From 381ba3190e80164e6b477217c9b688324ac3b1c0 Mon Sep 17 00:00:00 2001 From: tokul Date: Sun, 4 Dec 2005 08:57:30 +0000 Subject: [PATCH] use sqsetcookie instead of setcookie. return OTP encrypted password key. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10429 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/auth.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/functions/auth.php b/functions/auth.php index 493ddcd9..5b75a4f2 100644 --- a/functions/auth.php +++ b/functions/auth.php @@ -130,9 +130,13 @@ function sqauth_read_password() { * in authentication system used by IMAP server. * * Function must be called before any html output started. Direct access - * to password information is deprecated. + * to password information is deprecated. Saved password information is + * available only to next executed SquirrelMail script. If your script needs + * access to saved password after sqauth_save_password() call, use returned + * OTP encrypted key. * @param string $pass password - * @return void + * @return string password encrypted with OTP. In case script wants to access + * password information before reloading page. * @since 1.5.1 */ function sqauth_save_password($pass) { @@ -141,7 +145,8 @@ function sqauth_save_password($pass) { $onetimepad = OneTimePadCreate(strlen($pass)); sqsession_register($onetimepad,'onetimepad'); $key = OneTimePadEncrypt($pass, $onetimepad); - setcookie('key', $key, 0, $base_uri); + sqsetcookie('key', $key, false, $base_uri); + return $key; } /** -- 2.25.1