From 76818bd7f8986a35c1d63ce1b4fe01815142a18e Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <lpsolit%gmail.com>
Date: Tue, 20 Dec 2005 22:25:57 +0000
Subject: [PATCH] Bug 287741: changing password from 'password' to 'password'
 should not invalidate login cookies - Patch by Marc Schumann
 <wurblzap@gmail.com> r=LpSolit a=justdave

---
 webtools/bugzilla/userprefs.cgi | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/webtools/bugzilla/userprefs.cgi b/webtools/bugzilla/userprefs.cgi
index df2255ce42c3..3dc68121ef07 100755
--- a/webtools/bugzilla/userprefs.cgi
+++ b/webtools/bugzilla/userprefs.cgi
@@ -97,16 +97,18 @@ sub SaveAccount {
             $cgi->param('new_password1')
               || ThrowUserError("new_password_missing");
             ValidatePassword($pwd1, $pwd2);
-        
-            my $cryptedpassword = bz_crypt($pwd1);
-            trick_taint($cryptedpassword); # Only used in a placeholder
-            $dbh->do(q{UPDATE profiles
-                          SET cryptpassword = ?
-                        WHERE userid = ?},
-                     undef, ($cryptedpassword, $user->id));
 
-            # Invalidate all logins except for the current one
-            Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+            if ($cgi->param('Bugzilla_password') ne $pwd1) {
+                my $cryptedpassword = bz_crypt($pwd1);
+                trick_taint($cryptedpassword); # Only used in a placeholder
+                $dbh->do(q{UPDATE profiles
+                              SET cryptpassword = ?
+                            WHERE userid = ?},
+                         undef, ($cryptedpassword, $user->id));
+
+                # Invalidate all logins except for the current one
+                Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+            }
         }
     }