From 5b06e24265ca9dfcb9ced320b8f78716372fcc56 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 26 Nov 2012 04:27:19 -0500
Subject: [PATCH] Cleaner way of handling user password in framework-based programs with no session

---
 program/lib/Roundcube/rcube.php      |   16 ++++++++++++++++
 program/lib/Roundcube/rcube_smtp.php |    4 ++--
 program/lib/Roundcube/rcube_ldap.php |    2 +-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 27e10a9..c798465 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -1220,6 +1220,22 @@
             return $this->user->get_username('mail');
         }
     }
+
+
+    /**
+     * Getter for logged user password.
+     *
+     * @return string User password
+     */
+    public function get_user_password()
+    {
+        if ($this->password) {
+            return $this->password;
+        }
+        else if ($_SESSION['password']) {
+            return $this->decrypt($_SESSION['password']);
+        }
+    }
 }
 
 
diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php
index e3ba8c2..c9a14d8 100644
--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -269,7 +269,7 @@
         if ($this->prop['user_specific']) {
             // No password set, use the session password
             if (empty($bind_pass)) {
-                $bind_pass = $rcube->decrypt($_SESSION['password']);
+                $bind_pass = $rcube->get_user_password();
             }
 
             // Get the pieces needed for variable replacement.
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index 490ea8a..96534c0 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -135,8 +135,8 @@
       $this->conn->setTimeout($timeout);
     }
 
-    $smtp_user = str_replace('%u', $_SESSION['username'], $CONFIG['smtp_user']);
-    $smtp_pass = str_replace('%p', $rcube->decrypt($_SESSION['password']), $CONFIG['smtp_pass']);
+    $smtp_user = str_replace('%u', $rcube->get_user_name(), $CONFIG['smtp_user']);
+    $smtp_pass = str_replace('%p', $rcube->get_user_password(), $CONFIG['smtp_pass']);
     $smtp_auth_type = empty($CONFIG['smtp_auth_type']) ? NULL : $CONFIG['smtp_auth_type'];
 
     if (!empty($CONFIG['smtp_auth_cid'])) {

--
Gitblit v1.9.1