From 2471d3a979d00e0cecca64e0d5889ca40c02c5fe Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 16 May 2009 09:01:49 -0400
Subject: [PATCH] - Added possibility to encrypt received header, option 'http_received_header_encrypt',   added some more logic in encrypt/decrypt functions for security

---
 plugins/sasl_password/sasl_password.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/sasl_password/sasl_password.php b/plugins/sasl_password/sasl_password.php
index 3a23557..ed1624e 100644
--- a/plugins/sasl_password/sasl_password.php
+++ b/plugins/sasl_password/sasl_password.php
@@ -51,12 +51,12 @@
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+      if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($this->_save($newpwd)) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       }
       else {
         $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');

--
Gitblit v1.9.1