adding passphrase and code for saveKeys. TODO: Continue generate and save keys logic, login, test everything

2025-12-13 07:45:54 +00:00 · 2019-10-01 18:21:26 +02:00 · 2019-10-01 18:21:26 +02:00 · 9a60d49cb5
commit 9a60d49cb5
parent 9866dea242
14 changed files with 439 additions and 323 deletions
--- a/src/cpp/Crypto/KeyPair.cpp
+++ b/src/cpp/Crypto/KeyPair.cpp
@ -3,6 +3,11 @@
 #include <memory.h>
 #include <string.h>
 #include "../SingletonManager/ErrorManager.h"
 #include "../SingletonManager/ConnectionManager.h"
 using namespace Poco::Data::Keywords;
 #define STR_BUFFER_SIZE 25
@ -89,3 +94,39 @@ bool KeyPair::generateFromPassphrase(const char* passphrase, Mnemonic* word_sour
 	// using 
 	return true;
 }
 std::string KeyPair::getPubkeyHex()
 {
 	size_t hexSize = crypto_sign_PUBLICKEYBYTES * 2 + 1;
 	char* hexString = (char*)malloc(hexSize);
 	memset(hexString, 0, hexSize);
 	sodium_bin2hex(hexString, hexSize, mSodiumPublic, crypto_sign_PUBLICKEYBYTES);
 	std::string pubHex = hexString;
 	free(hexString);
 	return pubHex;
 }
 bool KeyPair::savePrivKey(int userId)
 {
 	auto cm = ConnectionManager::getInstance();
 	auto em = ErrorManager::getInstance();
 	Poco::Data::Statement update(cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
 	Poco::Data::BLOB privkey_blob((const unsigned char*)(*mPrivateKey), mPrivateKey->size());
 	update << "UPDATE users set privkey = ? where id = ?",
 		use(privkey_blob), use(userId);
 	try {
 		if (update.execute() != 1) {
 			em->addError(new ParamError("KeyPair::savePrivKey", "error writing privkey, user not found? ", std::to_string(userId)));
 			em->sendErrorsAsEmail();
 			return false;
 		}
 	} catch (Poco::Exception& ex) {
 		em->addError(new ParamError("KeyPair::savePrivKey", "exception by running mysql", ex.displayText()));
 		em->sendErrorsAsEmail();
 		return false;
 	}
 	return true;
 }
--- a/src/cpp/Crypto/KeyPair.h
+++ b/src/cpp/Crypto/KeyPair.h
@ -14,6 +14,8 @@ public:
 	~KeyPair();
 	bool generateFromPassphrase(const char* passphrase, Mnemonic* word_source);
 	std::string getPubkeyHex();
 	bool savePrivKey(int userId);
 protected:
--- a/src/cpp/HTTPInterface/CheckEmailPage.cpp
+++ b/src/cpp/HTTPInterface/CheckEmailPage.cpp
@ -7,17 +7,7 @@
 #line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 #include "../SingletonManager/SessionManager.h"
 #include "../model/User.h"
 #include "Poco/Net/HTTPCookie.h"
 enum PageState 
 {
 	PAGE_VERIFICATION_FAILED,
 	PAGE_ASK_PASSPHRASE,
 	PAGE_SHOW_PASSPHRASE,
 	PAGE_ASK_VERIFICATION_CODE
 };
 CheckEmailPage::CheckEmailPage(Session* arg):
@ -34,74 +24,14 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	if (_compressResponse) response.set("Content-Encoding", "gzip");
 	Poco::Net::HTMLForm form(request, request.stream());
-#line 20 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 10 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 	auto sm = SessionManager::getInstance();
 	bool hasErrors = false;
 	unsigned long long verificationCode = 0;
 	PageState state = PAGE_ASK_PASSPHRASE;
 	std::string uri = request.getURI();
 	//printf("uri: %s\n", uri.data());
 	if(!form.empty()) {
 	  try {
 		verificationCode = stoll(form.get("email-verification-code", "0"));
 	  } catch(...) {}
 	}
 	if(!verificationCode) {
 		size_t pos = uri.find_last_of("/");
 		try {
 			verificationCode = stoll(uri.substr(pos+1));
 		} catch(...) {}
 	}
 	if(!verificationCode) {
 		state = PAGE_ASK_VERIFICATION_CODE;
 	} else {
 		// no session
 		if(!mSession || mSession->getEmailVerificationCode() != verificationCode) {
 			mSession = sm->findByEmailVerificationCode(verificationCode);
 		}
 		// no session in server, load from db
 		if(!mSession) {
 			mSession = sm->getNewSession();
 			if(mSession->loadFromEmailVerificationCode(verificationCode)) {
