From 2471d3a979d00e0cecca64e0d5889ca40c02c5fe Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 16 May 2009 13:01:49 +0000
Subject: - Added possibility to encrypt received header, option
 'http_received_header_encrypt',   added some more logic in encrypt/decrypt
 functions for security

---
 plugins/sasl_password/sasl_password.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'plugins/sasl_password/sasl_password.php')

diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php
index 3a23557e9..ed1624e71 100644
--- a/plugins/sasl_password/sasl_password.php
+++ b/plugins/sasl_password/sasl_password.php
@@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+      if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($this->_save($newpwd)) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       }
       else {
         $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');
-- 
cgit v1.2.3