diff -x .svn -Naur contrib-old/level_comment_tool/README contrib/level_comment_tool/README
--- contrib-old/level_comment_tool/README	2004-04-09 19:25:40.000000000 +0300
+++ contrib/level_comment_tool/README	2004-04-09 19:16:11.000000000 +0300
@@ -20,7 +20,7 @@
 
 Copyright
 
-Pingus Level Feedback System is (c) 2003 by Jarno Elonen
+Pingus Level Feedback System is (c) 2003-2004 by Jarno Elonen
 
   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License
@@ -36,3 +36,9 @@
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place - Suite 330, Boston,
   MA  02111-1307, USA.
+
+NOTE: 
+
+  Unlike other parts, 'htpasswd.inc' is licensed under Modified BSD
+  license, which is less restrictive than GPL. You can, however,
+  relicense it under the GPL, if necessary.
diff -x .svn -Naur contrib-old/level_comment_tool/htpasswd.inc contrib/level_comment_tool/htpasswd.inc
--- contrib-old/level_comment_tool/htpasswd.inc	1970-01-01 02:00:00.000000000 +0200
+++ contrib/level_comment_tool/htpasswd.inc	2004-04-09 19:17:56.000000000 +0300
@@ -0,0 +1,96 @@
+<?php
+
+// .htpasswd file functions
+// Copyright (C) 2004 Jarno Elonen <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products derived
+//   from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Usage
+// =====
+//   require_once('htpasswd.inc');
+//   $pass_array = load_htpasswd();
+//
+//   if ( test_htpasswd( $pass_array,  $user, $pass ))
+//       print "Access granted."
+//
+//   $pass_array[$new_user] = rand_salt_crypt($new_pass);
+//   save_htpasswd($pass_array);
+
+define("HTPASSWDFILE", ".htpasswd");
+
+// Loads htpasswd file into an array of form
+// Array( username => crypted_pass, ... )
+function load_htpasswd()
+{
+  if ( !file_exists(HTPASSWDFILE))
+      return Array();
+
+  $res = Array();
+  foreach(file(HTPASSWDFILE) as $l)
+  {
+    $array = explode(':',$l);
+    $user = $array[0];
+    $pass = chop($array[1]);
+    $res[$user] = $pass;
+  }
+  return $res;
+}
+
+// Saves the array given by load_htpasswd
+function save_htpasswd( $pass_array )
+{
+ ignore_user_abort(true);
+  $fp = fopen(HTPASSWDFILE, "w+");
+  if (flock($fp, LOCK_EX))
+  {
+    while( list($u,$p) = each($pass_array))
+      fputs($fp, "$u:$p\n");
+    flock($fp, LOCK_UN); // release the lock
+  }
+  else
+  {
+    print "<strong>ERROR! Could not save (lock) .htpasswd!</strong><br>";
+  }
+  fclose($fp);
+  ignore_user_abort(false);
+}
+
+// Generates a htpasswd compatible crypted password string.
+function rand_salt_crypt( $pass )
+{
+  // Randomize a 2-letter crypt() salt:
+  $cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
+  $salt = substr($cset, time() & 63, 1) .
+          substr($cset, time()/64 & 63, 1);
+  return crypt($pass, $salt);
+}
+
+// Returns true if the user exists and the password matches, false otherwise
+function test_htpasswd( $pass_array, $user, $pass )
+{
+  if ( !isset($pass_array[$user]))
+      return False;
+  $crypted = $pass_array[$user];
+  return crypt( $pass, substr($crypted,0,2) ) == $crypted;
+}
+
+?>
\ No newline at end of file
diff -x .svn -Naur contrib-old/level_comment_tool/index.php contrib/level_comment_tool/index.php
--- contrib-old/level_comment_tool/index.php	2004-04-09 19:25:40.000000000 +0300
+++ contrib/level_comment_tool/index.php	2004-04-09 19:21:09.000000000 +0300
@@ -19,12 +19,17 @@
 require_once("xml-search.inc");
 require_once("level-cache.inc");
 require_once("mail-settings.inc");
+require_once("htpasswd.inc");
 
 // ==================================================================
 // Admin login.
 // ==================================================================
-$admin_passwd = "testadmin";
-$is_admin = ($_SERVER['PHP_AUTH_PW'] === $admin_passwd);
+
+$htpasswd = load_htpasswd();
+$is_admin = False;
+if ( isset($_SERVER['PHP_AUTH_PW']))
+  $is_admin = test_htpasswd( $htpasswd,  "admin", $_SERVER['PHP_AUTH_PW'] );
+
 if ( isset($_GET["adminlogin"]))
 {
   if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -37,7 +42,7 @@
   else
   {
     if ( !isset($_SERVER['PHP_AUTH_PW']) ||
-      $_SERVER['PHP_AUTH_PW'] != $admin_passwd )
+      !test_htpasswd( $htpasswd,  "admin", $_SERVER['PHP_AUTH_PW'] ))
     {
       header('HTTP/1.0 401 Unauthorized');
       echo 'Wrong password. Hit Back.';