Index: database/database.mysql
===================================================================
RCS file: /cvs/drupal/drupal/database/database.mysql,v
retrieving revision 1.153.2.3
diff -u -r1.153.2.3 database.mysql
--- database/database.mysql	15 Jan 2005 08:52:01 -0000	1.153.2.3
+++ database/database.mysql	7 Feb 2005 02:31:13 -0000
@@ -662,6 +662,7 @@
   uid int(10) unsigned NOT NULL default '0',
   name varchar(60) NOT NULL default '',
   pass varchar(32) NOT NULL default '',
+  pass_alt varchar(32) NOT NULL default '',
   mail varchar(64) default '',
   mode tinyint(1) NOT NULL default '0',
   sort tinyint(1) default '0',
Index: database/updates.inc
===================================================================
RCS file: /cvs/drupal/drupal/database/updates.inc,v
retrieving revision 1.66.2.2
diff -u -r1.66.2.2 updates.inc
--- database/updates.inc	5 Jan 2005 20:17:33 -0000	1.66.2.2
+++ database/updates.inc	7 Feb 2005 02:31:14 -0000
@@ -86,7 +86,8 @@
   "2004-09-17" => "update_107",
   "2004-10-16" => "update_108",
   "2004-10-18" => "update_109",
-  "2004-12-20" => "update_110"
+  "2004-12-20" => "update_110",
+  "2005-02-05" => "update_111"
 );
 
 function update_32() {
@@ -1920,6 +1921,15 @@
 
   return $ret;
 }
+
+function update_111() {
+  $ret = array();
+
+  $ret[] = update_sql("ALTER TABLE users ADD pass_alt varchar(32) NOT NULL default ''");
+
+  return $ret;
+}
+
 
 function update_sql($sql) {
   $edit = $_POST["edit"];
Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.407.2.10
diff -u -r1.407.2.10 user.module
--- modules/user.module	5 Jan 2005 20:17:33 -0000	1.407.2.10
+++ modules/user.module	7 Feb 2005 02:31:14 -0000
@@ -49,7 +49,11 @@
   $params = array();
   foreach ($array as $key => $value) {
     if ($key == 'pass') {
-      $query .= "u.$key = '%s' AND ";
+      $query .= "u.pass = '%s' AND ";
+      $params[] = md5($value);
+    }
+    else if ($key == 'pass_alt') {
+      $query .= "u.pass_alt = '%s' AND ";
       $params[] = md5($value);
     }
     else if ($key == 'uid') {
@@ -107,6 +111,13 @@
       if ($key == 'pass') {
         $query .= "$key = '%s', ";
         $v[] = md5($value);
+	
+	// reset alternate password on password set
+	$query .= "pass_alt = '.', ";
+      }
+      else if ($key == 'pass_alt') {
+        $query .= "$key = '%s', ";
+        $v[] = md5($value);
       }
       else if (substr($key, 0, 4) !== 'auth') {
         if (in_array($key, $user_fields)) {
@@ -384,7 +395,7 @@
     }
     else {
       // Make sure we return the default fields at least
-      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'changed', 'status', 'timezone', 'language', 'init', 'data');
+      $fields = array('uid', 'name', 'pass', 'pass_alt', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'changed', 'status', 'timezone', 'language', 'init', 'data');
     }
   }
 
@@ -836,6 +847,16 @@
   // Try to log in the user locally:
   $user = user_load(array('name' => $name, 'pass' => $pass, 'status' => 1));
 
+  // Try alternate local password:
+  if (!$user->uid) {
+    $user = user_load(array('name' => $name, 'pass_alt' => $pass, 'status' => 1));
+
+    // if the alternate password succeeds, make it active
+    if ($user->uid) {
+      user_save($user, array('pass' => $pass));
+    }
+  }
+
   // Strip name and server from ID:
   if ($server = strrchr($name, '@')) {
     $name = substr($name, 0, strlen($name) - strlen($server));
@@ -863,7 +884,7 @@
           if (variable_get('user_register', 1) == 1) {
             $account = user_load(array('name' => "$name@$server"));
             if (!$account->uid) { // Register this new user.
-              $user = user_save('', array('name' => "$name@$server", 'pass' => user_password(), 'init' => "$name@$server", 'status' => 1, "authname_$module" => "$name@$server", 'roles' => array(_user_authenticated_id())));
+              $user = user_save('', array('name' => "$name@$server", 'pass_alt' => user_password(), 'init' => "$name@$server", 'status' => 1, "authname_$module" => "$name@$server", 'roles' => array(_user_authenticated_id())));
               watchdog('user', t('New external user: %user using module %module.', array('%user' => "<em>$name@$server</em>", '%module' => "<em>$module</em>")), l(t('edit'), 'user/'. $user->uid .'/edit'));
               break;
             }
@@ -914,7 +935,7 @@
       $pass = user_password();
 
       // Save new password:
-      user_save($account, array('pass' => $pass));
+      user_save($account, array('pass_alt' => $pass));
 
       // Mail new password:
       $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));
@@ -925,7 +946,7 @@
 
       if ($mail_success) {
         watchdog('user', t('Password mailed to %name at %email.', array('%name' => "<em>$account->name</em>" , '%email' => "<em>$account->mail</em>")));
-        return t('Your password and further instructions have been sent to your e-mail address.');
+        return t("Your password and further instructions have been sent to your e-mail address. body is $body");
       }
       else {
         watchdog('error', t('Error mailing password to %name at %email.', array('%name' => "<em>$account->name</em>", '%email' => "<em>$account->mail</em>")));
@@ -960,7 +981,7 @@
 
       // TODO: Is this necessary? Won't session_write() replicate this?
       unset($edit['session']);
-      $account = user_save('', array_merge(array('name' => $edit['name'], 'pass' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit));
+      $account = user_save('', array_merge(array('name' => $edit['name'], 'pass_alt' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit));
       watchdog('user', t('New user: %name %email.', array('%name' => '<em>'. $edit['name'] .'</em>', '%email' => '<em>&lt;'. $edit['mail'] .'&gt;</em>')), l(t('edit'), 'user/'. $account->uid .'/edit'));
 
       $variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));