[sork] Passwords in vacation and forwards

[Matt]

I am experimenting with vacation and forwards, and I notice that when I
supply an incorrect password in vacation or forwards, I get the Forward
set! or Vacation set! thumbs up notice at the top of the page.  The db
does not get updated, and when I go into mysql and execute an update
statement that is valid with the exception of the password I get:

mysql> UPDATE users set keeplocal = 'n' , fwdaddress =
'someaddress at some.where' WHERE username = 'soccio' and crypt =
'bogusmd5hash'; 
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0  Changed: 0  Warnings: 0

I am new to php and mysql, but it looks like the query checks at the end
of the enable and disable functions are for db errors, and return true on
a DB_OK.  Should a bad password produce a mysql error, and thus signal
that the database was not updated?  Is this a function of outdated
mysql/php/pear?  Any ideas?

It doesn't look too hard to either change the query check to return true
if 1 row was affected and false otherwise, or to grab the comparePasswords
logic from the password package and actually verify the password before
building the query.

Any thoughts or ideas before I start barking up the wrong tree?

I am using Debian stable with:

mysql 3.23
backported php 4.3 packages
horde releng from cvs

Matt