 				auto cookie_id = mSession->getHandle();
 				auto user_host = request.clientAddress().host();
 				mSession->setClientIp(user_host);
 				response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
 			} else {
 				sm->releseSession(mSession);
 				mSession = nullptr;
 				state = PAGE_VERIFICATION_FAILED;
 			}
 		}
 	if(mSession) {
 			mSession->updateEmailVerification(verificationCode);
 		hasErrors = mSession->errorCount() > 0;
 	}
 			if(!hasErrors && !form.empty()) {
 				auto registerKeyChoice = form.get("register-key", "");
 				std::string oldPassphrase = "";
 				if(registerKeyChoice == "no") {
 					auto oldPassphrase = form.get("register-key-existing", "");
 					if(oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
 						// passphrase is valid 
 						mSession->setPassphrase(oldPassphrase);
 						mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
 						state = PAGE_SHOW_PASSPHRASE;
 					} else {
 						mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
 					}
 				} else if(registerKeyChoice == "yes") {
 					mSession->generatePassphrase();
 					state = PAGE_SHOW_PASSPHRASE;
 				}
 			}
 		} else {
 			state = PAGE_VERIFICATION_FAILED;
 		}
 	}
 	std::ostream& _responseStream = response.send();
 	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
 	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
@ -111,7 +41,7 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "<head>\n";
 	responseStream << "<meta charset=\"UTF-8\">\n";
 	responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
-	responseStream << "<title>Gradido Login Server: Email OptIn</title>\n";
+	responseStream << "<title>Gradido Login Server: Email Verification</title>\n";
 	responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
 	responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
 	responseStream << "<style type=\"text/css\" >\n";
@ -127,104 +57,33 @@ void CheckEmailPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	responseStream << "<body>\n";
 	responseStream << "<div class=\"grd_container\">\n";
 	responseStream << "\t";
-#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 38 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 if(mSession && hasErrors) {	responseStream << "\n";
 	responseStream << "\t\t";
-#line 109 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 39 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 	responseStream << ( mSession->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t";
-#line 110 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 40 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t<h1>Einen neuen Account anlegen</h1>\n";
 	responseStream << "\t";
-#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 42 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
- if(state == PAGE_SHOW_PASSPHRASE) {	responseStream << "\n";
+ if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { 	responseStream << "\n";
-	responseStream << "\t\t<div class=\"grd_text-max-width\">\n";
+	responseStream << "\t\t<div class=\"grd_text\">\n";
-	responseStream << "\t\t\t<div class=\"grd_text\">\n";
+	responseStream << "\t\t\t<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>\n";
-	responseStream << "\t\t\t\tSchreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.\n";
+	responseStream << "\t\t\t<p>Versuche es einfach in 1-2 Minuten erneut.</p>\n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t\t<div class=\"grd_textarea\">\n";
 	responseStream << "\t\t\t\t";
 #line 118 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 	responseStream << ( mSession->getPassphrase() );
 	responseStream << "\n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t\t<a href=\"/saveKeys\">Weiter</a>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 122 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 47 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
- } else if(state == PAGE_ASK_PASSPHRASE) { 	responseStream << "\n";
+ } else { 	responseStream << "\n";
 	responseStream << "\t<form method=\"POST\">\n";
 	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
 	responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
 	responseStream << "\t\t\t<p>Bitte gebe deine Daten um einen Account anzulegen</p>\n";
 	responseStream << "\t\t\t<p>Hast du schonmal ein Gradido Konto besessen?</p>\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<input id=\"register-key-new-yes\" type=\"radio\" name=\"register-key\" value=\"yes\" checked/>\n";
 	responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-yes\">Nein, bitte ein neues erstellen!</label>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<input id=\"register-key-new-no\" type=\"radio\" name=\"register-key\" value=\"no\"/>\n";
 	responseStream << "\t\t\t\t<label class=\"grd_radio_label\" for=\"register-key-new-no\">Ja, bitte wiederherstellen!</label>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<textarea style=\"width:100%;height:100px\" name=\"register-key-existing\">";
 #line 136 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-key-existing", "") : "" );
 	responseStream << "</textarea>\n";
 	responseStream << "\t\t</fieldset>\n";
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" name=\"submit\" value=\"Weiter\">\n";
 	responseStream << "\t\t\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
 #line 141 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else if(state == PAGE_ASK_VERIFICATION_CODE) { 	responseStream << "\n";
 	responseStream << "\t<form method=\"GET\">\n";
 	responseStream << "\t\t<p>Bitte gebe deinen E-Mail Verification Code ein. </p>\n";
 	responseStream << "\t\t<input type=\"number\" name=\"email-verification-code\">\n";
 	responseStream << "\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 147 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
+#line 53 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else if(state == PAGE_VERIFICATION_FAILED) { 	responseStream << "\n";
 	responseStream << "\t\t";
 #line 148 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 if(mSession) { 	responseStream << "\n";
 	responseStream << "\t\t\t";
 #line 149 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { 	responseStream << "\n";
 	responseStream << "\t\t\t\t<p>Bitte versuche es erneut</p>\n";
 	responseStream << "\t\t\t\t<form method=\"GET\" action=\"/checkEmail\">\n";
 	responseStream << "\t\t\t\t\t<input type=\"number\" name=\"email-verification-code\">\n";
 	responseStream << "\t\t\t\t\t<input class=\"grd_bn_succeed\" type=\"submit\" value=\"Überprüfe Code\">\n";
 	responseStream << "\t\t\t\t</form>\n";
 	responseStream << "\t\t\t";
 #line 155 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { 	responseStream << "\n";
 	responseStream << "\t\t\t\t<div class=\"grd_text\">Die E-Mail wurde nicht verschickt, bitte habe noch etwas Geduld.</div>\n";
 	responseStream << "\t\t\t";
 #line 157 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t\t\t\t<div class=\"grd_text\">Der Account wurde schon freigeschaltet.</div>\n";
 	responseStream << "\t\t\t\t<a href=\"/\">Zurück</a>\n";
 	responseStream << "\t\t\t";
 #line 160 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t\t";
 #line 161 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t\t\t<p>Fehler, bitte wende dich an den Server-Admin order versuche dich erneut zu registrieren.</p>\n";
 	responseStream << "\t\t";
 #line 163 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t";
 #line 164 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\tUngültige Seite, wenn du das siehst stimmt hier was nicht. Bitte wende dich an den Server-Admin. \n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
 #line 168 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkEmail.cpsp"
 } 	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
@ -1,6 +1,7 @@
 #include "PageRequestHandlerFactory.h"
 #include "Poco/Net/HTTPServerRequest.h"
 #include "Poco/Net/HTTPServerRequest.h"
 #include "Poco/Net/HTMLForm.h"
 #include "ConfigPage.h"
 #include "LoginPage.h"
@ -8,6 +9,7 @@
 #include "HandleFileRequest.h"
 #include "DashboardPage.h"
 #include "CheckEmailPage.h"
 #include "PassphrasePage.h"
 #include "SaveKeysPage.h"
 #include "../SingletonManager/SessionManager.h"
@ -44,12 +46,20 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 	auto sm = SessionManager::getInstance();
 	auto s = sm->getSession(session_id);
 	if (url_first_part == "/checkEmail") {
-		return new CheckEmailPage(s);
+		//return new CheckEmailPage(s);
 		return handleCheckEmail(s, uri, request);
 	}
 	if (s) {
-		if (uri == "/saveKeys") {
+		auto sessionState = s->getSessionState();
 		if(sessionState == SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED || 
 		   sessionState == SESSION_STATE_PASSPHRASE_GENERATED) {
 		//if (url_first_part == "/passphrase") {
 			//return handlePassphrase(s, request);
 			return new PassphrasePage(s);
 		}
 		else if(sessionState == SESSION_STATE_PASSPHRASE_SHOWN) {
 		//else if (uri == "/saveKeys") {
 			return new SaveKeysPage(s);
 		}
 		return new DashboardPage(s);
@ -68,3 +78,99 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 	return new HandleFileRequest;
 	//return new PageRequestHandlerFactory;
 }
 Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request)
 {
 	Poco::Net::HTMLForm form(request);
 	unsigned long long verificationCode = 0;
 	// if verification code is valid, go to next page, passphrase
 	// login via verification code, if no session is active
 	// try to get code from form get parameter
 	if (!form.empty()) {
 		try {
 			verificationCode = stoll(form.get("email-verification-code", "0"));
 		} catch (...) {}
 	}
 	// try to get code from uri parameter
 	if (!verificationCode) {
 		size_t pos = uri.find_last_of("/");
 		try {
 			verificationCode = stoll(uri.substr(pos + 1));
 		} catch (...) {}
 	}
 	// if no verification code given or error with given code, show form
 	if (!verificationCode) {
 		return new CheckEmailPage(session);
 	}
 	// we have a verification code, now let's check that thing
 	auto sm = SessionManager::getInstance();
 	// no session or active session don't belong to verification code
 	if (!session || session->getEmailVerificationCode() != verificationCode) {
 		session = sm->findByEmailVerificationCode(verificationCode);
 	}
 	// no suitable session in memory, try to create one from db data
 	if (!session) {
 		session = sm->getNewSession();
 		if (session->loadFromEmailVerificationCode(verificationCode)) {
 			// login not possible in this function
 			/*auto cookie_id = session->getHandle();
 			auto user_host = request.clientAddress().host();
 			session->setClientIp(user_host);
 			response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
 			*/
 		}
 		else {
 			sm->releseSession(session);
 			session = nullptr;
 		}
 	}
 	// suitable session found or created
 	if (session) {
 		// update session, mark as verified 
 		if (session->updateEmailVerification(verificationCode)) {
 			return new PassphrasePage(session);
 		}
 	}
 	return new CheckEmailPage(session);
 }
 Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handlePassphrase(Session* session, const Poco::Net::HTTPServerRequest& request)
 {
 	//couldn't use form here, because request is const
 	/*
 	Poco::Net::HTMLForm form(request);
 	if (!form.empty()) {
