I am looking over the .php files to try to figure out how exactly SquirrelMail handles passwords.
Anway from what i have seen in the php files it appears the value $key is populated by a cookie which is obtained from the password field in login.php
I tried echoing the $key and it is the exact contents
of the cookie itself. It appears to be garbage or
perhaps an encrypted password.
Of course it is encrypted.
I also see $password and $pass mentioned along with
$username, $user in situations where it appears to be
sending login info to the imap or smtp server (in
auth.php and Deliver_SMTP.class.php for example).
I insert a line where it echos those variables to a file and I get nothing.
You probably forgot:
global $username;
How is the password being passed? Is there another function being used to translate the $key into $pass or something like that?
Please read src/redirect.php. You'll see around line 70 that the encrypted key is saved in a user cookie, and the encryption key is stored on the server in the user's session. There are custom functions that can decrypt the password if needed, but unless you are changing it, you should never decrypt it. See most any of the password plugins for examples of how to work with the password in such a way.
- paul
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
