From 764533a6e5845a52c548d05dcb8badb51c65c1e2 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Wed, 29 Mar 2023 17:27:01 -0700
Subject: [PATCH] Don't add hashed password to the old password list if it's
 already in there https://github.com/virtualmin/virtualmin-pro/issues/35

---
 acl/acl-lib.pl | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/acl/acl-lib.pl b/acl/acl-lib.pl
index fbcd69a74..7933b2598 100755
--- a/acl/acl-lib.pl
+++ b/acl/acl-lib.pl
@@ -774,14 +774,16 @@ if ($oldpass ne $user->{'pass'} &&
 	my $nolock = $oldpass;
 	$nolock =~ s/^\!//;
 	$user->{'olds'} ||= [];
-	unshift(@{$user->{'olds'}}, $nolock);
-	if ($miniserv->{'pass_oldblock'}) {
-		while(scalar(@{$user->{'olds'}}) >
-		      $miniserv->{'pass_oldblock'}) {
-			pop(@{$user->{'olds'}});
+	if (&indexof($nolock, @{$user->{'olds'}}) < 0) {
+		unshift(@{$user->{'olds'}}, $nolock);
+		if ($miniserv->{'pass_oldblock'}) {
+			while(scalar(@{$user->{'olds'}}) >
+			      $miniserv->{'pass_oldblock'}) {
+				pop(@{$user->{'olds'}});
+				}
 			}
+		$user->{'lastchange'} = time();
 		}
-	$user->{'lastchange'} = time();
 	}
 }