 		auto registerKeyChoice = form.get("passphrase", "");
 		std::string oldPassphrase = "";
 		if (registerKeyChoice == "no") {
 			auto oldPassphrase = form.get("passphrase-existing", "");
 			if (oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
 				// passphrase is valid 
 				session->setPassphrase(oldPassphrase);
 				session->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
 				// go one
 				return new SaveKeysPage(session);
 			}
 			else {
 				session->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
 			}
 		}
 		else if (registerKeyChoice == "yes") {
 			session->generatePassphrase();
 		}
 	}
 	return new PassphrasePage(session);
 	*/
 }
 Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleSaveKeys(Session* session, const Poco::Net::HTTPServerRequest& request)
 {
 }
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.h
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.h
@ -10,10 +10,13 @@ class PageRequestHandlerFactory : public Poco::Net::HTTPRequestHandlerFactory
 {
 public:
 	PageRequestHandlerFactory();
 	Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request);
 protected:
 	Poco::Net::HTTPRequestHandler* handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request);
 	Poco::Net::HTTPRequestHandler* handlePassphrase(Session* session, const Poco::Net::HTTPServerRequest& request);
 	Poco::Net::HTTPRequestHandler* handleSaveKeys(Session* session, const Poco::Net::HTTPServerRequest& request);
 	Poco::RegularExpression mRemoveGETParameters;
 };
--- a/src/cpp/HTTPInterface/RegisterPage.cpp
+++ b/src/cpp/HTTPInterface/RegisterPage.cpp
@ -76,27 +76,22 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t<div class=\"grd_text\">\n";
 	responseStream << "\t\t\t\tDeine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt. \n";
 	responseStream << "\t\t\t\tWenn sie da ist, befolge ihren Anweisungen. \n";
 	responseStream << "\t\t\t\tMöchtest du wissen ob die E-Mail schon verschickt wurde? \n";
 	responseStream << "\t\t\t\tDann klicke einfach hier: \n";
 	responseStream << "\t\t\t\t<form action=\"/\">\n";
 	responseStream << "\t\t\t\t\t<input type=\"submit\" value=\"Status überprüfen\">\n";
 	responseStream << "\t\t\t\t</form>\n";
 	responseStream << "\t\t\t</div>\n";
 	responseStream << "\t\t</div>\n";
 	responseStream << "\t";
-#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 61 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } else { 	responseStream << "\n";
 	responseStream << "\t<form method=\"POST\">\n";
 	responseStream << "\t\n";
 	responseStream << "\t\t";
-#line 69 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 64 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 if(!form.empty() && !userReturned) {	responseStream << "\n";
 	responseStream << "\t\t\t";
-#line 70 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 65 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( session->getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t\t";
-#line 71 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 66 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } 	responseStream << "\n";
 	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
 	responseStream << "\t\t\t<legend>Account anlegen</legend>\n";
@ -104,14 +99,14 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<label for=\"register-name\">Vorname</label>\n";
 	responseStream << "\t\t\t\t<input id=\"register-name\" type=\"text\" name=\"register-name\" value=\"";
-#line 77 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 72 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-name") : "" );
 	responseStream << "\"/>\n";
 	responseStream << "\t\t\t</p>\n";
 	responseStream << "\t\t\t<p class=\"grd_small\">\n";
 	responseStream << "\t\t\t\t<label for=\"register-email\">E-Mail</label>\n";
