diff -r 9cdfe82c56cd -r eb8b23f11744 plugins/SpecialUserPrefs.php
--- a/plugins/SpecialUserPrefs.php	Sat Jan 03 18:11:18 2009 -0500
+++ b/plugins/SpecialUserPrefs.php	Sun Jan 04 00:55:40 2009 -0500
@@ -12,7 +12,7 @@
 
 /*
  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.5 (Caoineag alpha 5)
+ * Version 1.1.6 (Caoineag beta 1)
  * Copyright (C) 2006-2008 Dan Fuhry
  *
  * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
@@ -226,13 +226,9 @@
           $email_changed = true;
         }
         // Obtain password
-        if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) )
+        if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) )
         {
-          $key = $session->fetch_public_key($_POST['crypt_key']);
-          if ( !$key )
-            die('Can\'t lookup key');
-          $key = hexdecode($key);
-          $newpass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+          $newpass = $session->get_aes_post('newpass');
           // At this point we know if we _want_ to change the password...
           
           // We can't check the password to see if it matches the confirmation
@@ -255,14 +251,15 @@
               if ( $score_inp < $score_min )
                 $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>';
             }
+            if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )
+            {
+              $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';
+            }
             // Encrypt new password
             if ( empty($errors) )
             {
-              $newpass_enc = $session->pk_encrypt($newpass, ENC_HEX);
               // Perform the swap
-              $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';');
-              if ( !$q )
-                $db->_die();
+              $session->set_password($session->username, $newpass);
               // Log out and back in
               $username = $session->username;
               $session->logout();
@@ -282,39 +279,6 @@
             }
           }
         }
-        else
-        {
-          switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!)
-          {
-            case 'foo':
-              $pass = $_POST['newpass'];
-              if ( $pass != $_POST['newpass_conf'] )
-              {
-                $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';
-                break;
-              }
-              
-              $session->logout();
-              if ( $email_changed )
-              {
-                if ( getConfig('account_activation') == 'user' )
-                {
-                  redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);
-                }
-                else if ( getConfig('account_activation') == 'admin' )
-                {
-                  redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
-                }
-              }
-              else
-              {
-                $session->login_without_crypto($session->username, $newpass);
-                redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
-              }
-              
-              return;
-          }
-        }
       }
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
       break;
@@ -359,8 +323,6 @@
       echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
       
       // Password change form
-      $pubkey = $session->rijndael_genkey();
-      
       echo '<fieldset>
         <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>
         ' . $lang->get('usercp_emailpassword_field_newpass') . '<br />
@@ -368,7 +330,7 @@
         <br />
         <br />
         ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
-        <input type="password" name="newpass_conf" size="30" tabindex="2" />
+        <input type="password" name="newpass_confirm" size="30" tabindex="2" />
         ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
         <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . '
       </fieldset><br />
@@ -381,75 +343,24 @@
         ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br />
           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
       </fieldset>
-      <input type="hidden" name="use_crypt" value="no" />
-      <input type="hidden" name="crypt_key" value="' . $pubkey . '" />
-      <input type="hidden" name="crypt_data" value="" />
       <br />
       <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
       
+      echo $session->generate_aes_form();
       echo '</form>';
       
       // ENCRYPTION CODE
       ?>
+      <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
       <script type="text/javascript">
-      <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
       addOnloadHook(function()
         {
           password_score_field(document.forms.empwform.newpass);
         });
+      </script>
       <?php endif; ?>
-        
-        function runEncryption()
-        {
-          load_component('crypto');
-          var aes_testpassed = aes_self_test();
-          
-          var frm = document.forms.empwform;
-          if ( frm.newpass.value.length < 1 )
-            return true;
-          
-          pass1 = frm.newpass.value;
-          pass2 = frm.newpass_conf.value;
-          if ( pass1 != pass2 )
-          {
-            alert($lang.get('usercp_emailpassword_err_password_no_match'));
-            return false;
-          }
-          if ( pass1.length < 6 && pass1.length > 0 )
-          {
-            alert($lang.get('usercp_emailpassword_err_password_too_short'));
-            return false;
-          }
-          
-          if(aes_testpassed)
-          {
-            frm.use_crypt.value = 'yes';
-            var cryptkey = frm.crypt_key.value;
-            frm.crypt_key.value = hex_md5(cryptkey);
-            cryptkey = hexToByteArray(cryptkey);
-            if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
-            {
-              frm.submit.disabled = true;
-              len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
-              alert('The key is messed up\nType: '+typeof(cryptkey)+len);
-            }
-            pass = frm.newpass.value;
-            pass = stringToByteArray(pass);
-            cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
-            if(!cryptstring)
-            {
-              return false;
-            }
-            cryptstring = byteArrayToHex(cryptstring);
-            frm.crypt_data.value = cryptstring;
-            frm.newpass.value = "";
-            frm.newpass_conf.value = "";
-          }
-          return true;
-        }
-      </script>
       <?php
-      
+      echo $session->aes_javascript('empwform', 'newpass');
       break;
     case 'Signature':
       if ( isset($_POST['new_sig']) )