- $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field
- . ' = "' . mysql_escape_string($cp_newpass) . '"'
- . ' WHERE ' . $mysql_userid_field . ' = "' . mysql_escape_string($username) . '"';
+ $update_string = 'UPDATE '. $mysql_table . ' SET ' . $mysql_password_field;
+
+ if ($mysql_saslcrypt) {
+ $update_string .= '=password("'.mysql_real_escape_string($newpw, $ds).'")';
+ } elseif ($mysql_unixcrypt) {
+ // FIXME: use random salt when you create new password
+ $update_string .= '=encrypt("'.mysql_real_escape_string($newpw, $ds).'", '.$mysql_password_field . ')';
+ } else {
+ $update_string .= '="' . mysql_real_escape_string($newpw, $ds) . '"';
+ }
+ $update_string .= ' WHERE ' . $mysql_userid_field . ' = "' . mysql_real_escape_string($username, $ds) . '"';
+