 	responseStream << "\t\t\t\t<input id=\"register-email\" type=\"email\" name=\"register-email\" value=\"";
-#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 76 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 	responseStream << ( !form.empty() ? form.get("register-email") : "" );
 	responseStream << "\"/>\n";
 	responseStream << "\t\t\t</p>\n";
@ -128,7 +123,7 @@ void RegisterPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
 	responseStream << "\t\t\n";
 	responseStream << "\t</form>\n";
 	responseStream << "\t";
-#line 95 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
+#line 90 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\register.cpsp"
 } 	responseStream << "\n";
 	responseStream << "</div>\n";
 	responseStream << "</body>\n";
--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@ -191,6 +191,9 @@ bool Session::updateEmailVerification(unsigned long long emailVerificationCode)
 				em->addError(new Error(funcName, "delete from email_opt_in entry didn't work as expected, please check db"));
 				em->sendErrorsAsEmail();
 			}
 			if (mSessionUser) {
 				mSessionUser->setEmailChecked();
 			}
 			updateState(SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED);
 			printf("[%s] time: %s\n", funcName, usedTime.string().data());
 			return true;
@ -215,10 +218,17 @@ bool Session::updateEmailVerification(unsigned long long emailVerificationCode)
 	return false;
 }
-
+bool Session::isPwdValid(const std::string& pwd)
 {
 	if (mSessionUser) {
 		return mSessionUser->validatePwd(pwd);
 	}
 	return false;
 }
 bool Session::loadUser(const std::string& email, const std::string& password)
 {
 	return true;
 }
@ -262,7 +272,7 @@ bool Session::loadFromEmailVerificationCode(unsigned long long emailVerification
 		mSessionUser = new User(email.data(), name.data());
 		mSessionUser->loadEntryDBId(ConnectionManager::getInstance()->getConnection(CONNECTION_MYSQL_LOGIN_SERVER));
 		mEmailVerificationCode = emailVerificationCode;
-		updateState(SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED);
+		updateState(SESSION_STATE_EMAIL_VERIFICATION_WRITTEN);
 		printf("[Session::loadFromEmailVerificationCode] time: %s\n", usedTime.string().data());
 		return true;
 	}
@ -343,3 +353,14 @@ bool Session::generatePassphrase()
 	updateState(SESSION_STATE_PASSPHRASE_GENERATED);
 	return true;
 }
 bool Session::generateKeys(bool savePrivkey, bool savePassphrase)
 {
 	if (mSessionUser) {
 		if (!mSessionUser->generateKeys(savePrivkey, mPassphrase)) {
 		}
 	}
 	return true;
 }
--- a/src/cpp/model/Session.h
+++ b/src/cpp/model/Session.h
@ -61,11 +61,13 @@ public:
 	inline void setPassphrase(const std::string& passphrase) { mPassphrase = passphrase; }
 	inline const std::string& getPassphrase() { return mPassphrase; }
 	bool generatePassphrase();
 	bool generateKeys(bool savePrivkey, bool savePassphrase);
 	inline void setClientIp(Poco::Net::IPAddress ip) { mClientLoginIP = ip; }
 	inline bool isIPValid(Poco::Net::IPAddress ip) { return mClientLoginIP == ip; }
 	bool isPwdValid(const std::string& pwd);
 	void reset();
 	void updateState(SessionStates newState);
--- a/src/cpp/model/User.cpp
+++ b/src/cpp/model/User.cpp
@ -56,7 +56,17 @@ void LoginUser::run()
 int UserCreateCryptoKey::run() 
 {
-	mUser->createCryptoKey(mPassword);
+	auto cryptoKey = mUser->createCryptoKey(mPassword);
 	mUser->setCryptoKey(cryptoKey);
 	if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) {
 		throw Poco::Exception("crypto_shorthash_BYTES != sizeof(mPasswordHashed)");
 	}
 	User::passwordHashed pwdHashed;
 	crypto_shorthash((unsigned char*)&pwdHashed, *cryptoKey, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
 	mUser->setPwdHashed(pwdHashed);
 	printf("crypto key created\n");
 	return 0;
 }
@ -82,10 +92,30 @@ int UserWriteIntoDB::run()
 User::User(const char* email, const char* name)
-	: mDBId(0), mEmail(email), mFirstName(name), mPasswordHashed(0), mCryptoKey(nullptr)
+	: mDBId(0), mEmail(email), mFirstName(name), mPasswordHashed(0), mEmailChecked(false), mCryptoKey(nullptr)
 {
 	//crypto_shorthash(mPasswordHashed, (const unsigned char*)password, strlen(password), *ServerConfig::g_ServerCryptoKey);
 	//memset(mPasswordHashed, 0, crypto_shorthash_BYTES);
 	auto cm = ConnectionManager::getInstance();
 	auto session = cm->getConnection(CONNECTION_MYSQL_LOGIN_SERVER);
 	Poco::Nullable<Poco::Data::BLOB> pubkey;
 	Poco::Data::Statement select(session);
 	select << "SELECT id, password, pubkey, email_checked from users where email = ?",
 		into(mDBId), into(mPasswordHashed), into(pubkey), into(mEmailChecked), use(mEmail);
 	try {
 		if (select.execute() == 1) {
 			if (!pubkey.isNull()) {
 				size_t hexSize = pubkey.value.size() * 2 + 1;
 				char* hexString = (char*)malloc(hexSize);
 				memset(hexString, 0, hexSize);
 				sodium_bin2hex(hexString, hexSize, pubkey.value.content().data(), pubkey.value.size());
 				mPublicHex = hexString;
 				free(hexString);
 			}
 		}
 	} catch(...) {}
 }
@ -143,7 +173,28 @@ bool User::validatePassphrase(const std::string& passphrase)
 	return false;
 }
-void User::createCryptoKey(const std::string& password)
+bool User::validatePwd(const std::string& pwd)
 {
 	auto cmpCryptoKey = createCryptoKey(pwd);
 	if (sizeof(User::passwordHashed) != crypto_shorthash_BYTES) {
 		throw Poco::Exception("crypto_shorthash_BYTES != sizeof(User::passwordHashed)");
 	}
 	User::passwordHashed pwdHashed;
 	crypto_shorthash((unsigned char*)&pwdHashed, *cmpCryptoKey, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
 	if (pwdHashed == mPasswordHashed) {
 		if (!mCryptoKey) {
 			mCryptoKey = cmpCryptoKey;
 		}
 		else {
 			delete cmpCryptoKey;
 		}
 		return true;
 	}
 	delete cmpCryptoKey;
 	return false;
 }
 ObfusArray* User::createCryptoKey(const std::string& password)
 {
 	Profiler timeUsed;
@ -172,17 +223,21 @@ void User::createCryptoKey(const std::string& password)
 		//printf("pwd: %s\n", pwd);
 		return ;
 	}
-	if (sizeof(mPasswordHashed) != crypto_shorthash_BYTES) {
+	
 		throw Poco::Exception("crypto_shorthash_BYTES != sizeof(mPasswordHashed)");
 	}
 	crypto_shorthash((unsigned char*)&mPasswordHashed, key, crypto_box_SEEDBYTES, *ServerConfig::g_ServerCryptoKey);
 	lock();
-	mCryptoKey = new ObfusArray(crypto_box_SEEDBYTES, key);
+	auto cryptoKey = new ObfusArray(crypto_box_SEEDBYTES, key);
 	unlock();
 	free(key);
 	// mCryptoKey
 	printf("[User::createCryptoKey] time used: %s\n", timeUsed.string().data());
 	return cryptoKey;
 }
 bool User::generateKeys(bool savePrivkey, const std::string& passphrase)
 {
 	// TODO: call create key pair from passphrase from worker thread
 	// TODO: evt. save privkey from worker thread
 }
 Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
@ -192,7 +247,7 @@ Poco::Data::Statement User::insertIntoDB(Poco::Data::Session session)
 	//Poco::Data::BLOB pwd(&mPasswordHashed[0], crypto_shorthash_BYTES);
-	printf("[User::insertIntoDB] password hashed: %llu\n", mPasswordHashed);
+	//printf("[User::insertIntoDB] password hashed: %llu\n", mPasswordHashed);
 	insert << "INSERT INTO users (email, name, password) VALUES(?, ?, ?);",
 		use(mEmail), use(mFirstName), bind(mPasswordHashed);
--- a/src/cpp/model/User.h
+++ b/src/cpp/model/User.h
@ -28,18 +28,28 @@ public:
 	static std::string generateNewPassphrase(Mnemonic* word_source);
 	static bool validatePassphrase(const std::string& passphrase);
 	bool generateKeys(bool savePrivkey, const std::string& passphrase);
 	bool loadEntryDBId(Poco::Data::Session session);
