make sure we get the current password and login

1 files changed, 11 insertions, 3 deletions

diff --git a/src/srp_session.js b/src/srp_session.js
index b278993..cfeaadb 100644
--- a/src/srp_session.js
+++ b/src/srp_session.js
@@ -21,8 +21,8 @@ srp.Session = function(login, password) {
   var M = null;
   var M2 = null;
   var authenticated = false;
-  var I = login || document.getElementById("srp_username").value;
-  var pass = password || document.getElementById("srp_password").value;
+  var I = login;
+  var pass = password;
 
   // *** Accessor methods ***
 
@@ -57,9 +57,16 @@ srp.Session = function(login, password) {
 
   // Returns the user's identity
   this.getI = function() {
+    I = I || document.getElementById("srp_username").value;
     return I;
   };
 
+  // Returns the user's identity
+  this.getPass = function() {
+    pass = pass || document.getElementById("srp_password").value;
+    return pass;
+  };
+
   // some 16 byte random number
   this.getSalt = function() {
     return new BigInteger(64, rng).toString(16);
@@ -77,7 +84,8 @@ srp.Session = function(login, password) {
 
   // Calculates the X value and return it as a BigInteger
   this.calcX = function(salt) {
-    return new BigInteger(SHA256(hex2a(salt + SHA256(I + ":" + pass))), 16);
+    var inner = salt + SHA256(this.getI() + ":" + this.getPass())
+    return new BigInteger(SHA256(hex2a(inner)), 16);
   };
 
   this.getV = function(salt)