How can I get hold of the current logged-in user’s plaintext password in the following file of Sabre DAV library?
JavaScript
x
https://github.com/sabre-io/dav/tree/master/lib/CardDAV/Backendin Baikal, this file is at:baikalvendorsabredavlibCardDAVBackendPDO.phpJavaScript
<?phpdeclare(strict_types=1);namespace SabreCardDAVBackend;use SabreCardDAV;use SabreDAV;use SabreDAVPropPatch;/** * PDO CardDAV backend. * * This CardDAV backend uses PDO to store addressbooks * * @copyright Copyright (C) fruux GmbH (https://fruux.com/) * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */class PDO extends AbstractBackend implements SyncSupport}Advertisement
Answer
For Basic Authentication, the file is this:
baikalCoreFrameworksBaikalCorePDOBasicAuth.php
plain password is at the validateUserPass function and it can be stored at a global var (or in the session as mentioned in the comments of the question):
JavaScript
function validateUserPass($username, $password) { global $ptp; $stmt = $this->pdo->prepare('SELECT username, digesta1 FROM ' . $this->tableName . ' WHERE username = ?'); $stmt->execute([$username]); $result = $stmt->fetchAll(); if (!count($result)) { return false; } $hash = md5($username . ':' . $this->authRealm . ':' . $password); if ($result[0]['digesta1'] === $hash) { $this->currentUser = $username; $ptp = $password; return true; } return false; }}Then, at the baikalvendorsabredavlibCardDAVBackendPDO.php file, the value of the $ptp var can be retrieved using global $ptp;