From 4e67974713aed9b86a1ff4163d28d3957ccba2ef Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Sat, 16 May 2009 13:01:49 +0000
Subject: - Added possibility to encrypt received header, option
 'http_received_header_encrypt',   added some more logic in encrypt/decrypt
 functions for security

git-svn-id: https://svn.roundcube.net/trunk@2491 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/plugins/sasl_password/sasl_password.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roundcubemail/plugins/sasl_password')

diff --git a/roundcubemail/plugins/sasl_password/sasl_password.php b/roundcubemail/plugins/sasl_password/sasl_password.php
index 3a23557e9..ed1624e71 100644
--- a/roundcubemail/plugins/sasl_password/sasl_password.php
+++ b/roundcubemail/plugins/sasl_password/sasl_password.php
@@ -51,12 +51,12 @@ class sasl_password extends rcube_plugin
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
 
-      if ($_SESSION['password'] != $rcmail->encrypt_passwd($curpwd)) {
+      if ($rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($this->_save($newpwd)) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-        $_SESSION['password'] = $rcmail->encrypt_passwd($newpwd);
+        $_SESSION['password'] = $rcmail->encrypt($newpwd);
       }
       else {
         $rcmail->output->command('display_message', $this->gettext('errorsaving'), 'error');
-- 
cgit v1.2.3