--- loncom/lcpasswd	2000/10/29 23:14:16	1.8
+++ loncom/lcpasswd	2000/10/30 03:08:28	1.10
@@ -49,13 +49,15 @@ use strict;
 # These are the exit codes.
 # ( (0,"ok"),
 #   (1,"User ID mismatch.  This program must be run as user 'www'"),
-#   (2,"Error. This program does not accept command-line arguments."),
+#   (2,"Error. This program needs 3 command-line arguments (username, old password, new password)."),
 #   (3,"Error. Three lines need to be entered into standard input."),
 #   (4,"Error. Too many other simultaneous password change requests being made."),
 #   (5,"Error. User $username does not exist."),
 #   (6,"Error. Invalid entry of current password."),
-#   (7,"Error.  Root was not successfully enabled."),
-#   (8,"Error.  Cannot open /etc/passwd.") )
+#   (7,"Error. Root was not successfully enabled."),
+#   (8,"Error. Cannot open /etc/passwd."),
+#   (9,"Error. The user name specified has invalid characters."),
+#   (10,"Error. A password entry had an invalid character.") )
 
 # Security
 $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information except for what smbpasswd needs
@@ -117,7 +119,14 @@ if ($username ne $safeusername) {
     unlink('/tmp/lock_lcpasswd');
     exit 9;
 }
-
+my $pbad=0;
+map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$oldpwd));
+map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$newpwd));
+if ($pbad) {
+    print "Error. A password entry had an invalid character.\n";
+    unlink('/tmp/lock_lcpasswd');
+    exit 10;
+}
 
 # Grab the line corresponding to username
 my ($userid,$useroldcryptpwd);