diff --git a/checkin_notes b/checkin_notes
index ad90bff354..d13679c393 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -15984,3 +15984,19 @@ David  6 Aug 2004
         create_work.C
         dir_hier_move.C
         dir_hier_path.C
+
+David  6 Aug 2004
+    - In the web "get password" function,
+        look for not just the email addr but also
+        any munged versions of the email addr.
+        So people won't see "no such account" and create a new one.
+        (from Carl Christensen)
+    - Add escape_pattern() function for escaping "like" patterns;
+        use this in team lookup also
+
+    html/
+        inc/
+            db.inc
+        user/
+            mail_passwd.php
+            team_lookup.php
diff --git a/html/inc/db.inc b/html/inc/db.inc
index 22c5990671..3f72605f85 100644
--- a/html/inc/db.inc
+++ b/html/inc/db.inc
@@ -93,4 +93,12 @@ function lookup_app($id) {
     return null;
 }
 
+// escape a string for MySQL "like"
+//
+function escape_pattern($str) {
+    $str = str_replace('_', '\\\\_', $str);
+    $str = str_replace('%', '\\\\%', $str);
+    return $str;
+}
+
 ?>
diff --git a/html/user/mail_passwd.php b/html/user/mail_passwd.php
index ec0fb01807..31423df98c 100644
--- a/html/user/mail_passwd.php
+++ b/html/user/mail_passwd.php
@@ -8,10 +8,9 @@ db_init();
 page_head("Password");
 $email_addr = trim(strtolower($HTTP_POST_VARS["email_addr"]));
 if (strlen($email_addr)) {
-    $query = sprintf(
-        "select * from user where email_addr = '%s'",
-        $email_addr
-    );
+    $esc_email_addr = escape_pattern("@".$email_addr."_");
+     $query = "select * from user where email_addr = '$email_addr' "
+        . "or email_addr like '$esc_email_addr'";
     $result = mysql_query($query);
     $user = mysql_fetch_object($result);
     mysql_free_result($result);
diff --git a/html/user/team_lookup.php b/html/user/team_lookup.php
index 2977b18cee..337e25d75a 100644
--- a/html/user/team_lookup.php
+++ b/html/user/team_lookup.php
@@ -8,9 +8,8 @@
     init_session();
 
     $team_name = $_GET["team_name"];
-    $words = preg_split("/[\s,]+/", $team_name);
-    $length = count($words);
     $name_lc = strtolower($team_name);
+    $name_lc = escape_pattern($name_lc);
      
     $query = "select * from team where name like '$name_lc%'";
     $result_list = mysql_query($query);