adding some new pages, and hack into the logic of login and verify to able to use it with elopage webhook,

2025-12-13 07:45:54 +00:00 · 2019-10-13 17:15:58 +02:00 · 2019-10-13 17:15:58 +02:00 · 34050fda19
commit 34050fda19
parent 76448b7e26
28 changed files with 901 additions and 132 deletions
--- a/src/cpp/Crypto/Obfus_array.cpp
+++ b/src/cpp/Crypto/Obfus_array.cpp
@ -2,6 +2,7 @@
 #include <sodium.h>
 #include <memory.h>
 #include <math.h>
+#include <assert.h>

 ObfusArray::ObfusArray(size_t size, const unsigned char * data)
 	: m_arraySize(0), m_offsetSize(0), m_dataSize(size), m_Data(nullptr)
@ -10,6 +11,8 @@ ObfusArray::ObfusArray(size_t size, const unsigned char * data)
 	m_Data = (unsigned char*)malloc(m_arraySize);
 	m_offsetSize = randombytes_random() % (int)roundf((m_arraySize - m_dataSize) * 0.8f);

+	assert(m_arraySize - m_offsetSize >= size);
+
 	uint32_t* d = (uint32_t*)m_Data;

 	for (size_t i = 0; i < (size_t)floorf(m_arraySize / 4.0f); i++) {
--- a/src/cpp/HTTPInterface/CheckEmailPage.cpp
+++ b/src/cpp/HTTPInterface/CheckEmailPage.cpp
@ -7,7 +7,13 @@

 #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"

+#include "../model/Profiler.h"

+enum PageState 
+{
+	MAIL_NOT_SEND,
+	ASK_VERIFICATION_CODE
+};


 CheckEmailPage::CheckEmailPage(Session* arg):
@ -24,11 +30,16 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	if (_compressResponse) response.set("Content-Encoding", "gzip");

 	Poco::Net::HTMLForm form(request, request.stream());
-#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"

+	Profiler timeUsed;
 	bool hasErrors = false;
+	PageState state = ASK_VERIFICATION_CODE;
 	if(mSession) {
 		hasErrors = mSession->errorCount() > 0;
+		if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) {
+			state = MAIL_NOT_SEND;
+		}
 	}


@ -64,34 +75,46 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "<body>\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t";
-#line 45 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 56 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 if(mSession && hasErrors) {	responseStream << "\n";
 	responseStream << "\t\t";
-#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 57 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 	responseStream << ( mSession->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t";
-#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
 	responseStream << "\t";
-#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
- if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { 	responseStream << "\n";
+#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+ if(state == MAIL_NOT_SEND) { 	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\t<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>\n";
 	responseStream << "\t\t\t<p>Versuche es einfach in 1-2 Minuten erneut.</p>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 54 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
- } else { 	responseStream << "\n";
+#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+ } else if(state == ASK_VERIFICATION_CODE) { 	responseStream << "\n";
 	responseStream << "\t<form method=\"GET\">\n";
 	responseStream << "\t\t<p>Bitte gebe deinen E-Mail Verification Code ein. </p>\n";
 	responseStream << "\t\t<input type=\"number\" name=\"email-verification-code\">\n";
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+ } else { 	responseStream << "\n";
+	responseStream << "\t<div class=\"grd_text\">\n";
+	responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n";
+	responseStream << "\t\t</div>\n";
+	responseStream << "\t";
+#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
--- a/src/cpp/HTTPInterface/DashboardPage.cpp
+++ b/src/cpp/HTTPInterface/DashboardPage.cpp
@ -8,6 +8,7 @@
 #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 
 #include "../SingletonManager/SessionManager.h"
+#include "../model/Profiler.h"


 DashboardPage::DashboardPage(Session* arg):
@ -28,8 +29,9 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
 	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
 	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
 	responseStream << "\n";
-#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 
+	Profiler timeUsed;
 	//Poco::Net::NameValueCollection cookies;
 	//request.getCookies(cookies);
 	if(!form.empty()) {
@ -48,23 +50,23 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
 	responseStream << "<body>\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t<h1>Willkommen ";
-#line 28 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 	responseStream << ( mSession->getUser()->getFirstName() );
 	responseStream << "&nbsp;";
-#line 28 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 30 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 	responseStream << ( mSession->getUser()->getLastName() );
 	responseStream << "</h1>\n";
 	responseStream << "\t";
-#line 29 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 	responseStream << ( mSession->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t<h3>Status</h3>\n";
 	responseStream << "\t<p>";
-#line 31 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 33 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 	responseStream << ( mSession->getSessionStateString() );
 	responseStream << "</p>\n";
 	responseStream << "\t";
-#line 32 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 34 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { 	responseStream << "\n";
 	responseStream << "\t<p>Verification Code E-Mail wurde erfolgreich an dich verschickt, bitte schaue auch in dein Spam-Verzeichnis nach wenn du sie nicht findest und klicke auf den Link den du dort findest oder kopiere den Code hier her:</p>\n";
 	responseStream << "\t<form method=\"GET\" action=\"checkEmail\">\n";
@ -72,7 +74,7 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 38 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 } else if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_WRITTEN) { 	responseStream << "\n";
 	responseStream << "\t<p>Hast du schon eine E-Mail mit einem Verification Code erhalten? Wenn ja kannst du ihn hier hinein kopieren:</p>\n";
 	responseStream << "\t<form method=\"GET\" action=\"checkEmail\">\n";
@ -80,11 +82,17 @@ void DashboardPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::N
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 44 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t<a class=\"grd_bn\" href=\"logout\">Abmelden</a>\n";
 	responseStream << "\t<a class=\"grd_bn\" href=\"user_delete\">Account l&ouml;schen</a>\n";
 	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 51 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\dashboard.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
+	responseStream << "</div>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
 	if (_compressResponse) _gzipStream.close();
--- a/src/cpp/HTTPInterface/ElopageWebhook.cpp
+++ b/src/cpp/HTTPInterface/ElopageWebhook.cpp
@ -162,15 +162,6 @@ int HandleElopageRequestTask::getUserIdFromDB()
 	return user_id;
 }

-bool HandleElopageRequestTask::createEmailVerificationCode()
-{
-	// create email verification code
-	uint32_t* code_p = (uint32_t*)&mEmailVerificationCode;
-	for (int i = 0; i < sizeof(mEmailVerificationCode) / 4; i++) {
-		code_p[i] = randombytes_random();
-	}
-	return mEmailVerificationCode != 0;
-}

 int HandleElopageRequestTask::run()
 {
@ -216,10 +207,10 @@ int HandleElopageRequestTask::run()
 		return -3;
 	}

-	EmailVerificationCode emailVerification(user_id);
+	Poco::AutoPtr<EmailVerificationCode> emailVerification(new EmailVerificationCode(user_id));

 	// create email verification code
-	if (!emailVerification.getCode()) {
+	if (!emailVerification->getCode()) {
 		// exit if email verification code is empty
 		addError(new Error("Email verification", "code is empty, error in random?"));
 		sendErrorsAsEmail();
@ -227,7 +218,7 @@ int HandleElopageRequestTask::run()
 	}

 	// write email verification code into db
-	UniLib::controller::TaskPtr saveEmailVerificationCode(new ModelInsertTask((ModelBase*)&emailVerification));
+	UniLib::controller::TaskPtr saveEmailVerificationCode(new ModelInsertTask(emailVerification));
 	saveEmailVerificationCode->scheduleTask(saveEmailVerificationCode);

 	// send email to user
@ -238,9 +229,9 @@ int HandleElopageRequestTask::run()
 	std::stringstream ss;
 	ss << "Hallo " << mFirstName << " " << mLastName << "," << std::endl << std::endl;
 	ss << "Du oder jemand anderes hat sich soeben mit dieser E-Mail Adresse bei Elopage für Gradido angemeldet. " << std::endl;
-	ss << "Um dein Gradido Konto anzulegen und deine E-Mail zu best&auml;tigen," << std::endl;
-	ss << "klicke bitte auf den Link: https://gradido2.dario-rekowski.de/account/checkEmail/" << mEmailVerificationCode << std::endl;
-	ss << "oder kopiere den Code: " << mEmailVerificationCode << " selbst dort hinein." << std::endl << std::endl;
+	ss << "Um dein Gradido Konto anzulegen und deine E-Mail zu bestätigen," << std::endl;
+	ss << "klicke bitte auf den Link: https://gradido2.dario-rekowski.de/account/checkEmail/" << emailVerification->getCode() << std::endl;
+	ss << "oder kopiere den Code: " << emailVerification->getCode() << " selbst dort hinein." << std::endl << std::endl;
 	ss << "Mit freundlichen Grüße" << std::endl;
 	ss << "Dario, Gradido Server Admin" << std::endl;

--- a/src/cpp/HTTPInterface/ElopageWebhook.h
+++ b/src/cpp/HTTPInterface/ElopageWebhook.h
@ -29,13 +29,11 @@ protected:
 	bool validateInput();
 	void writeUserIntoDB();
 	int getUserIdFromDB();
-	bool createEmailVerificationCode();

 	Poco::Net::NameValueCollection mRequestData; 
 	std::string mEmail;
 	std::string mFirstName;
 	std::string mLastName;
-	Poco::UInt64 mEmailVerificationCode;
 };


--- a/src/cpp/HTTPInterface/Error500Page.cpp
+++ b/src/cpp/HTTPInterface/Error500Page.cpp
@ -0,0 +1,90 @@
+#include "Error500Page.h"
+#include "Poco/Net/HTTPServerRequest.h"
+#include "Poco/Net/HTTPServerResponse.h"
+#include "Poco/Net/HTMLForm.h"
+#include "Poco/DeflatingStream.h"
+
+
+#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+ 
+#include <Poco/Net/HTTPResponse.h>
+	
+
+
+Error500Page::Error500Page(Session* arg):
+	SessionHTTPRequestHandler(arg)
+{
+}
+
+
+void Error500Page::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
+{
+	response.setChunkedTransferEncoding(true);
+	response.setContentType("text/html");
+	bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
+	if (_compressResponse) response.set("Content-Encoding", "gzip");
+
+	Poco::Net::HTMLForm form(request, request.stream());
+	std::ostream& _responseStream = response.send();
+	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
+	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
+	responseStream << "\n";
+#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+
+	response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR);
+	Poco::AutoPtr<User> user;
+	if(mSession) {
+		auto user = mSession->getUser();
+	}
+	responseStream << "\n";
+	responseStream << "<!DOCTYPE html>\n";
+	responseStream << "<html>\n";
+	responseStream << "<head>\n";
+	responseStream << "<meta charset=\"UTF-8\">\n";
+	responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
+	responseStream << "<title>Gradido Login Server: Error</title>\n";
+	responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
+	responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
+	responseStream << "<style type=\"text/css\" >\n";
+	responseStream << ".grd_container\n";
+	responseStream << "{\n";
+	responseStream << "  max-width:820px;\n";
+	responseStream << "  margin-left:auto;\n";
+	responseStream << "  margin-right:auto;\n";
+	responseStream << "}\n";
+	responseStream << "\n";
+	responseStream << "input:not([type='radio']) {\n";
+	responseStream << "\twidth:200px;\n";
+	responseStream << "}\n";
+	responseStream << "label:not(.grd_radio_label) {\n";
+	responseStream << "\twidth:80px;\n";
+	responseStream << "\tdisplay:inline-block;\n";
+	responseStream << "}\n";
+	responseStream << "</style>\n";
+	responseStream << "</head>\n";
+	responseStream << "<body>\n";
+	responseStream << "\t<h1>Ein Fehler auf dem Server trat ein, der Admin bekam eine E-Mail.</h1>\n";
+	responseStream << "\t";
+#line 44 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+ if(mSession) { 	responseStream << "\n";
+	responseStream << "\t\t";
+#line 45 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+	responseStream << ( mSession->getErrorsHtml() );
+	responseStream << "\n";
+	responseStream << "\t";
+#line 46 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "\t";
+#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+ if(!user.isNull()) {	responseStream << "\n";
+	responseStream << "\t\t";
+#line 48 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+	responseStream << ( user->getErrorsHtml() );
+	responseStream << " \n";
+	responseStream << "\t";
+#line 49 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\Error500.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "</body>\n";
+	responseStream << "</html>\n";
+	if (_compressResponse) _gzipStream.close();
+}
--- a/src/cpp/HTTPInterface/Error500Page.h
+++ b/src/cpp/HTTPInterface/Error500Page.h
@ -0,0 +1,20 @@
+#ifndef Error500Page_INCLUDED
+#define Error500Page_INCLUDED
+
+
+#include "Poco/Net/HTTPRequestHandler.h"
+
+
+#include "SessionHTTPRequestHandler.h"
+
+
+class Error500Page: public SessionHTTPRequestHandler
+{
+public:
+	Error500Page(Session*);
+
+	void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
+};
+
+
+#endif // Error500Page_INCLUDED
--- a/src/cpp/HTTPInterface/LoginPage.cpp
+++ b/src/cpp/HTTPInterface/LoginPage.cpp
@ -10,6 +10,7 @@
 #include "../SingletonManager/SessionManager.h"
 #include "Poco/Net/HTTPCookie.h"
 #include "Poco/Net/HTTPServerParams.h"
+#include "../model/Profiler.h"
 	


@ -21,8 +22,9 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	if (_compressResponse) response.set("Content-Encoding", "gzip");

 	Poco::Net::HTMLForm form(request, request.stream());
-#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
 
+	Profiler timeUsed;
 	auto session = SessionManager::getInstance()->getNewSession();
 	
 	if(!form.empty()) {
@ -79,7 +81,7 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "\t<div class=\"grd_container\">\n";
 	responseStream << "\t\t<h1>Login</h1>\n";
 	responseStream << "\t\t";
-#line 63 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
 	responseStream << ( session->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
@ -99,6 +101,12 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "\t\t<p>Du hast noch keinen Account? Dann folge dem Link um dir einen anzulegen</p>\n";
 	responseStream << "\t\t<a href=\"register\">Neuen Account anlegen</a>\n";
 	responseStream << "\t</div>\n";
+	responseStream << "\t<div class=\"grd-time-used\">\n";
+	responseStream << "\t\t";
+#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
+	responseStream << "\t</div>\n";
 	responseStream << "</form>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
@ -12,9 +12,14 @@
 #include "PassphrasePage.h"
 #include "SaveKeysPage.h"
 #include "ElopageWebhook.h"
+#include "UpdateUserPasswordPage.h"
+#include "Error500Page.h"
+

 #include "../SingletonManager/SessionManager.h"

+#include "../model/Profiler.h"
+
 PageRequestHandlerFactory::PageRequestHandlerFactory()
 	: mRemoveGETParameters("^/([a-zA-Z0-9_-]*)")
 {
@ -63,7 +68,13 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 			return handleCheckEmail(s, uri, request);
 		}
 	}
+	
 	if (s) {
+		auto user = s->getUser();
+		if (s->errorCount() || (user && user->errorCount())) {
+			return new Error500Page(s);
+		}
+
 		if(url_first_part == "/logout") {
 			sm->releseSession(s);
 			// remove cookie
@ -112,6 +123,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c

 Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request)
 {
+	Profiler timeUsed;
 	Poco::Net::HTMLForm form(request);
 	unsigned long long verificationCode = 0;

@ -158,16 +170,15 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 	if (!session) {
 		session = sm->getNewSession();
 		if (session->loadFromEmailVerificationCode(verificationCode)) {
-			// login not possible in this function
+			// login not possible in this function, forwarded to PassphrasePage
 			/*auto cookie_id = session->getHandle();
 			auto user_host = request.clientAddress().host();
 			session->setClientIp(user_host);
 			response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
 			*/
 		}
-		else {
-			sm->releseSession(session);
-			session = nullptr;
+		else {	
+			return new CheckEmailPage(session);
 		}
 	}
 	// suitable session found or created
@ -175,8 +186,14 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 		auto user_host = request.clientAddress().host();
 		session->setClientIp(user_host);

+		if (session->getUser()->isEmptyPassword()) {
+			// user has no password, maybe account created from elopage webhook
+			return new UpdateUserPasswordPage(session);
+		}
+
 		// update session, mark as verified 
 		if (session->updateEmailVerification(verificationCode)) {
+			printf("[PageRequestHandlerFactory::handleCheckEmail] timeUsed: %s\n", timeUsed.string().data());
 			return new PassphrasePage(session);
 		}
 		
--- a/src/cpp/HTTPInterface/PassphrasePage.cpp
+++ b/src/cpp/HTTPInterface/PassphrasePage.cpp
@ -7,6 +7,7 @@

 #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"

+#include "../model/Profiler.h"

 enum PageState 
 {
@ -29,8 +30,9 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	if (_compressResponse) response.set("Content-Encoding", "gzip");

 	Poco::Net::HTMLForm form(request, request.stream());
-#line 15 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 16 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"

+	Profiler timeUsed;
 	PageState state = PAGE_ASK_PASSPHRASE;
 	bool hasErrors = mSession->errorCount() > 0;
 	
@ -94,18 +96,18 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "<body>\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t";
-#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 if(mSession && hasErrors) {	responseStream << "\n";
 	responseStream << "\t\t";
-#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 78 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 	responseStream << ( mSession->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t";
-#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
 	responseStream << "\t";
-#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 if(state == PAGE_SHOW_PASSPHRASE) {	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
 	responseStream << "\t\t\t<div class=\"grd_text\">\n";
@ -113,14 +115,14 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
 	responseStream << "\t\t\t\t";
-#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 	responseStream << ( mSession->getPassphrase() );
 	responseStream << "\n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t\t<a href=\"saveKeys\">Weiter</a>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 } else if(state == PAGE_ASK_PASSPHRASE) { 	responseStream << "\n";
 	responseStream << "\t<p>Deine E-Mail Adresse wurde erfolgreich bestätigt. </p>\n";
 	responseStream << "\t<form method=\"POST\" action=\"passphrase\">\n";
@ -136,7 +138,7 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"passphrase-new-no\">Ja, bitte wiederherstellen!</label>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"passphrase-existing\">";
-#line 103 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 105 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 	responseStream << ( !form.empty() ? form.get("passphrase-existing", "") : "" );
 	responseStream << "</textarea>\n";
 	responseStream << "\t\t</fieldset>\n";
@ -144,14 +146,20 @@ void PassphrasePage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "\t\t\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. \n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
 } 	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\passphrase.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
--- a/src/cpp/HTTPInterface/RegisterPage.cpp
+++ b/src/cpp/HTTPInterface/RegisterPage.cpp
@ -9,6 +9,7 @@

 #include "../SingletonManager/SessionManager.h"
 #include "Poco/Net/HTTPCookie.h"
+#include "../model/Profiler.h"


 void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
@ -19,8 +20,9 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	if (_compressResponse) response.set("Content-Encoding", "gzip");

 	Poco::Net::HTMLForm form(request, request.stream());
-#line 8 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 9 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"

+	Profiler timeUsed;
 	auto session = SessionManager::getInstance()->getNewSession();
 	bool userReturned = false;
 	
@ -74,7 +76,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
 	responseStream << "\t";
-#line 58 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 60 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 if(!form.empty() && userReturned) {	responseStream << "\n";
 	responseStream << "\t\t\n";
 	responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
@ -84,19 +86,19 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 68 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t<form method=\"POST\">\n";
 	responseStream << "\t\n";
 	responseStream << "\t\t";
-#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 if(!form.empty() && !userReturned) {	responseStream << "\n";
 	responseStream << "\t\t\t";
-#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( session->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t\t";
-#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 73 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
 	responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
@ -104,21 +106,21 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<label for=\"register-first-name\">Vorname</label>\n";
 	responseStream << "\t\t\t\t<input id=\"register-first-name\" type=\"text\" name=\"register-first-name\" value=\"";
-#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 79 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-first-name") : "" );
 	responseStream << "\"/>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<label for=\"register-last-name\">Nachname</label>\n";
 	responseStream << "\t\t\t\t<input id=\"register-last-name\" type=\"text\" name=\"register-last-name\" value=\"";
-#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-last-name") : "" );
 	responseStream << "\"/>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
 	responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
-#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-email") : "" );
 	responseStream << "\"/>\n";
 	responseStream << "\t\t\t</p>\n";
@ -135,8 +137,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 99 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 101 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } 	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 104 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
--- a/src/cpp/HTTPInterface/SaveKeysPage.cpp
+++ b/src/cpp/HTTPInterface/SaveKeysPage.cpp
@ -8,6 +8,7 @@
 #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"

 #include "Poco/Net/HTTPServerParams.h"
+#include "../model/Profiler.h"

 enum PageState 
 {
@ -32,10 +33,11 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	if (_compressResponse) response.set("Content-Encoding", "gzip");

 	Poco::Net::HTMLForm form(request, request.stream());
-#line 18 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
-
+#line 19 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"

+	Profiler timeUsed;
 	bool hasErrors = mSession->errorCount() > 0;
+	// crypto key only in memory, if user has tipped in his passwort in this session
 	bool hasPassword = mSession->getUser()->hasCryptoKey();
 	PageState state = PAGE_ASK;
 	
@ -47,7 +49,8 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 			if(!hasPassword) {
 				// check pwd
 				auto pwd = form.get("save-privkey-password", "");
-				if(!mSession->getUser()->validatePwd(pwd)) {
+				
+				if(!mSession->isPwdValid(pwd)) {
 					mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
 					hasErrors = true;
 				} else {
@ -109,18 +112,18 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "<body>\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t";
-#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 if(hasErrors) {	responseStream << "\n";
 	responseStream << "\t\t";
-#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 	responseStream << ( mSession->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t";
-#line 92 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t<h1>Daten speichern</h1>\n";
 	responseStream << "\t";
-#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 if(state == PAGE_ASK) { 	responseStream << "\n";
 	responseStream << "\t<form method=\"POST\">\n";
 	responseStream << "\t\t<fieldset>\n";
@ -135,7 +138,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"save-privkey-yes\">Ja, bitte speichern!</label>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t";
-#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 if(!hasPassword) { 	responseStream << "\n";
 	responseStream << "\t\t\t\t<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>\n";
 	responseStream << "\t\t\t\t<p class=\"grd_small\">\n";
@ -143,7 +146,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t\t\t<input id=\"save-privkey-password\" type=\"password\" name=\"save-privkey-password\"/>\n";
 	responseStream << "\t\t\t\t</p>\n";
 	responseStream << "\t\t\t";
-#line 113 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<input id=\"save-privkey-no\" type=\"radio\" name=\"save-privkey\" value=\"no\"/>\n";
@ -168,32 +171,38 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Speichern\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 136 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 139 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 } else if(state == PAGE_SHOW_PUBKEY) { 	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\t<p>Je nach Auswahl werden deine Daten nun verschl&uuml;sselt und gespeichert. </p>\n";
 	responseStream << "\t\t\t<p>Deine Gradido Adresse (Hex): </p>\n";
 	responseStream << "\t\t\t<p class=\"grd_textarea\">\n";
 	responseStream << "\t\t\t\t";
-#line 141 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 144 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 	responseStream << ( mSession->getUser()->getPublicKeyHex() );
 	responseStream << "\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<a class=\"grd_bn\" href=\"../\">Zur&uuml;ck zur Startseite</a>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 145 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 } else if(state == PAGE_ERROR) { 	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\t<p>Ein Fehler trat auf, bitte versuche es erneut oder wende dich an den Server-Admin</p>\n";
 	responseStream << "\t\t\t";
-#line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 151 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 	responseStream << ( mSession->getSessionStateString() );
 	responseStream << "\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 150 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+#line 153 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
 } 	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 156 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\saveKeys.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
 	responseStream << "</html>\n";
--- a/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
+++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.cpp
@ -0,0 +1,133 @@
+#include "UpdateUserPasswordPage.h"
+#include "Poco/Net/HTTPServerRequest.h"
+#include "Poco/Net/HTTPServerResponse.h"
+#include "Poco/Net/HTMLForm.h"
+#include "Poco/DeflatingStream.h"
+
+
+#line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
+
+#include "../SingletonManager/SessionManager.h"
+#include "Poco/Net/HTTPCookie.h"
+#include "../model/Profiler.h"
+
+
+UpdateUserPasswordPage::UpdateUserPasswordPage(Session* arg):
+	SessionHTTPRequestHandler(arg)
+{
+}
+
+
+void UpdateUserPasswordPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
+{
+	response.setChunkedTransferEncoding(true);
+	response.setContentType("text/html");
+	bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
+	if (_compressResponse) response.set("Content-Encoding", "gzip");
+
+	Poco::Net::HTMLForm form(request, request.stream());
+#line 11 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
+
+	Profiler timeUsed;
+	auto user = mSession->getUser();
+	// save login cookie, because maybe we've get an new session
+	response.addCookie(mSession->getLoginCookie());
+	
+	if(!form.empty()) {
+		auto pwd = form.get("register-password", "");
+		if(pwd != "") {
+			if(pwd != form.get("register-password2", "")) {
+				mSession->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
+			} else if(SessionManager::getInstance()->checkPwdValidation(pwd, mSession)) {
+				if(user->setNewPassword(form.get("register-password"))) {
+					std::string referUri = request.get("Referer", "./");
+					//printf("[updateUserPasswordPage] referUri: %s\n", referUri.data());
+					response.redirect(referUri);
+					return;
+				}
+			}
+		}
+	}
+	std::ostream& _responseStream = response.send();
+	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
+	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
+	responseStream << "\n";
+	responseStream << "<!DOCTYPE html>\n";
+	responseStream << "<html>\n";
+	responseStream << "<head>\n";
+	responseStream << "<meta charset=\"UTF-8\">\n";
+	responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
+	responseStream << "<title>Gradido Login Server: Passwort bestimmen</title>\n";
+	responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
+	responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
+	responseStream << "<style type=\"text/css\" >\n";
+	responseStream << ".grd_container\n";
+	responseStream << "{\n";
+	responseStream << "  max-width:820px;\n";
+	responseStream << "  margin-left:auto;\n";
+	responseStream << "  margin-right:auto;\n";
+	responseStream << "}\n";
+	responseStream << "\n";
+	responseStream << "input:not([type='radio']) {\n";
+	responseStream << "\twidth:200px;\n";
+	responseStream << "}\n";
+	responseStream << "label:not(.grd_radio_label) {\n";
+	responseStream << "\twidth:80px;\n";
+	responseStream << "\tdisplay:inline-block;\n";
+	responseStream << "}\n";
+	responseStream << ".grd_container_small\n";
+	responseStream << "{\n";
+	responseStream << "  max-width:500px;\n";
+	responseStream << "}\n";
+	responseStream << ".grd_text {\n";
+	responseStream << "  max-width:550px;\n";
+	responseStream << "  margin-bottom: 5px;\n";
+	responseStream << "}\n";
+	responseStream << ".grd-time-used {\n";
+	responseStream << "  position: fixed;\n";
+	responseStream << "  bottom:0;\n";
+	responseStream << "  left:0;\n";
+	responseStream << "  color:grey;\n";
+	responseStream << "  font-size: smaller;\n";
+	responseStream << "} \n";
+	responseStream << "</style>\n";
+	responseStream << "</head>\n";
+	responseStream << "<body>\n";
+	responseStream << "<div class=\"grd_container\">\n";
+	responseStream << "\t";
+#line 75 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
+	responseStream << ( mSession->getErrorsHtml() );
+	responseStream << "\n";
+	responseStream << "\t";
+#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
+	responseStream << ( user->getErrorsHtml() );
+	responseStream << " \n";
+	responseStream << "\t<h1>Passwort bestimmen</h1>\n";
+	responseStream << "\t<form method=\"POST\">\t\n";
+	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
+	responseStream << "\t\t\t<div class=\"grd_text\">\n";
+	responseStream << "\t\t\t\tBitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, ein Klein- und einen Gro&szlig;buchstaben enth&auml;lt,\n";
+	responseStream << "\t\t\t\teine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+-\n";
+	responseStream << "\t\t\t</div>\n";
+	responseStream << "\t\t\t<p class=\"grd_small\">\n";
+	responseStream << "\t\t\t\t<label for=\"register-password\">Passwort</label>\n";
+	responseStream << "\t\t\t\t<input id=\"register-password\" type=\"password\" name=\"register-password\"/>\n";
+	responseStream << "\t\t\t</p>\n";
+	responseStream << "\t\t\t<p class=\"grd_small\">\n";
+	responseStream << "\t\t\t\t<label for=\"register-password2\">Passwort Best&auml;tigung</label>\n";
+	responseStream << "\t\t\t\t<input id=\"register-password2\" type=\"password\" name=\"register-password2\"/>\n";
+	responseStream << "\t\t\t</p>\n";
+	responseStream << "\t\t</fieldset>\n";
+	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" name=\"submit\" value=\"&Auml;nderung(en) speichern\">\n";
+	responseStream << "\t</form>\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 97 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\UpdateUserPassword.cpsp"
+	responseStream << ( timeUsed.string() );
+	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "</body>\n";
+	responseStream << "</html>\n";
+	if (_compressResponse) _gzipStream.close();
+}
--- a/src/cpp/HTTPInterface/UpdateUserPasswordPage.h
+++ b/src/cpp/HTTPInterface/UpdateUserPasswordPage.h
@ -0,0 +1,20 @@
+#ifndef UpdateUserPasswordPage_INCLUDED
+#define UpdateUserPasswordPage_INCLUDED
+
+
+#include "Poco/Net/HTTPRequestHandler.h"
+
+
+#include "SessionHTTPRequestHandler.h"
+
+
+class UpdateUserPasswordPage: public SessionHTTPRequestHandler
+{
+public:
+	UpdateUserPasswordPage(Session*);
+
+	void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
+};
+
+
+#endif // UpdateUserPasswordPage_INCLUDED
--- a/src/cpp/SingletonManager/SessionManager.cpp
+++ b/src/cpp/SingletonManager/SessionManager.cpp
@ -268,8 +268,36 @@ void SessionManager::checkTimeoutSession()
 	
 }

+bool SessionManager::checkPwdValidation(const std::string& pwd, ErrorList* errorReciver)
+{
+	if (!isValid(pwd, VALIDATE_PASSWORD)) {
+		errorReciver->addError(new Error("Passwort", "Bitte gebe ein g&uuml;ltiges Password ein mit mindestens 8 Zeichen, Gro&szlig;- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen (@$!%*?&+-) ein!"));
+
+		// @$!%*?&+-
+		if (pwd.size() < 8) {
+			errorReciver->addError(new Error("Passwort", "Dein Passwort ist zu kurz!"));
+		}
+		else if (!isValid(pwd, VALIDATE_HAS_LOWERCASE_LETTER)) {
+			errorReciver->addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Kleinbuchstaben!"));
+		}
+		else if (!isValid(pwd, VALIDATE_HAS_UPPERCASE_LETTER)) {
+			errorReciver->addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Gro&szlig;buchstaben!"));
+		}
+		else if (!isValid(pwd, VALIDATE_HAS_NUMBER)) {
+			errorReciver->addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Zahlen!"));
+		}
+		else if (!isValid(pwd, VALIDATE_HAS_SPECIAL_CHARACTER)) {
+			errorReciver->addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Sonderzeichen (@$!%*?&+-)!"));
+		}
+
+		return false;
+	}
+	return true;
+}
+
+
 int CheckSessionTimeouted::run()
 {
 	SessionManager::getInstance()->checkTimeoutSession();
 	return 0;
-}
+}
--- a/src/cpp/SingletonManager/SessionManager.h
+++ b/src/cpp/SingletonManager/SessionManager.h
@ -54,6 +54,8 @@ public:
 	void deinitalize();

 	bool isValid(const std::string& subject, SessionValidationTypes validationType);
+	//! \return true if password is valid
+	bool checkPwdValidation(const std::string& pwd, ErrorList* errorReciver);

 	void checkTimeoutSession();

--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@ -135,26 +135,7 @@ bool Session::createUser(const std::string& first_name, const std::string& last_
 		addError(new Error("E-Mail", "Bitte gebe eine g&uuml;ltige E-Mail Adresse an."));
 		return false;
 	}
-	if (!sm->isValid(password, VALIDATE_PASSWORD)) {
-		addError(new Error("Passwort", "Bitte gebe ein g&uuml;ltiges Password ein mit mindestens 8 Zeichen, Gro&szlig;- und Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen (@$!%*?&+-) ein!"));
-
-		// @$!%*?&+-
-		if (password.size() < 8) {
-			addError(new Error("Passwort", "Dein Passwort ist zu kurz!"));
-		}
-		else if (!sm->isValid(password, VALIDATE_HAS_LOWERCASE_LETTER)) {
-			addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Kleinbuchstaben!"));
-		}
-		else if (!sm->isValid(password, VALIDATE_HAS_UPPERCASE_LETTER)) {
-			addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Gro&szlig;buchstaben!"));
-		}
-		else if (!sm->isValid(password, VALIDATE_HAS_NUMBER)) {
-			addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Zahlen!"));
-		}
-		else if (!sm->isValid(password, VALIDATE_HAS_SPECIAL_CHARACTER)) {
-			addError(new Error("Passwort", "Dein Passwort enth&auml;lt keine Sonderzeichen (@$!%*?&+-)!"));
-		}
-		
+	if (!sm->checkPwdValidation(password, this)) {
 		return false;
 	}
 	/*if (passphrase.size() > 0 && !sm->isValid(passphrase, VALIDATE_PASSPHRASE)) {
@ -257,6 +238,7 @@ bool Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
 		// load correct user from db
 		auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
 		Poco::Data::Statement update(dbConnection);
+
 		update << "UPDATE users SET email_checked=1 where id = (SELECT user_id FROM email_opt_in where verification_code=?)", use(emailVerificationCode);
 		auto updated_rows = update.execute();
 		if (updated_rows == 1) {
@ -297,7 +279,7 @@ bool Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
 bool Session::isPwdValid(const std::string& pwd)
 {
 	if (mSessionUser) {
-		return mSessionUser->validatePwd(pwd);
+		return mSessionUser->validatePwd(pwd, this);
 	}
 	return false;
 }
@ -311,10 +293,14 @@ bool Session::loadUser(const std::string& email, const std::string& password)
 	}
 	if (mSessionUser) mSessionUser = nullptr;
 	mSessionUser = new User(email.data());
-	if (!mSessionUser->validatePwd(password)) {
+	if (!mSessionUser->validatePwd(password, this)) {
 		addError(new Error("Login", "E-Mail oder Passwort nicht korrekt, bitte versuche es erneut!"));
 		return false;
 	}
+	if (!mSessionUser->isEmailChecked()) {
+		addError(new Error("Account", "E-Mail Adresse wurde noch nicht best&auml;tigt, hast du schon eine E-Mail erhalten?"));
+		return false;
+	}
 	detectSessionState();

 	return true;
@ -427,38 +413,25 @@ bool Session::loadFromEmailVerificationCode(Poco::UInt64 emailVerificationCode)
 	auto em = ErrorManager::getInstance();
 	auto dbConnection = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
 	
-	/*Poco::Data::Statement select(dbConnection);
-	int user_id = 0;
-	select << "SELECT user_id FROM email_opt_in WHERE verification_code=?", into(user_id), use(emailVerificationCode);
-	try {
-		if (select.execute() == 0) {
-			addError(new Error("E-Mail Verification", "Der Code konnte nicht in der Datenbank gefunden werden."));
-			return false;
-		}
-	}
-	catch (Poco::Exception& ex) {
-		em->addError(new ParamError(funcName, "error selecting verification code entry", ex.displayText().data()));
-		em->sendErrorsAsEmail();
-		return false;
-	}*/
 	Poco::Data::Statement select(dbConnection);
 	std::string email, first_name, last_name;
+	int user_id = 0;
 	select.reset(dbConnection);
-	select << "SELECT email, first_name, last_name FROM users where id = (SELECT user_id FROM email_opt_in WHERE verification_code=?)",
-		 into(email), into(first_name), into(last_name), use(emailVerificationCode);
+	select << "SELECT user_id FROM email_opt_in WHERE verification_code=?",
+		 into(user_id), use(emailVerificationCode);
 	try {
 		size_t rowCount = select.execute();
 		if (rowCount != 1) {
 			em->addError(new ParamError(funcName, "select user by email verification code work not like expected, selected row count", rowCount));
 			em->sendErrorsAsEmail();
 		}
-		if (rowCount < 0) {
+		if (rowCount < 1) {
 			addError(new Error("E-Mail Verification", "Konnte keinen passenden Account finden."));
 			return false;
 		}

-		mSessionUser = new User(email.data(), first_name.data(), last_name.data());
-		mSessionUser->loadEntryDBId(ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
+		mSessionUser = new User(user_id);
+
 		mEmailVerificationCode = emailVerificationCode;
 		updateState(SESSION_STATE_EMAIL_VERIFICATION_WRITTEN);
 		printf("[Session::loadFromEmailVerificationCode] time: %s\n", usedTime.string().data());
--- a/src/cpp/model/User.cpp
+++ b/src/cpp/model/User.cpp
@ -8,11 +8,13 @@

 #include "../SingletonManager/ConnectionManager.h"
 #include "../SingletonManager/ErrorManager.h"
+#include "../SingletonManager/SessionManager.h"

 #include "Poco/Data/Binding.h"

 using namespace Poco::Data::Keywords;

+//#define DEBUG_USER_DELETE_ENV


 // -------------------------------------------------------------------------------------------------
@ -97,18 +99,18 @@ int UserWriteKeysIntoDB::run()
 	auto keyPairs = getParent(0).cast<UserGenerateKeys>()->getKeyPairs();
 	auto pubKey = keyPairs->getPublicKey();
 	
-	printf("[UserWriteKeysIntoDB] after init\n");
+	//printf("[UserWriteKeysIntoDB] after init\n");
 	
 	Poco::Data::BLOB pubkey_blob(pubKey, crypto_sign_PUBLICKEYBYTES);
 	Poco::Data::Statement update(session);
 	Poco::Data::BLOB* pprivkey_blob = nullptr;
 	if (mSavePrivKey) {
-		printf("[UserWriteKeysIntoDB] save privkey\n");
+		//printf("[UserWriteKeysIntoDB] save privkey\n");
 		// TODO: encrypt privkey
 		auto privKey = keyPairs->getPrivateKey();
-		printf("[UserWriteKeysIntoDB] privKey hex: %s\n", KeyPair::getHex(*privKey, privKey->size()).data());
+		//printf("[UserWriteKeysIntoDB] privKey hex: %s\n", KeyPair::getHex(*privKey, privKey->size()).data());
 		pprivkey_blob = mUser->encrypt(privKey);
-		printf("[UserWriteKeysIntoDB] privkey encrypted\n");
+		//printf("[UserWriteKeysIntoDB] privkey encrypted\n");
 		//Poco::Data::BLOB privkey_blob(*privKey, privKey->size());

 		update << "UPDATE users SET pubkey=?, privkey=? where id=?",
@ -137,11 +139,25 @@ int UserWriteKeysIntoDB::run()
 		}
 		return -1;
 	}
-	printf("[UserWriteKeysIntoDB] after saving into db\n");
+	//printf("[UserWriteKeysIntoDB] after saving into db\n");
 	if (pprivkey_blob) {
 		delete pprivkey_blob;
 	}
-	printf("UserWritePrivKeyIntoDB time: %s\n", timeUsed.string().data());
+	//printf("UserWritePrivKeyIntoDB time: %s\n", timeUsed.string().data());
+	return 0;
+}
+
+// --------------------------------------------------------------------------------------------------------
+
+UserWriteCryptoKeyHashIntoDB::UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr<User> user, int dependencieCount/* = 0*/)
+	: UniLib::controller::CPUTask(ServerConfig::g_CPUScheduler, dependencieCount), mUser(user)
+{
+
+}
+
+int UserWriteCryptoKeyHashIntoDB::run()
+{
+	mUser->updateIntoDB("password");
 	return 0;
 }

@ -188,11 +204,46 @@ User::User(const char* email)
 	}
 }

+User::User(int user_id)
+: mDBId(user_id), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr), mReferenceCount(1)
+{
+	auto cm = ConnectionManager::getInstance();
+	auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
+
+	Poco::Nullable<Poco::Data::BLOB> pubkey;
+
+	Poco::Data::Statement select(session);
+	int email_checked = 0;
+	select << "SELECT email, first_name, last_name, password, pubkey, email_checked from users where id = ?",
+		into(mEmail), into(mFirstName), into(mLastName), into(mPasswordHashed), into(pubkey), into(email_checked), use(user_id);
+	try {
+		auto result = select.execute();
+		int zahl = 1;
+		if (result == 1) {
+			if (!pubkey.isNull()) {
+				auto pubkey_value = pubkey.value();
+				size_t hexSize = pubkey_value.size() * 2 + 1;
+				char* hexString = (char*)malloc(hexSize);
+				memset(hexString, 0, hexSize);
+				sodium_bin2hex(hexString, hexSize, pubkey_value.content().data(), pubkey_value.size());
+				mPublicHex = hexString;
+				free(hexString);
+			}
+			if (email_checked != 0) mEmailChecked = true;
+		}
+	}
+	catch (Poco::Exception& ex) {
+		addError(new ParamError("User::User", "mysql error", ex.displayText().data()));
+	}
+}
+


 User::~User()
 {
-//	printf("[User::~User]\n");
+#ifdef DEBUG_USER_DELETE_ENV
+	printf("[User::~User]\n");
+#endif
 	if (mCryptoKey) {
 		delete mCryptoKey;
 		mCryptoKey = nullptr;
@ -257,7 +308,35 @@ bool User::validatePassphrase(const std::string& passphrase)
 	return false;
 }

-bool User::validatePwd(const std::string& pwd)
+bool User::isEmptyPassword()
+{
+	return mPasswordHashed == 0 && (mCreateCryptoKeyTask.isNull() || mCreateCryptoKeyTask->isTaskFinished());
+}
+
+// TODO: if a password and privkey already exist, load current private key and re encrypt with new crypto key
+bool User::setNewPassword(const std::string& newPassword)
+{
+	if (newPassword == "") {
+		addError(new Error("Passwort", "Ist leer."));
+		return false;
+	}
+	if (!mCreateCryptoKeyTask.isNull() && !mCreateCryptoKeyTask->isTaskFinished()) {
+		addError(new Error("Passwort", "Wird bereits erstellt, bitte in ca. 1 sekunde neuladen."));
+		return false;
+	}
+	duplicate();
+	mCreateCryptoKeyTask = new UserCreateCryptoKey(this, newPassword, ServerConfig::g_CPUScheduler);
+	mCreateCryptoKeyTask->scheduleTask(mCreateCryptoKeyTask);
+
+	duplicate();
+	UniLib::controller::TaskPtr savePassword(new UserWriteCryptoKeyHashIntoDB(this, 1));
+	savePassword->setParentTaskPtrInArray(mCreateCryptoKeyTask, 0);
+	savePassword->scheduleTask(savePassword);
+
+	return true;
+}
+
+bool User::validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint)
 {
 	auto cmpCryptoKey = createCryptoKey(pwd);
 	if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) {
@ -275,6 +354,8 @@ bool User::validatePwd(const std::string& pwd)
 		return true;
 	}
 	delete cmpCryptoKey;
+	
+	
 	return false;
 }

@ -323,7 +404,9 @@ void User::duplicate()
 {
 	mWorkingMutex.lock();
 	mReferenceCount++;
-	//printf("[User::duplicate] new value: %d\n", mReferenceCount);
+#ifdef DEBUG_USER_DELETE_ENV
+	printf("[User::duplicate] new value: %d\n", mReferenceCount);
+#endif
 	mWorkingMutex.unlock();
 }

@ -331,7 +414,9 @@ void User::release()
 {
 	mWorkingMutex.lock();
 	mReferenceCount--;
-	//printf("[User::release] new value: %d\n", mReferenceCount);
+#ifdef DEBUG_USER_DELETE_ENV
+	printf("[User::release] new value: %d\n", mReferenceCount);
+#endif
 	if (0 == mReferenceCount) {
 		mWorkingMutex.unlock();
 		delete this;
@ -466,6 +551,36 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
 	return insert;
 }

+bool User::updateIntoDB(const char* fieldName)
+{
+	
+	if (mDBId == 0) {
+		addError(new Error("User::updateIntoDB", "user id is zero"));
+		return false; 
+	}
+
+	if (strcmp(fieldName, "password") == 0 && mPasswordHashed != 0) {
+		auto session = ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
+		Poco::Data::Statement update(session);
+		// UPDATE `table_name` SET `column_name` = `new_value' [WHERE condition];
+		update << "UPDATE users SET password = ? where id = ?",
+			use(mPasswordHashed), use(mDBId);
+		try {
+			if (update.execute() == 1) return true;
+			addError(new ParamError("User::updateIntoDB", "update not affected 1 rows", fieldName));
+		}
+		catch (Poco::Exception& ex) {
+			auto em = ErrorManager::getInstance();
+			em->addError(new ParamError("User::updateIntoDB", "mysql error", ex.displayText().data()));
+			em->sendErrorsAsEmail();
+		}
+			
+	}
+
+	return false;
+
+}
+
 bool User::loadEntryDBId(Poco::Data::Session session)
 {
 	auto em = ErrorManager::getInstance();
--- a/src/cpp/model/User.h
+++ b/src/cpp/model/User.h
@ -14,17 +14,22 @@ class NewUser;
 class UserCreateCryptoKey;
 class UserWriteIntoDB;
 class Session;
+class UserWriteCryptoKeyHashIntoDB;
+

 class User : public ErrorList
 {
 	friend NewUser;
 	friend UserCreateCryptoKey;
 	friend UserWriteIntoDB;
+	friend UserWriteCryptoKeyHashIntoDB;
 public:
 	// new user
 	User(const char* email, const char* first_name, const char* last_name);
 	// existing user
 	User(const char* email);
+
+	User(int user_id);
 	// login
 	//User(const std::string& email, const std::string& password);

