From 67a8c74be3ef2c2ecb8e6d929b0d97e465ea349b Mon Sep 17 00:00:00 2001
From: allo <allo@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Sun, 18 Jun 2006 08:04:51 +0000
Subject: [PATCH] Fix for dynamic login with static password.

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2210 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 source/de/anomic/http/httpdFileHandler.java    | 9 ++++++---
 source/de/anomic/plasma/plasmaSwitchboard.java | 4 ++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java
index 44c9494dd..87661b203 100644
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@@ -318,9 +318,12 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
         
         if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
             // authentication required
-            if( (authorization != null && (sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))|| sb.staticAdminAuthenticated(authorization)==4)){
-                //Authentication successful. remove brute-force flag
-                serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
+            if(authorization != null){
+                //TODO: One (switchboard? httpd?) method to check it all, without too much userDB in the other classes.
+                if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())|| sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
+                    //Authentication successful. remove brute-force flag
+                    serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
+                }
             }else if (authorization == null) {
                 // no authorization given in response. Ask for that
                 httpHeader headers = getDefaultHeaders(path);
diff --git a/source/de/anomic/plasma/plasmaSwitchboard.java b/source/de/anomic/plasma/plasmaSwitchboard.java
index 4dea1930d..302b9f710 100644
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@@ -2034,8 +2034,8 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
     }
     public int staticAdminAuthenticated(String authorization){
         if(authorization==null) return 1;
-        if (authorization.length() < 6) return 1; // no authentication information given
-        authorization = authorization.trim().substring(6);
+        //if (authorization.length() < 6) return 1; // no authentication information given
+        //authorization = authorization.trim().substring(6);
         String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
         if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
         if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok