mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-11 00:14:50 +03:00
SetCryptKey() use APP_SALT
This way the key is something the server has and something the user knows. So that both can revoke the key validity.
This commit is contained in:
parent
0de87e334c
commit
9b0f9be23c
2 changed files with 3 additions and 3 deletions
|
|
@ -160,7 +160,7 @@ abstract class Account implements \JsonSerializable
|
|||
bool $bThrowException = false): ?self
|
||||
{
|
||||
$oAccount = null;
|
||||
if (\strlen($sEmail) && \strlen($sLogin) && \strlen($sPassword)) {
|
||||
if ($sEmail && $sLogin && $sPassword) {
|
||||
$oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true);
|
||||
if ($oDomain) {
|
||||
if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) {
|
||||
|
|
|
|||
|
|
@ -15,13 +15,13 @@ class MainAccount extends Account
|
|||
public function CryptKey() : string
|
||||
{
|
||||
if (!$this->sCryptKey) {
|
||||
$this->SetCryptKey($this->IncPassword() ?: APP_SALT);
|
||||
$this->SetCryptKey($this->IncPassword());
|
||||
}
|
||||
return $this->sCryptKey;
|
||||
}
|
||||
|
||||
public function SetCryptKey(string $sKey) : void
|
||||
{
|
||||
$this->sCryptKey = \sha1($sKey, true);
|
||||
$this->sCryptKey = \sha1($sKey . APP_SALT, true);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue