From 0923b092167fe2c9448d5746119c5253dad40365 Mon Sep 17 00:00:00 2001
From: reger <reger18@arcor.de>
Date: Mon, 24 Feb 2014 00:01:11 +0100
Subject: [PATCH] fix: allow 4 character admin user name (was min 5 char)

---
 source/net/yacy/search/Switchboard.java | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source/net/yacy/search/Switchboard.java b/source/net/yacy/search/Switchboard.java
index afb64245c..f65c3dfb1 100644
--- a/source/net/yacy/search/Switchboard.java
+++ b/source/net/yacy/search/Switchboard.java
@@ -3261,7 +3261,7 @@ public final class Switchboard extends serverSwitch {
 
         // authorization for localhost, only if flag is set to grant localhost access as admin
         final boolean accessFromLocalhost = requestHeader.accessFromLocalhost();
-        if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) && accessFromLocalhost ) {
+        if (accessFromLocalhost && getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
             adminAuthenticationLastAccess = System.currentTimeMillis();
             return 3; // soft-authenticated for localhost
         }
@@ -3298,13 +3298,13 @@ public final class Switchboard extends serverSwitch {
             // handle new option   adminAccountBase64MD5="MD5:xxxxxxx" = encodeMD5Hex ("adminname:peername:password")
             String realmtmp = Base64Order.standardCoder.decodeString(realmValue); //decode to clear text
             int i = realmtmp.indexOf(':');
-            if (i > 4) { // put peer name in realmValue (>4 is correct to scipt "MD5:" and usernames are min 4 characters)
+            if (i >= 3) { // put peer name in realmValue (>3 is ok to skip "MD5:" and usernames are min 4 characters, in basic auth realm "user:pwd")
                 realmtmp = realmtmp.substring(0, i + 1) + sb.getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy") + ":" + realmtmp.substring(i + 1);
 
-            if (adminAccountBase64MD5.substring(4).equals(Digest.encodeMD5Hex(realmtmp))) {
-                adminAuthenticationLastAccess = System.currentTimeMillis();
-                return 4; // hard-authenticated, all ok
-        }
+                if (adminAccountBase64MD5.substring(4).equals(Digest.encodeMD5Hex(realmtmp))) {
+                    adminAuthenticationLastAccess = System.currentTimeMillis();
+                    return 4; // hard-authenticated, all ok
+                }
             } else {
                 // handle DIGEST auth (realmValue = adminAccountBase (set for lecacyHeader in DefaultServlet for authenticated requests)
                 if (adminAccountBase64MD5.equals(realmValue)) {