@ -51,7 +56,9 @@ public:
 	inline std::string getPublicKeyHex() { lock(); std::string pubkeyHex = mPublicHex; unlock(); return pubkeyHex; }
 	inline void        setPublicKeyHex(const std::string& publicKeyHex) { lock(); mPublicHex = publicKeyHex; unlock(); }

-	bool validatePwd(const std::string& pwd);
+	bool isEmptyPassword();
+	bool setNewPassword(const std::string& newPassword);
+	bool validatePwd(const std::string& pwd, ErrorList* validationErrorsToPrint);
 	
 	Poco::Data::BLOB* encrypt(const ObfusArray* data);

@ -62,11 +69,12 @@ protected:
 	typedef Poco::UInt64 passwordHashed;

 	ObfusArray* createCryptoKey(const std::string& password);
-	inline void setCryptoKey(ObfusArray* cryptoKey) { mCryptoKey = cryptoKey; }
+	inline void setCryptoKey(ObfusArray* cryptoKey) { lock(); mCryptoKey = cryptoKey; unlock(); }

 	

 	Poco::Data::Statement insertIntoDB(Poco::Data::Session session);
+	bool updateIntoDB(const char* fieldName);
 	inline passwordHashed getPwdHashed() { lock(); auto ret = mPasswordHashed; unlock(); return ret; }
 	inline void setPwdHashed(passwordHashed pwdHashed) { lock(); mPasswordHashed = pwdHashed; unlock(); }

@ -90,6 +98,8 @@ private:
 	
 	// for poco auto ptr
 	int mReferenceCount;
+
+	UniLib::controller::TaskPtr mCreateCryptoKeyTask;
 };

 class UserCreateCryptoKey : public UniLib::controller::CPUTask
@ -150,4 +160,16 @@ protected:
 	bool mSavePrivKey;
 };

+class UserWriteCryptoKeyHashIntoDB : public UniLib::controller::CPUTask
+{
+public:
+	UserWriteCryptoKeyHashIntoDB(Poco::AutoPtr<User> user, int dependencieCount = 0);
+
+	int run();
+	const char* getResourceType() const { return "UserWriteCryptoKeyHashIntoDB"; };
+
+protected:
+	Poco::AutoPtr<User> mUser;
+};
+
 #endif //GRADIDO_LOGIN_SERVER_MODEL_USER_INCLUDE
--- a/src/cpsp/Error500.cpsp
+++ b/src/cpsp/Error500.cpsp
@ -0,0 +1,51 @@
+<%@ page class="Error500Page" %>
+<%@ page baseClass="SessionHTTPRequestHandler" %>
+<%@ page ctorArg="Session*" %>
+<%@ header include="SessionHTTPRequestHandler.h" %>
+<%@	page compressed="true" %>
+<%! 
+#include <Poco/Net/HTTPResponse.h>
+	
+%>
+<%
+	response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR);
+	Poco::AutoPtr<User> user;
+	if(mSession) {
+		auto user = mSession->getUser();
+	}
+%>
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Gradido Login Server: Error</title>
+<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
+<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
+<style type="text/css" >
+.grd_container
+{
+  max-width:820px;
+  margin-left:auto;
+  margin-right:auto;
+}
+
+input:not([type='radio']) {
+	width:200px;
+}
+label:not(.grd_radio_label) {
+	width:80px;
+	display:inline-block;
+}
+</style>
+</head>
+<body>
+	<h1>Ein Fehler auf dem Server trat ein, der Admin bekam eine E-Mail.</h1>
+	<% if(mSession) { %>
+		<%= mSession->getErrorsHtml() %>
+	<% } %>
+	<% if(!user.isNull()) {%>
+		<%= user->getErrorsHtml() %> 
+	<% } %>
+</body>
+</html>
--- a/src/cpsp/checkEmail.cpsp
+++ b/src/cpsp/checkEmail.cpsp
@ -5,12 +5,23 @@
 <%@ page form="true" %>
 <%@	page compressed="true" %>
 <%!
+#include "../model/Profiler.h"

+enum PageState 
+{
+	MAIL_NOT_SEND,
+	ASK_VERIFICATION_CODE
+};
 %>
 <%%
+	Profiler timeUsed;
 	bool hasErrors = false;
+	PageState state = ASK_VERIFICATION_CODE;
 	if(mSession) {
 		hasErrors = mSession->errorCount() > 0;
+		if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) {
+			state = MAIL_NOT_SEND;
+		}
 	}


@ -46,18 +57,25 @@ label:not(.grd_radio_label) {
 		<%= mSession->getErrorsHtml() %>
 	<%} %>
 	<h1>Einen neuen Account anlegen</h1>
-	<% if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
+	<% if(state == MAIL_NOT_SEND) { %>
 		<div class="grd_text">
 			<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>
 			<p>Versuche es einfach in 1-2 Minuten erneut.</p>
 		</div>
-	<% } else { %>
+	<% } else if(state == ASK_VERIFICATION_CODE) { %>
 	<form method="GET">
 		<p>Bitte gebe deinen E-Mail Verification Code ein. </p>
 		<input type="number" name="email-verification-code">
 		<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
 	</form>
+	<% } else { %>
+	<div class="grd_text">
+			Ungültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. 
+		</div>
 	<% } %>
 </div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
 </body>
 </html>
--- a/src/cpsp/dashboard.cpsp
+++ b/src/cpsp/dashboard.cpsp
@ -6,8 +6,10 @@
 <%@	page compressed="true" %>
 <%! 
 #include "../SingletonManager/SessionManager.h"
+#include "../model/Profiler.h"
 %>
 <% 
+	Profiler timeUsed;
 	//Poco::Net::NameValueCollection cookies;
 	//request.getCookies(cookies);
 	if(!form.empty()) {
@ -45,5 +47,8 @@
 	<a class="grd_bn" href="logout">Abmelden</a>
 	<a class="grd_bn" href="user_delete">Account l&ouml;schen</a>
 </div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
 </body>
 </html>
--- a/src/cpsp/login.cpsp
+++ b/src/cpsp/login.cpsp
@ -5,9 +5,11 @@
 #include "../SingletonManager/SessionManager.h"
 #include "Poco/Net/HTTPCookie.h"
 #include "Poco/Net/HTTPServerParams.h"
+#include "../model/Profiler.h"
 	
 %>
 <%% 
+	Profiler timeUsed;
 	auto session = SessionManager::getInstance()->getNewSession();
 	
 	if(!form.empty()) {
@ -78,6 +80,9 @@ label:not(.grd_radio_label) {
 		<p>Du hast noch keinen Account? Dann folge dem Link um dir einen anzulegen</p>
 		<a href="register">Neuen Account anlegen</a>
 	</div>
+	<div class="grd-time-used">
+		<%= timeUsed.string() %>
+	</div>
 </form>
 </body>
 </html>
--- a/src/cpsp/passphrase.cpsp
+++ b/src/cpsp/passphrase.cpsp
@ -5,6 +5,7 @@
 <%@ page form="true" %>
 <%@	page compressed="true" %>
 <%!
+#include "../model/Profiler.h"

 enum PageState 
 {
@ -13,6 +14,7 @@ enum PageState
 };
 %>
 <%%
+	Profiler timeUsed;
 	PageState state = PAGE_ASK_PASSPHRASE;
 	bool hasErrors = mSession->errorCount() > 0;
 	
