--- deliantra/server/ext/login.ext	2010/05/04 21:45:42	1.109
+++ deliantra/server/ext/login.ext	2010/05/08 10:49:44	1.110
@@ -128,10 +128,21 @@
    $ob->goto ($map, $x, $y);
 }
 
-sub encode_password {
-   crypt $_[0],
-      join '',
-         ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64), (cf::rndm 64)]
+sub encode_password($) {
+#   crypt $_[0],
+#      join '',
+#         ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64), (cf::rndm 64)]
+   "!" . unpack "H*", $_[0]
+}
+
+sub compare_password($$) {
+   my ($pass, $token) = @_;
+
+   if ($token =~ /\!(.*)/) {
+      return $pass eq pack "H*", $1;
+   } else {
+      return $token eq crypt $pass, $token;
+   }
 }
 
 # delete a player directory, be non-blocking AND synchronous...
@@ -232,9 +243,10 @@
          if (my $pl = cf::player::find $user) {
             aio_stat $pl->path and next;
             my $mtime = (stat _)[9];
-            my $hash = $pl->password;
+            my $token = $pl->password;
 
-            if ($cf::CFG{ext_login_nocheck} or $hash eq crypt $pass, $hash) {
+            if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) {
+               $pl->password (encode_password $pass); # make sure we store the new encoding #d#
                nuke_str $pass;
                # password matches, wonderful
                my $pl = cf::player::find $user or next;