From e17df64b54afa0fb24afe3f215a8e0fef74f19dc Mon Sep 17 00:00:00 2001
From: orbiter <orbiter@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Wed, 21 Sep 2005 09:22:01 +0000
Subject: [PATCH] removed IS_ADMIN - feature. This was covered by
 plasmaSwitchborad.adminAuthenticated

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@760 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 htroot/Status.java                          |  2 +-
 source/de/anomic/http/httpdFileHandler.java | 15 +++------------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/htroot/Status.java b/htroot/Status.java
index 39a71b676..81ffd4ddb 100644
--- a/htroot/Status.java
+++ b/htroot/Status.java
@@ -74,7 +74,7 @@ public class Status {
         // update seed info
         yacyCore.peerActions.updateMySeed();
         
-        if (header.get("IS_ADMIN","false").equals("true")) {
+        if (((plasmaSwitchboard) env).adminAuthenticated(header) >= 2) {
             prop.put("privateStatusTable","Status_p.inc");
         } else {
             prop.put("privateStatusTable","");
diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java
index 432f3687e..428884a25 100644
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@@ -260,16 +260,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
         // check permission/granted access
         String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION);
         String adminAccountBase64MD5 = switchboard.getConfig("adminAccountBase64MD5", "");
-		if( authorization != null && adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6))) ){
-            requestHeader.put("IS_ADMIN", "true");
-		}else{
-			//WARNING: This line ist very important, do not remove!
-			//It resets the virtual header to false, so nobody can provide
-			//a real header IS_ADMIN: true to gain adminrights
-            requestHeader.put("IS_ADMIN", "false");
-        }
-
-        if ((path.endsWith("_p.html")) && (adminAccountBase64MD5.length() != 0)) {
+	if ((path.endsWith("_p.html")) && (adminAccountBase64MD5.length() != 0)) {
             // authentication required
             if (authorization == null) {
                 // no authorization given in response. Ask for that
@@ -277,8 +268,8 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
                 headers.put(httpHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
                 httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
                 return;
-            } else if (requestHeader.get("IS_ADMIN", "false") == "true") {
-                // remove brute-force flag
+            } else if (adminAccountBase64MD5.equals(serverCodings.standardCoder.encodeMD5Hex(authorization.trim().substring(6)))) {
+                // Authentication successfull. remove brute-force flag
                 serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
             } else {
                 // a wrong authentication was given. Ask again