get("action", "NONE");
if($act eq "acctpasswd") {
my $aname = $request->getEscaped("name", "_");
my $apass = $request->getEscaped("password", "");
if($aname eq "_") {
print "Missing name";
} else {
my $q;
if($apass eq "") {
#set the password to something that somebody could not likely guess
$q = "UPDATE account SET password=MD5(unix_timestamp()) WHERE name='$aname'";
} else {
$q = "UPDATE account SET password=MD5('$apass') WHERE name='$aname'";
}
if(!$EQDB->query($q)) {
$result = "Error in query.";
} else {
$request->redirect("account.html?name=$aname");
}
}
}
?>
Action Taken