2 files changed, 22 insertions, 15 deletions

diff --git a/module/database/DatabaseBackend.py b/module/database/DatabaseBackend.py
index 9e9e73e43..0ce01cdc5 100644
--- a/module/database/DatabaseBackend.py
+++ b/module/database/DatabaseBackend.py
@@ -233,22 +233,7 @@ class DatabaseBackend(Thread):
             
             self.c.executemany("INSERT INTO users(name, password, email) VALUES (?, ?, ?)", users)
             move("pyload.db", "pyload.old.db")
-        if exists("web.db"):
-            try:
-                self.core.log.info(_("Moving users"))
-            except:
-                print "Moving users"
-            conn = sqlite3.connect('web.db')
-            c = conn.cursor()
-            c.execute("SELECT name, password, email, role, permission FROM users")
-            for r in c:
-                self.c.execute('SELECT name FROM users WHERE name=?', (r[0], ))
-                if self.c.fetchone() is None:
-                    self.c.executemany("INSERT INTO users (name, password, email, role, permission) VALUES (?, ?, ?, ?, ?)", r)
-            c.close()
-            conn.close()
             
-            move("web.db", "web.old.db")
         self.c.execute('VACUUM')
     
     def createCursor(self):
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index 6e04fa249..4367b1292 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -69,6 +69,28 @@ class UserMethods():
             c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
 
 
+    @style.queue
+    def changePw(db, user, oldpw, newpw):
+
+        db.c.execute('SELECT id, name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
+        r = db.c.fetchone()
+        if not r:
+            return False
+
+        salt = r[2][:5]
+        pw = r[2][5:]
+        h = sha1(salt + oldpw)
+        if h.hexdigest() == pw:
+            salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)])
+            h = sha1(salt + newpw)
+            password = salt + h.hexdigest()
+
+            db.c.execute("UPDATE users SET password=? WHERE name=?", (password, user))
+            return True
+
+        return False
+
+
     @style.async
     def setPermission(db, user, perms):
         db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user))