Index: openacs-4/packages/acs-subsite/www/user/password-update.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/password-update.tcl,v
diff -u -N -r1.11 -r1.12
--- openacs-4/packages/acs-subsite/www/user/password-update.tcl	1 Sep 2003 11:41:01 -0000	1.11
+++ openacs-4/packages/acs-subsite/www/user/password-update.tcl	3 Sep 2003 08:33:34 -0000	1.12
@@ -6,46 +6,33 @@
 } {
     {user_id ""}
     {return_url ""}
-    {password_old ""}
+    {old_password ""}
     {expired_p:boolean "0"}
-} -properties {
-    first_names:onevalue
-    last_name:onevalue
-    admin_enabled_p:onevalue
-    export_vars:onevalue
-    site_link:onevalue
-    context:onevalue
 }
 
 if {[empty_string_p $user_id]} {
     set user_id [ad_verify_and_get_user_id]
 }
+if { ![auth::password::can_change_p -user_id $user_id] } {
+    ad_return_error "Not allowed" "Changing password is not allowed. Sorry"
+}
 
 set context [list [list [ad_pvt_home] "Your Account"] [_ acs-subsite.Update_Password]]
 
 # We have a special provision here for expired passwords
 # The user will not be logged in, but we're supposed to log them in after we're done
 # We use template::util::is_true in order to be liberal in the input we accept
+# SIMON: Do we still want to do this?
 set expired_p [template::util::is_true $expired_p]
 
 set system_name [ad_system_name]
 
 set admin_p [permission::permission_p -object_id $user_id -privilege admin]
 
-if {!$admin_p} {
+if { !$admin_p } {
     permission::require_permission -party_id $user_id -object_id $user_id -privilege write
 }
 
 db_1row user_information {}
 
 set site_link [ad_site_home_link]
-
-set export_vars [export_vars -form { user_id return_url }]
-
-if { !$admin_p && [empty_string_p $password_old] } {
-    set focus "pwd.password_old"
-} else {
-    set focus "pwd.password_1"
-}
-
-ad_return_template