From: Art Cancro Date: Sat, 6 Jan 2007 23:30:05 +0000 (+0000) Subject: * Updated some comments X-Git-Tag: v7.86~3695 X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=f19de702becb27c97166db25a831df9ffe111cdc;p=citadel.git * Updated some comments --- diff --git a/citadel/user_ops.c b/citadel/user_ops.c index d1df3c27d..9637c14c9 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -669,11 +669,23 @@ int CtdlTryPassword(char *password) if (validpw(CC->user.uid, password)) { code = 0; - /* we could get rid of this */ + + /* + * sooper-seekrit hack: populate the password field in the + * citadel database with the password that the user typed, + * if it's correct. This allows most sites to convert from + * host auth to native auth if they want to. If you think + * this is a security hazard, comment it out. + */ + lgetuser(&CC->user, CC->curr_user); safestrncpy(CC->user.password, password, sizeof CC->user.password); lputuser(&CC->user); - /* */ + + /* + * (sooper-seekrit hack ends here) + */ + } else { code = (-1);