I got and installed the new function that allows users to change their own passwords. The "html.pl" changes have a problem in this area:
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$db_userid:/) {
($username,$password,@rest) = split(/:/,$line);
if ($password ne $in{'oldpass'}) {
&html_change_password("Your old password is incorrect.");
return;
The $password is ENCRYPTED text while the $in{'oldpass'} is CLEAR text. Did I miss something? or it would appear that two things need to be added. 1) Decrypt $password before comparing to the "used supplied" old password then compare. 2) If they match then the "new user supplied password" needs to be encrypted before changing the password database.
The other BIG problem I encountered was that because the password comparies were failing I would get an error dialog. Not so bad but then I found that the password db no longer contained my user login info at all.
TIA, Bob Bryant
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$db_userid:/) {
($username,$password,@rest) = split(/:/,$line);
if ($password ne $in{'oldpass'}) {
&html_change_password("Your old password is incorrect.");
return;
The $password is ENCRYPTED text while the $in{'oldpass'} is CLEAR text. Did I miss something? or it would appear that two things need to be added. 1) Decrypt $password before comparing to the "used supplied" old password then compare. 2) If they match then the "new user supplied password" needs to be encrypted before changing the password database.
The other BIG problem I encountered was that because the password comparies were failing I would get an error dialog. Not so bad but then I found that the password db no longer contained my user login info at all.
TIA, Bob Bryant