Index: openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml,v
diff -u -N -r1.13 -r1.14
--- openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml	28 Aug 2003 07:58:56 -0000	1.13
+++ openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml	3 Sep 2003 08:33:34 -0000	1.14
@@ -231,5 +231,6 @@
   <msg key="Your_email">Your email:</msg>
   <msg key="Your_email_address">Your email address:</msg>
   <msg key="Your_password">Your password:</msg>
+  <msg key="Recover_Password">Recover Password</msg>
   <msg key="Your_Portrait">Your Portrait</msg>
 </message_catalog>
Index: openacs-4/packages/acs-subsite/www/user/password-update-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/Attic/password-update-2.tcl,v
diff -u -N -r1.10 -r1.11
--- openacs-4/packages/acs-subsite/www/user/password-update-2.tcl	28 Aug 2003 09:41:42 -0000	1.10
+++ openacs-4/packages/acs-subsite/www/user/password-update-2.tcl	3 Sep 2003 08:33:34 -0000	1.11
@@ -1,59 +1,61 @@
 ad_page_contract {
     Updates the users password if 
     <ul>
-    <li>password_old is correct
-    <li>password_1 matches password_2
-
+      <li>old_password is correct
+      <li>password_1 matches password_2
+    <ul>
     @cvs-id $Id$
-} -query {
+} {
     password_1:notnull
     password_2:notnull
-    {password_old ""}
+    {old_password ""}
     {user_id:integer ""}
     {return_url ""}
 } -validate {
-    old_password_match -requires {user_id:integer password_old} {
-        if {![permission::permission_p -object_id $user_id -privilege admin] && ![empty_string_p $user_id] && ![ad_check_password $user_id $password_old]} {
-            ad_complain "Your current password does not match what you entered in the form."
-        }
-    }
     confirm_password -requires {password_2:notnull} {
         if {[empty_string_p $password_2]} {
             ad_complain "You need to confirm the password that you typed. (Type the same thing again.)"
         }
     }
-    new_password_match -requires {password_1:notnull password_2:notnull confirm_password} {
-        if {![string equal $password_1 $password_2]} {
-            ad_complain "Your passwords don't match! Presumably, you made a typo while entering one of them."
-        }
-    }
-    new_password_old_password_different -requires { new_password_match } {
-        if { [string equal $password_old $password_1] } {
-            ad_complain "Your new password is identical to your old password. If you don't want to change your password, use your browser's back button to get out."
-        }
-    }
 }
 
 if {[empty_string_p $user_id]} {
     set user_id [ad_verify_and_get_user_id]
 }
 
+if { ![auth::password::can_change_p -user_id $user_id] } {
+    # We are not allowd to change password
+    # SIMON: What should we do here?
+    ad_return_error "Not allowed" "Changing password is not allowed. Sorry"
+}
+
 set admin_p [permission::permission_p -object_id $user_id -privilege admin]
 
 if {!$admin_p} {
     permission::require_permission -party_id $user_id -object_id $user_id -privilege write
 }
 
-if {[catch {ad_change_password $user_id $password_1} errmsg]} {
-    ad_return_error "Wasn't able to change your password. Please contact the system administrator."
-}
 
-if { ![ad_conn user_id] } {
-    ad_user_login $user_id
-}
+array set change_pwd_info [auth::password::change \
+                         -user_id $user_id \
+                         -old_password $old_password \
+                         -new_password $password_1]
 
-if {[empty_string_p $return_url]} {
-    set return_url [ad_parameter -package_id [ad_acs_kernel_id] "HomeURL"]
+if { [string equal $change_pwd_info(password_status) "ok"] } {
+    # Make sure the user is logged in
+   if { ![ad_conn user_id] } {
+        ad_user_login $user_id
+    }
+    
+    if {[empty_string_p $return_url]} {
+        set return_url [ad_parameter -package_id [ad_acs_kernel_id] "HomeURL"]
+    }
+    
+    ad_returnredirect $return_url
+
+}  else {
+    # Changing password failed, display password_message
+    # SIMON: What should we do here?
+    ad_return_error "Failure" $change_pwd_info(password_status)
 }
 
