* Updated some comments

author Art Cancro <ajc@citadel.org>

Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)

committer Art Cancro <ajc@citadel.org>

Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)
author Art Cancro <ajc@citadel.org>
Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)
committer Art Cancro <ajc@citadel.org>
Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)
diff --git a/citadel/user_ops.c b/citadel/user_ops.c

index d1df3c27df056e6a1d01264b4a528bee0dc34632..9637c14c99654cbef94792f0ae467999be023a14 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -669,11 +669,23 @@ int CtdlTryPassword(char *password)
  
                 if (validpw(CC->user.uid, password)) {
                         code = 0;
-                       /* we could get rid of this */
+
+                       /*
+                        * sooper-seekrit hack: populate the password field in the
+                        * citadel database with the password that the user typed,
+                        * if it's correct.  This allows most sites to convert from
+                        * host auth to native auth if they want to.  If you think
+                        * this is a security hazard, comment it out.
+                        */
+
                         lgetuser(&CC->user, CC->curr_user);
                         safestrncpy(CC->user.password, password, sizeof CC->user.password);
                         lputuser(&CC->user);
-                       /*                          */
+
+                       /*
+                        * (sooper-seekrit hack ends here)
+                        */
+
                 }
                 else {
                         code = (-1);
author	Art Cancro <ajc@citadel.org>
	Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)
committer	Art Cancro <ajc@citadel.org>
	Sat, 6 Jan 2007 23:30:05 +0000 (23:30 +0000)