diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-11-26 10:27:19 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-11-26 10:27:19 +0100 |
| commit | 5b06e24265ca9dfcb9ced320b8f78716372fcc56 (patch) | |
| tree | cf6401da057b53ba42c4f51045f35bc6962a4f79 /program | |
| parent | 789e5988aaebb78d368b137b98169ec1e616159c (diff) | |
Cleaner way of handling user password in framework-based programs with no session
Diffstat (limited to 'program')
| -rw-r--r-- | program/lib/Roundcube/rcube.php | 16 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_ldap.php | 2 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_smtp.php | 4 |
3 files changed, 19 insertions, 3 deletions
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 27e10a918..c798465ed 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -1220,6 +1220,22 @@ class rcube return $this->user->get_username('mail'); } } + + + /** + * Getter for logged user password. + * + * @return string User password + */ + public function get_user_password() + { + if ($this->password) { + return $this->password; + } + else if ($_SESSION['password']) { + return $this->decrypt($_SESSION['password']); + } + } } diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php index e3ba8c29f..c9a14d863 100644 --- a/program/lib/Roundcube/rcube_ldap.php +++ b/program/lib/Roundcube/rcube_ldap.php @@ -269,7 +269,7 @@ class rcube_ldap extends rcube_addressbook if ($this->prop['user_specific']) { // No password set, use the session password if (empty($bind_pass)) { - $bind_pass = $rcube->decrypt($_SESSION['password']); + $bind_pass = $rcube->get_user_password(); } // Get the pieces needed for variable replacement. diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php index 490ea8ad6..96534c0b8 100644 --- a/program/lib/Roundcube/rcube_smtp.php +++ b/program/lib/Roundcube/rcube_smtp.php @@ -135,8 +135,8 @@ class rcube_smtp $this->conn->setTimeout($timeout); } - $smtp_user = str_replace('%u', $_SESSION['username'], $CONFIG['smtp_user']); - $smtp_pass = str_replace('%p', $rcube->decrypt($_SESSION['password']), $CONFIG['smtp_pass']); + $smtp_user = str_replace('%u', $rcube->get_user_name(), $CONFIG['smtp_user']); + $smtp_pass = str_replace('%p', $rcube->get_user_password(), $CONFIG['smtp_pass']); $smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type']; if (!empty($CONFIG['smtp_auth_cid'])) { |