@ -111,5 +113,8 @@ label:not(.grd_radio_label) {
 		</div>
 	<% } %>
 </div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
 </body>
 </html>
--- a/src/cpsp/register.cpsp
+++ b/src/cpsp/register.cpsp
@ -4,8 +4,10 @@
 <%!
 #include "../SingletonManager/SessionManager.h"
 #include "Poco/Net/HTTPCookie.h"
+#include "../model/Profiler.h"
 %>
 <%%
+	Profiler timeUsed;
 	auto session = SessionManager::getInstance()->getNewSession();
 	bool userReturned = false;
 	
@ -98,5 +100,8 @@ label:not(.grd_radio_label) {
 	</form>
 	<% } %>
 </div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
 </body>
 </html>
--- a/src/cpsp/saveKeys.cpsp
+++ b/src/cpsp/saveKeys.cpsp
@ -6,6 +6,7 @@
 <%@	page compressed="true" %>
 <%!
 #include "Poco/Net/HTTPServerParams.h"
+#include "../model/Profiler.h"

 enum PageState 
 {
@ -16,8 +17,9 @@ enum PageState

 %>
 <%%
-
+	Profiler timeUsed;
 	bool hasErrors = mSession->errorCount() > 0;
+	// crypto key only in memory, if user has tipped in his passwort in this session
 	bool hasPassword = mSession->getUser()->hasCryptoKey();
 	PageState state = PAGE_ASK;
 	
@ -29,7 +31,8 @@ enum PageState
 			if(!hasPassword) {
 				// check pwd
 				auto pwd = form.get("save-privkey-password", "");
-				if(!mSession->getUser()->validatePwd(pwd)) {
+				
+				if(!mSession->isPwdValid(pwd)) {
 					mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
 					hasErrors = true;
 				} else {
@ -149,5 +152,8 @@ label:not(.grd_radio_label) {
 		</div>
 	<% } %>
 </div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
 </body>
 </html>
--- a/src/cpsp/updateUser.cpsp
+++ b/src/cpsp/updateUser.cpsp
@ -0,0 +1,98 @@
+<%@ page class="UpdateUserPage" %>
+<%@ page form="true" %>
+<%@ page baseClass="SessionHTTPRequestHandler" %>
+<%@ page ctorArg="Session*" %>
+<%@ header include="SessionHTTPRequestHandler.h" %>
+<%@	page compressed="true" %>
+<%!
+#include "../SingletonManager/SessionManager.h"
+#include "Poco/Net/HTTPCookie.h"
+#include "../model/Profiler.h"
+%>
+<%%
+	Profiler timeUsed;
+	auto user = mSession->getUser();
+	
+	if(!form.empty()) {
+		auto pwd = form.get("update-password", "");
+		if(pwd != "") {
+			if(pwd != form.get("update-password", "")) {
+				session->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
+			} else {
+				userReturned = session->getUser()->setNewPassword(
+					form.get("update-password")
+				);
+			}
+		}
+	}
+%>
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Gradido Login Server: Register</title>
+<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
+<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
+<style type="text/css" >
+.grd_container
+{
+  max-width:820px;
+  margin-left:auto;
+  margin-right:auto;
+}
+
+input:not([type='radio']) {
+	width:200px;
+}
+label:not(.grd_radio_label) {
+	width:80px;
+	display:inline-block;
+}
+</style>
+</head>
+<body>
+<div class="grd_container">
+	<h1>Einen neuen Account anlegen</h1>
+	<% if(!form.empty()) {%>
+		<div class="grd_text-max-width">
+			<div class="grd_text">
+				..
+			</div>
+		</div>
+	<% } else { %>
+	<form method="POST">
+	
+		<% if(!form.empty() && !userReturned) {%>
+			<%= session->getErrorsHtml() %>
+		<%} %>
+		<fieldset class="grd_container_small">
+			<legend>Account anlegen</legend>
+			<p>Bitte gebe deine Daten um einen Account anzulegen</p>
+			<p class="grd_small">
+				<label for="update-first-name">Vorname</label>
+				<input id="update-first-name" type="text" name="update-first-name" value="<%= !user ? user->getFirstName() : "" %>"/>
+			</p>
+			<p class="grd_small">
+				<label for="update-last-name">Nachname</label>
+				<input id="update-last-name" type="text" name="update-last-name" value="<%= !user ? user->getLastName() : "" %>"/>
+			</p>
+			<p class="grd_small">
+				<label for="update-password">Passwort</label>
+				<input id="update-password" type="password" name="update-password"/>
+			</p>
+			<p class="grd_small">
+				<label for="update-password">Passwort Best&auml;tigung</label>
+				<input id="update-password2" type="password" name="update-password2"/>
+			</p>
+		</fieldset>
+		<input class="grd_bn_succeed" type="submit" name="submit" value="&Auml;nderung(en) speichern">
+		
+	</form>
+	<% } %>
+</div>
+<div class="grd-time-used">
+	s<%= timeUsed.string() %>
+</div>
+</body>
+</html>
--- a/src/cpsp/updateUserPassword.cpsp
+++ b/src/cpsp/updateUserPassword.cpsp
@ -0,0 +1,100 @@
+<%@ page class="UpdateUserPasswordPage" %>
+<%@ page baseClass="SessionHTTPRequestHandler" %>
+<%@ page ctorArg="Session*" %>
+<%@ header include="SessionHTTPRequestHandler.h" %>
+<%@	page compressed="true" %>
+<%!
+#include "../SingletonManager/SessionManager.h"
+#include "Poco/Net/HTTPCookie.h"
+#include "../model/Profiler.h"
+%>
+<%%
+	Profiler timeUsed;
+	auto user = mSession->getUser();
+	// save login cookie, because maybe we've get an new session
+	response.addCookie(mSession->getLoginCookie());
+	
+	if(!form.empty()) {
+		auto pwd = form.get("register-password", "");
+		if(pwd != "") {
+			if(pwd != form.get("register-password2", "")) {
+				mSession->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."));
+			} else if(SessionManager::getInstance()->checkPwdValidation(pwd, mSession)) {
+				if(user->setNewPassword(form.get("register-password"))) {
+					std::string referUri = request.get("Referer", "./");
+					//printf("[updateUserPasswordPage] referUri: %s\n", referUri.data());
+					response.redirect(referUri);
+					return;
+				}
+			}
+		}
+	}
+%>
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Gradido Login Server: Passwort bestimmen</title>
+<!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
+<link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
+<style type="text/css" >
+.grd_container
+{
+  max-width:820px;
+  margin-left:auto;
+  margin-right:auto;
+}
+
+input:not([type='radio']) {
+	width:200px;
+}
+label:not(.grd_radio_label) {
+	width:80px;
+	display:inline-block;
+}
+.grd_container_small
+{
+  max-width:500px;
+}
+.grd_text {
+  max-width:550px;
+  margin-bottom: 5px;
+}
+.grd-time-used {
+  position: fixed;
+  bottom:0;
+  left:0;
+  color:grey;
+  font-size: smaller;
+} 
+</style>
+</head>
+<body>
+<div class="grd_container">
+	<%= mSession->getErrorsHtml() %>
+	<%= user->getErrorsHtml() %> 
+	<h1>Passwort bestimmen</h1>
+	<form method="POST">	
+		<fieldset class="grd_container_small">
+			<div class="grd_text">
+				Bitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, ein Klein- und einen Gro&szlig;buchstaben enth&auml;lt,
+				eine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+-
+			</div>
+			<p class="grd_small">
+				<label for="register-password">Passwort</label>
+				<input id="register-password" type="password" name="register-password"/>
+			</p>
+			<p class="grd_small">
+				<label for="register-password2">Passwort Best&auml;tigung</label>
+				<input id="register-password2" type="password" name="register-password2"/>
+			</p>
+		</fieldset>
+		<input class="grd_bn_succeed" type="submit" name="submit" value="&Auml;nderung(en) speichern">
+	</form>
+</div>
+<div class="grd-time-used">
+	<%= timeUsed.string() %>
+</div>
+</body>
+</html>