Ahha! Fixed it!
I am both happy and humbled to say that I have found what turns out to be (don't they all?) the simple fix for the secure password lookup mod.
Seems Carol's currently published mod is missing a few lines in the subroutine change_password.
After
next PASS if ($pass =~ /^$/); # Skip blank lines.
chomp ($pass);
($userid, $pw, @rest) = split (/:/, $pass);
if ($userid eq $db_userid) {
$found = $pass;
unless (crypt($in{'old'}, $pw) eq $pw) {
$message = "old password is incorrect";
}
}
but BEFORE the next closing curly brace, you need to add
$output .= $pass . "\n";
}
This does the trick.
I've posted the complete sub change_password at
http://www.canopydigital.com/fixed-mod/sub-change_password-FIXED.pl.txt
in case anyone can benefit from having the whole subroutine.
I guess I ought to let Carol know so she can fix her mod on her site. She progammed the mod correctly, because she explained it correctly to fharris in a post I mentioned in a prior message.
It was probably just a copy/paste error when she rewrote the mod to incorporate what fharris wanted.
Whew! Crushing your head to find a small typo like that IS humbling. I'm glad I could contribute something, anyway, to Carol's excellent mod!
[This message has been edited by Glen Payne (edited September 17, 1999).]
I am both happy and humbled to say that I have found what turns out to be (don't they all?) the simple fix for the secure password lookup mod.
Seems Carol's currently published mod is missing a few lines in the subroutine change_password.
After
Code:
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match.. next PASS if ($pass =~ /^$/); # Skip blank lines.
chomp ($pass);
($userid, $pw, @rest) = split (/:/, $pass);
if ($userid eq $db_userid) {
$found = $pass;
unless (crypt($in{'old'}, $pw) eq $pw) {
$message = "old password is incorrect";
}
}
but BEFORE the next closing curly brace, you need to add
Code:
else { $output .= $pass . "\n";
}
This does the trick.
I've posted the complete sub change_password at
http://www.canopydigital.com/fixed-mod/sub-change_password-FIXED.pl.txt
in case anyone can benefit from having the whole subroutine.
I guess I ought to let Carol know so she can fix her mod on her site. She progammed the mod correctly, because she explained it correctly to fharris in a post I mentioned in a prior message.
It was probably just a copy/paste error when she rewrote the mod to incorporate what fharris wanted.
Whew! Crushing your head to find a small typo like that IS humbling. I'm glad I could contribute something, anyway, to Carol's excellent mod!
[This message has been edited by Glen Payne (edited September 17, 1999).]
