135,8 @@ class rcube_smtp
$this->conn->setTimeout($timeout);
}
- $smtp_user = str_replace('%u', $_SESSION['username'], $CONFIG['smtp_user']);
- $smtp_pass = str_replace('%p', $rcube->decrypt($_SESSION['password']), $CONFIG['smtp_pass']);
+ $smtp_user = str_replace('%u', $rcube->get_user_name(), $CONFIG['smtp_user']);
+ $smtp_pass = str_replace('%p', $rcube->get_user_password(), $CONFIG['smtp_pass']);
$smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type'];
if (!empty($CONFIG['smtp_auth_cid'])) {