###############################################################################
#                        C H A N G E   P A S S W O R D                        #
###############################################################################


#####################################################################
#                               script:  db.cgi                     #
#                                  sub main                         #
#                                                                   #
#                                  add lines                        #
#                                                                   #
# Where to add them --                                              #
# after                                                             #
#     elsif ($in{'admin_display'}){ if ($per_admin) { &admin_display; } else { &html_unauth; } }
#####################################################################

#### Following two lines added for secure_password_lookup mod
 elsif ($in{'change_password_form'}) { unless ($db_userid eq "default") { &html_change_password_form; } else { &html_unauth; } }
 elsif ($in{'change_password'})      { unless ($db_userid eq "default") { &change_password; }           else { &html_unauth; } }


#####################################################################
#                               script:  db.cgi                     #
#                            sub change_password                    #
#                                                                   #
#                               new subroutine                      #
#                                                                   #
#####################################################################

sub change_password {
# --------------------------------------------------------

  my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output);

# Check to make sure password is ok     
  unless ($in{'pw1'} eq $in{'pw2'}) {
    $message = "You must enter the same password twice.";
  }
  unless ((length($in{'pw1'}) >= 3) and (length($in{'pw1'}) <= 12)) {
    $message = "Invalid pw: '$in{'pw'}'. Must be less then 12 and greater then 3 characters.";
  }
  if ($message) {
    &html_change_password_form($message);
    return;
  }
  open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
    @passwds = <PASSWD>;
  close PASSWD;
  $found = '';
  PASS: foreach $pass (@passwds) {    # Go through each pass and see if we match..
    next PASS if ($pass =~ /^$/);   # Skip blank lines.
    chomp ($pass);
    ($userid, $pw, @rest) = split (/:/, $pass);
    if ($userid eq $db_userid) {
      $found = $pass;
      unless (crypt($in{'old'}, $pw) eq $pw) {
        $message = "old password is incorrect";
      }
    }
    else {
      $output .= $pass . "\n";
    }
  }
  if (!$found) {
    &html_change_password_form ("Your userid was not found in the password file.");
    return;
  }
  elsif ($message) {
    &html_change_password_form($message);
    return;
  }
  open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
    if ($db_use_flock) {
      flock(PASS, 2)  or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
    }
    print PASS $output;
  close PASS;

  ($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $found);
  srand( time() ^ ($$ + ($$ << 15)) );        # Seed Random Number
  my @salt_chars  = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
  my $salt        = join '', @salt_chars[rand 64, rand 64];
  my $encrypted   = crypt($in{'pw1'}, $salt);                 
        
  open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
    if ($db_use_flock) {
      flock(PASS, 2)  or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
    }
    print PASS "$userid:$encrypted:$view:$add:$del:$mod:$admin:$email\n";
  close PASS;
  &html_change_password_success;
}