-ad_returnredirect $return_url
Index: openacs-4/packages/acs-subsite/www/user/password-update.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/password-update.adp,v
diff -u -N -r1.13 -r1.14
--- openacs-4/packages/acs-subsite/www/user/password-update.adp	1 Sep 2003 11:41:01 -0000	1.13
+++ openacs-4/packages/acs-subsite/www/user/password-update.adp	3 Sep 2003 08:33:34 -0000	1.14
@@ -1,9 +1,8 @@
 <master>
   <property name="title">#acs-subsite.Update_Password#</property>
   <property name="context_bar">#acs-subsite.lt_for_first_names_last_#</property>
-  <property name="context">@context@</property>
-  <property name="focus">@focus@</property>
-
+  <property name="context">#acs-subsite.Update_Password#</property>
+  <property name="focus">pwd.old_password</property>
 <if @expired_p@ true>
   <p>
     Welcome to @system_name@. 
@@ -15,33 +14,29 @@
 </if>
 
 <form method="post" action="password-update-2" name="pwd">
-  @export_vars;noquote@
-
+ <input type="hidden" name="return_url" value="@return_url@" /> <input type="hidden" name="user_id" value="@user_id@" />
 <table>
 
-<if @admin_p@ false and @password_old@ eq "">
-  <tr>
-    <th>#acs-subsite.Current_Password#</th>
-    <td><input type="password" name="password_old" size="15" /></td>
-  </tr>
-</if>
-<else>
-  <input type="hidden" name="password_old" value="@password_old@" />
-</else>
+<tr>
+  <th>#acs-subsite.Current_Password#</th>
+  <td><input type="password" name="old_password" size="15" /></td>
+</tr>
 
-  <tr>
-    <th>#acs-subsite.New_Password#</th>
-    <td><input type="password" name="password_1" size="15" /></td>
-  </tr>
+<tr>
+  <th>#acs-subsite.New_Password#</th>
+  <td><input type="password" name="password_1" size="15" /></td>
+</tr>
 
-  <tr>
-    <th>#acs-subsite.Confirm#</th>
-    <td><input type="password" name="password_2" size="15" /></td>
-  </tr>
+<tr>
+  <th>#acs-subsite.Confirm#</th>
+  <td><input type="password" name="password_2" size="15" /></td>
+</tr>
+
+<tr>
+  <th></th>
+  <td><input type="submit" value="#acs-subsite.Update#" /></td>
+</tr>
+
 </table>
 
-<p><center>
-  <input type="submit" value="#acs-subsite.Update#" />
-</center>
-</p>
 </form>
Index: openacs-4/packages/acs-subsite/www/user/password-update.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/password-update.tcl,v
diff -u -N -r1.11 -r1.12
--- openacs-4/packages/acs-subsite/www/user/password-update.tcl	1 Sep 2003 11:41:01 -0000	1.11
+++ openacs-4/packages/acs-subsite/www/user/password-update.tcl	3 Sep 2003 08:33:34 -0000	1.12
@@ -6,46 +6,33 @@
 } {
     {user_id ""}
     {return_url ""}
-    {password_old ""}
+    {old_password ""}
     {expired_p:boolean "0"}
-} -properties {
-    first_names:onevalue
-    last_name:onevalue
-    admin_enabled_p:onevalue
-    export_vars:onevalue
-    site_link:onevalue
-    context:onevalue
 }
 
 if {[empty_string_p $user_id]} {
     set user_id [ad_verify_and_get_user_id]
 }
+if { ![auth::password::can_change_p -user_id $user_id] } {
+    ad_return_error "Not allowed" "Changing password is not allowed. Sorry"
+}
 
 set context [list [list [ad_pvt_home] "Your Account"] [_ acs-subsite.Update_Password]]
 
 # We have a special provision here for expired passwords
 # The user will not be logged in, but we're supposed to log them in after we're done
 # We use template::util::is_true in order to be liberal in the input we accept
+# SIMON: Do we still want to do this?
 set expired_p [template::util::is_true $expired_p]
 
 set system_name [ad_system_name]
 
 set admin_p [permission::permission_p -object_id $user_id -privilege admin]
 
-if {!$admin_p} {
+if { !$admin_p } {
     permission::require_permission -party_id $user_id -object_id $user_id -privilege write
 }
 
 db_1row user_information {}
 
 set site_link [ad_site_home_link]
-
-set export_vars [export_vars -form { user_id return_url }]
-
-if { !$admin_p && [empty_string_p $password_old] } {
-    set focus "pwd.password_old"
-} else {
-    set focus "pwd.password_1"
-}
-
-ad_return_template

#acs-subsite.Current_Password#
#acs-subsite.Current_Password#
#acs-subsite.New_Password#
#acs-subsite.New_Password#
#acs-subsite.Confirm#
#acs-subsite.Confirm#