mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
SetCryptKey() use APP_SALT
This way the key is something the server has and something the user knows. So that both can revoke the key validity.
This commit is contained in:
parent
0de87e334c
commit
9b0f9be23c
2 changed files with 3 additions and 3 deletions
|
|
@ -160,7 +160,7 @@ abstract class Account implements \JsonSerializable
|
||||||
bool $bThrowException = false): ?self
|
bool $bThrowException = false): ?self
|
||||||
{
|
{
|
||||||
$oAccount = null;
|
$oAccount = null;
|
||||||
if (\strlen($sEmail) && \strlen($sLogin) && \strlen($sPassword)) {
|
if ($sEmail && $sLogin && $sPassword) {
|
||||||
$oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true);
|
$oDomain = $oActions->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($sEmail), true);
|
||||||
if ($oDomain) {
|
if ($oDomain) {
|
||||||
if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) {
|
if ($oDomain->ValidateWhiteList($sEmail, $sLogin)) {
|
||||||
|
|
|
||||||
|
|
@ -15,13 +15,13 @@ class MainAccount extends Account
|
||||||
public function CryptKey() : string
|
public function CryptKey() : string
|
||||||
{
|
{
|
||||||
if (!$this->sCryptKey) {
|
if (!$this->sCryptKey) {
|
||||||
$this->SetCryptKey($this->IncPassword() ?: APP_SALT);
|
$this->SetCryptKey($this->IncPassword());
|
||||||
}
|
}
|
||||||
return $this->sCryptKey;
|
return $this->sCryptKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function SetCryptKey(string $sKey) : void
|
public function SetCryptKey(string $sKey) : void
|
||||||
{
|
{
|
||||||
$this->sCryptKey = \sha1($sKey, true);
|
$this->sCryptKey = \sha1($sKey . APP_SALT, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue