e361785d947cdb917f89179133c9216f665ade51
chinhli
  Wed May 2 16:38:27 2012 -0700
Check current password before reset password.
diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 4438876..5275c27 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -348,102 +348,52 @@
 
 sr = sqlGetResult(conn,
 "select email,password from gbMembers where activated='Y'"
 " and (expireDate='' or (current_date() < expireDate))");
 while ((row = sqlNextRow(sr)) != NULL)
     {
     fprintf(out,"%s:%s\n",row[0],row[1]);
     }
 sqlFreeResult(&sr);
 
 carefulClose(&out);
 
 }
 
 
-
-
-/* ---------- reverse DNS function --------- */
-
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-char *reverseDns(char *ip)
-/* do reverse dns lookup on ip using getnamebyaddr,
- *  and then return a string to be freed that is the host */
-{
-struct hostent *hp;
-struct sockaddr_in sock;
-if (inet_aton(ip,&sock.sin_addr) == 0) return NULL;
-hp = gethostbyaddr(&sock.sin_addr,sizeof(sock.sin_addr),AF_INET);
-if (!hp) return NULL;
-return cloneString(hp->h_name);
-}
-
-
 /* -------- functions ---- */
 
 void debugShowAllMembers(struct sqlConnection *conn)
 /* display all gbMembers */
 {
 struct sqlResult *sr;
 char **row;
 
 hPrintf("<h1>Members</h1>");
 hPrintf("<table>");
 hPrintf("<th>email</th><th>password</th>");
 
 sr = sqlGetResult(conn, "select * from members");
 while ((row = sqlNextRow(sr)) != NULL)
     {
     hPrintf("<tr><td>%s</td><td>%s</td></tr>",row[0],row[1]);
     }
 sqlFreeResult(&sr);
 
 hPrintf("</table>");
 }
 
-
-/************************************************************
-void lostPasswordPage(struct sqlConnection *conn)
-// draw the lost password page 
-{
-hPrintf(
-"<h2>UCSC Genome Browser</h2>"
-"<p align=\"left\">"
-"</p>"
-"<span style='color:red;'>%s</span>"
-"<h3>Send Me A New Password</h3>"
-"<form method=post action=\"hgLogin\" name=lostPasswordForm >"
-"<table>"
-"<tr><td>E-mail</td><td><input type=text name=hgLogin_email size=20> "
-  "(your e-mail is also your user-id)</td></tr>"
-"<tr><td>&nbsp;</td><td><input type=submit name=hgLogin.do.lostPassword value=submit>"
-"&nbsp;<input type=button value=cancel ONCLICK=\"history.go(-1)\"></td></tr>"
-"</table>"
-"<br>"
-, errMsg ? errMsg : ""
-);
-
-cartSaveSession(cart);
-
-hPrintf("</FORM>");
-
-}
-
-**************************************************************/
 void lostPassword(struct sqlConnection *conn)
 /* process the lost password form */
 {
 char query[256];
 char cmd[256];
 char *email = cartUsualString(cart, "hgLogin_email", "");
 if (!email || sameString(email,""))
     {
     freez(&errMsg);
     errMsg = cloneString("Email cannot be blank.");
     // lostPasswordPage(conn);
     return;
     }
 safef(query,sizeof(query), "select password from gbMembers where email='%s'", email);
 char *password = sqlQuickString(conn, query);
@@ -582,31 +532,31 @@
     freez(&errMsg);
     errMsg = cloneString("Re-enter New Password field cannot be blank.");
     changePasswordPage(conn);
     return;
     }
 if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2))
     {
     freez(&errMsg);
     errMsg = cloneString("New passwords do not match.");
     changePasswordPage(conn);
     return;
     }
 /* check username existence first */
 safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user);
 char *password = sqlQuickString(conn, query);
-if (!password)
+if ((!password) || (password && !checkPwd(currentPassword,password)))
     {
     freez(&errMsg);
     errMsg = cloneString("Invalid user name or password.");
     changePasswordPage(conn);
     return;
     }
 
 char encPwd[45] = "";
 encryptNewPwd(newPassword1, encPwd, sizeof(encPwd));
 safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user));
 sqlUpdate(conn, query);
 
 hPrintf
     (
     "<h2>UCSC Genome Browser</h2>"