diff --git a/htroot/User.html b/htroot/User.html
index 66e47bea6..755b120aa 100644
--- a/htroot/User.html
+++ b/htroot/User.html
@@ -9,7 +9,12 @@
User Page
#(logged-in)#
-You are not logged in.
+You are not logged in.
+
::
You are currently logged in as #[username]#.
(Identified by #(identified-by)#IP::Username/Password#(/identified-by)#)
@@ -44,6 +49,8 @@ You are currently logged in as admin.
+
+(after logout you will be prompted for your password again. simply click "cancel")
#(/logged-in)#
#(status)#
::
diff --git a/htroot/User.java b/htroot/User.java
index 555d0d317..71f31b829 100644
--- a/htroot/User.java
+++ b/htroot/User.java
@@ -67,15 +67,23 @@ public class User{
prop.put("logged_in", 0);
prop.put("logged-in_limit", 0);
prop.put("status", 0);
+ //identified via HTTPPassword
entry=sb.userDB.proxyAuth(((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")));
if(entry != null){
prop.put("logged-in_identified-by", 1);
+ //identified via form-login
+ //TODO: this does not work for a static admin, yet.
+ }else if(post != null && post.containsKey("username") && post.containsKey("password")){
+ entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx"));
+ prop.put("logged-in_identified-by", 1);
+ //identified via ip.
}else{
entry=sb.userDB.ipAuth(((String)header.get("CLIENTIP", "xxxxxx")));
if(entry != null){
prop.put("logged-in_identified-by", 0);
}
}
+ //Logged in via UserDB
if(entry != null){
prop.put("logged-in", 1);
prop.put("logged-in_username", entry.getUserName());
@@ -91,14 +99,13 @@ public class User{
prop.put("logged-in_limit_percent", percent/3);
prop.put("logged-in_limit_percent2", (100-percent)/3);
}
+ //logged in via static Password
}else if(sb.verifyAuthentication(header, true)){
prop.put("logged-in", 2);
+ //not logged in
}
if(post!= null && entry != null){
- if(post.containsKey("logout")){
- entry.logout(((String)header.get("CLIENTIP", "xxxxxx")));
- prop.put("logged-in", 0);
- }else if(post.containsKey("changepass")){
+ if(post.containsKey("changepass")){
prop.put("status", 1); //password
if(entry.getMD5EncodedUserPwd().equals(serverCodings.encodeMD5Hex(entry.getUserName()+":"+post.get("oldpass", "")))){
if(post.get("newpass").equals(post.get("newpass2"))){
@@ -119,6 +126,9 @@ public class User{
}
}else if(post!=null && post.containsKey("logout")){
prop.put("logged-in",0);
+ if(entry != null){
+ entry.logout(((String)header.get("CLIENTIP", "xxxxxx")));
+ }
if(sb.verifyAuthentication(header, true)){
prop.put("AUTHENTICATE","admin log-in");
}
diff --git a/source/de/anomic/data/userDB.java b/source/de/anomic/data/userDB.java
index aeb5265b5..208b7964d 100644
--- a/source/de/anomic/data/userDB.java
+++ b/source/de/anomic/data/userDB.java
@@ -234,6 +234,14 @@ public final class userDB {
}
return null;
}
+ public Entry passwordAuth(String user, String password, String ip){
+ Entry entry=passwordAuth(user, password);
+ if(entry == null){
+ return null;
+ }
+ this.ipUsers.put(ip, entry.getUserName());
+ return entry;
+ }
public Entry md5Auth(String user, String md5){
Entry entry=this.getEntry(user);
if( entry != null && entry.getMD5EncodedUserPwd().equals(md5)){