Cleaner way of handling user password in framework-based programs with no s...

Aleksander Machniak

2012-11-26 5b06e24265ca9dfcb9ced320b8f78716372fcc56

Cleaner way of handling user password in framework-based programs with no session

 program/lib/Roundcube/rcube.php

@@ -1220,6 +1220,22 @@
            return $this->user->get_username('mail');
        }
    }


    /**
     * Getter for logged user password.
     *
     * @return string User password
     */
    public function get_user_password()
    {
        if ($this->password) {
            return $this->password;
        }
        else if ($_SESSION['password']) {
            return $this->decrypt($_SESSION['password']);
        }
    }
}



 program/lib/Roundcube/rcube_ldap.php

@@ -269,7 +269,7 @@
        if ($this->prop['user_specific']) {
            // No password set, use the session password
            if (empty($bind_pass)) {
                $bind_pass = $rcube->decrypt($_SESSION['password']);
                $bind_pass = $rcube->get_user_password();
            }

            // Get the pieces needed for variable replacement.

 program/lib/Roundcube/rcube_smtp.php

@@ -135,8 +135,8 @@
      $this->conn->setTimeout($timeout);
    }

    $smtp_user = str_replace('%u', $_SESSION['username'], $CONFIG['smtp_user']);
    $smtp_pass = str_replace('%p', $rcube->decrypt($_SESSION['password']), $CONFIG['smtp_pass']);
    $smtp_user = str_replace('%u', $rcube->get_user_name(), $CONFIG['smtp_user']);
    $smtp_pass = str_replace('%p', $rcube->get_user_password(), $CONFIG['smtp_pass']);
    $smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type'];

    if (!empty($CONFIG['smtp_auth_cid'])) {