|| $cgi->param('clear_password') =~ /^\(.* encrypted\)$/ ) {
die "fatal: no previous account to recall hidden password from!" unless $old;
} else {
- $error ||= $new->set_password($cgi->param('clear_password'));
+ my $newpass = $cgi->param('clear_password');
+ if ( ! $old->check_password($newpass) ) {
+ # then the password is being changed
+ $error ||= $new->is_password_allowed($newpass)
+ || $new->set_password($newpass);
+ }
}
if ( ! $error ) {