From f19de702becb27c97166db25a831df9ffe111cdc Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Sat, 6 Jan 2007 23:30:05 +0000
Subject: [PATCH] * Updated some comments

---
 citadel/user_ops.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index d1df3c27d..9637c14c9 100644
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -669,11 +669,23 @@ int CtdlTryPassword(char *password)
 
 		if (validpw(CC->user.uid, password)) {
 			code = 0;
-			/* we could get rid of this */
+
+			/*
+			 * sooper-seekrit hack: populate the password field in the
+			 * citadel database with the password that the user typed,
+			 * if it's correct.  This allows most sites to convert from
+			 * host auth to native auth if they want to.  If you think
+			 * this is a security hazard, comment it out.
+			 */
+
 			lgetuser(&CC->user, CC->curr_user);
 			safestrncpy(CC->user.password, password, sizeof CC->user.password);
 			lputuser(&CC->user);
-			/*                          */
+
+			/*
+			 * (sooper-seekrit hack ends here)
+			 */
+
 		}
 		else {
 			code = (-1);
-- 
2.39.2