Item10494: htpasswd emails lost if changing to htdigest auth
Priority: Normal
Current State: Closed
Released In: 1.1.3
Target Release: patch
HtPasswdUser.pm doesn't detect that the existing password file might be in htpasswd format id:password:emails, so if the password method is changed to "MD5" which implements htdigest encoding, email addresses are interpreted as the password hash and overwritten by the new password when
ResetPassword is used.
When reading in .htpasswd as a "MD5" htdigest formatted file, if the email is missing, and there is an @ in the password hash, use the password field to recover the emails.
--
GeorgeClark - 17 Mar 2011