#even though this is kludgy
$url_string =~
s{
- (browse|config|docs|edit|graph|misc|search|view)
+ (browse|config|docs|edit|graph|misc|search|view|pref)
/
(process/)?
([\w\-\.]+)
--- /dev/null
+% if ( $cgi->param('error') ) {
+ <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
+ <BR><BR>
+% }
<td align=left rowspan=2 BGCOLOR="#ffffff"> <!-- valign="top" -->
<font size=6><% $conf->config('company_name') || 'ExampleCo' %></font>
</td>
- <td align=right valign=top BGCOLOR="#ffffff"><FONT SIZE="-1">Logged in as <b><% getotaker %> </b><br></FONT><FONT SIZE="-2"><a href="<%$fsurl%>pref/XXXwritethis">Preferences</a> <BR></FONT>
+ <td align=right valign=top BGCOLOR="#ffffff"><FONT SIZE="-1">Logged in as <b><% getotaker %> </b><br></FONT><FONT SIZE="-2"><a href="<%$fsurl%>pref/pref.html">Preferences</a> <BR></FONT>
</td>
</tr>
<tr>
--- /dev/null
+% my $error = '';
+%
+% my $access_user = qsearchs( 'access_user', {
+% 'username' => getotaker,
+% '_password' => $cgi->param('_password'),
+% } );
+%
+% $error = 'Current password incorrect; password not changed'
+% unless $access_user;
+%
+% $error ||= "New passwords don't match"
+% unless $cgi->param('new_password') eq $cgi->param('new_password2');
+%
+% $error ||= "No new password entered"
+% unless length($cgi->param('new_password'));
+%
+% $access_user->_password($cgi->param('new_password')) unless $error;
+% $error ||= $access_user->replace;
+%
+% if ( $error ) {
+% $cgi->param('error', $error);
+% print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string );
+% } else {
+<% include('/elements/header.html', 'Password changed') %>
+<% include('/elements/footer.html') %>
+% }
--- /dev/null
+<% include('/elements/header.html', 'Preferences for '. getotaker ) %>
+
+<FORM METHOD="POST" ACTION="pref-process.html">
+
+<% include('/elements/error.html') %>
+
+<% ntable("#cccccc",2) %>
+
+<TR>
+ <TD ALIGN="right">Current password: </TD>
+ <TD><INPUT TYPE="password" NAME="_password"></TD>
+</TR>
+
+<TR>
+ <TD ALIGN="right">New password: </TD>
+ <TD><INPUT TYPE="password" NAME="new_password"></TD>
+</TR>
+
+<TR>
+ <TD ALIGN="right">Re-enter new password: </TD>
+ <TD><INPUT TYPE="password" NAME="new_password2"></TD>
+</TR>
+
+</TABLE>
+
+<INPUT TYPE="submit" VALUE="Change password">
+
+<% include('/elements/footer.html') %>