From a3339fc75fd7c2fd1328e5444dcde255e4034f95 Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Fri, 17 Aug 2012 14:23:09 +0200
Subject: [PATCH] =?utf8?q?User-=20und=20Adminlogin=20jederzeit=20via=20For?=
 =?utf8?q?mularfelder=20erm=C3=B6glichen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 SL/Dispatcher/AuthHandler/Admin.pm | 3 ++-
 SL/Dispatcher/AuthHandler/User.pm  | 8 +++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm
index 7b194ff04..07778b6db 100644
--- a/SL/Dispatcher/AuthHandler/Admin.pm
+++ b/SL/Dispatcher/AuthHandler/Admin.pm
@@ -7,7 +7,8 @@ use parent qw(Rose::Object);
 sub handle {
   %::myconfig = ();
 
-  return if $::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK();
+  return if  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
+  return if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
 
   $::auth->delete_session_value('admin_password');
   SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm
index 13d644863..56dbf9a34 100644
--- a/SL/Dispatcher/AuthHandler/User.pm
+++ b/SL/Dispatcher/AuthHandler/User.pm
@@ -5,7 +5,7 @@ use strict;
 use parent qw(Rose::Object);
 
 sub handle {
-  my $login = $::auth->get_session_value('login');
+  my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
   SL::Dispatcher::show_error('login/password_error', 'password') if not defined $login;
 
   %::myconfig = $::auth->read_user(login => $login);
@@ -14,11 +14,13 @@ sub handle {
 
   $::locale = Locale->new($::myconfig{countrycode});
 
-  SL::Dispatcher::show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
+  my $ok   =  $::form->{'{AUTH}login'} && (SL::Auth::OK == $::auth->authenticate($login, $::form->{'{AUTH}password'}));
+  $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK == $::auth->authenticate($login, undef));
+
+  SL::Dispatcher::show_error('login/password_error', 'password') if !$ok;
 
   $::auth->create_or_refresh_session;
   $::auth->delete_session_value('FLASH');
-  delete $::form->{password};
 }
 
 1;
-- 
2.20.1