 	inline bool hasCryptoKey() { lock(); bool bRet = mCryptoKey != nullptr; unlock(); return bRet; }
 	inline const char* getEmail() const { return mEmail.data(); }
 	inline const char* getName() const { return mFirstName.data(); }
 	inline int         getDBId() { return mDBId;  }
 	inline void		   setEmailChecked() { mEmailChecked = true; }
 	std::string        getPublicKeyHex() { return mPublicHex;  }
 	bool validatePwd(const std::string& pwd);
 protected:
-	void createCryptoKey(const std::string& password);
+	typedef unsigned long long passwordHashed;
 	Poco::Data::Statement insertIntoDB(Poco::Data::Session session);
 	ObfusArray* createCryptoKey(const std::string& password);
 	inline void setCryptoKey(ObfusArray* cryptoKey) { mCryptoKey = cryptoKey; }
 	Poco::Data::Statement insertIntoDB(Poco::Data::Session session);
 	inline passwordHashed getPwdHashed() { lock(); auto ret = mPasswordHashed; unlock(); return ret; }
 	inline void setPwdHashed(passwordHashed pwdHashed) { lock(); mPasswordHashed = pwdHashed; unlock(); }
 	inline void lock() { mWorkingMutex.lock(); }
 	inline void unlock() { mWorkingMutex.unlock(); }
@ -48,10 +58,12 @@ private:
 	int mDBId;
 	std::string mEmail;
 	std::string mFirstName;
-	unsigned long long mPasswordHashed;
+	
 	passwordHashed mPasswordHashed;
 	bool mEmailChecked;
 	// crypto key as obfus array 
 	ObfusArray* mCryptoKey;
-
+	std::string mPublicHex;
 	Poco::Mutex mWorkingMutex;
 };
--- a/src/cpsp/checkEmail.cpsp
+++ b/src/cpsp/checkEmail.cpsp
@ -5,92 +5,22 @@
 <%@ page form="true" %>
 <%@	page compressed="true" %>
 <%!
 #include "../SingletonManager/SessionManager.h"
 #include "../model/User.h"
 #include "Poco/Net/HTTPCookie.h"
 enum PageState 
 {
 	PAGE_VERIFICATION_FAILED,
 	PAGE_ASK_PASSPHRASE,
 	PAGE_SHOW_PASSPHRASE,
 	PAGE_ASK_VERIFICATION_CODE
 };
 %>
 <%%
 	auto sm = SessionManager::getInstance();
 	bool hasErrors = false;
 	unsigned long long verificationCode = 0;
 	PageState state = PAGE_ASK_PASSPHRASE;
 	std::string uri = request.getURI();
 	//printf("uri: %s\n", uri.data());
 	if(!form.empty()) {
 	  try {
 		verificationCode = stoll(form.get("email-verification-code", "0"));
 	  } catch(...) {}
 	}
 	if(!verificationCode) {
 		size_t pos = uri.find_last_of("/");
 		try {
 			verificationCode = stoll(uri.substr(pos+1));
 		} catch(...) {}
 	}
 	if(!verificationCode) {
 		state = PAGE_ASK_VERIFICATION_CODE;
 	} else {
 		// no session
 		if(!mSession || mSession->getEmailVerificationCode() != verificationCode) {
 			mSession = sm->findByEmailVerificationCode(verificationCode);
 		}
 		// no session in server, load from db
 		if(!mSession) {
 			mSession = sm->getNewSession();
 			if(mSession->loadFromEmailVerificationCode(verificationCode)) {
 				auto cookie_id = mSession->getHandle();
 				auto user_host = request.clientAddress().host();
 				mSession->setClientIp(user_host);
 				response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
 			} else {
 				sm->releseSession(mSession);
 				mSession = nullptr;
 				state = PAGE_VERIFICATION_FAILED;
 			}
 		}
 	if(mSession) {
 			mSession->updateEmailVerification(verificationCode);
 		hasErrors = mSession->errorCount() > 0;
 	}
 			if(!hasErrors && !form.empty()) {
 				auto registerKeyChoice = form.get("passphrase", "");
 				std::string oldPassphrase = "";
 				if(registerKeyChoice == "no") {
 					auto oldPassphrase = form.get("passphrase-existing", "");
 					if(oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
 						// passphrase is valid 
 						mSession->setPassphrase(oldPassphrase);
 						mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
 						state = PAGE_SHOW_PASSPHRASE;
 					} else {
 						mSession->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
 					}
 				} else if(registerKeyChoice == "yes") {
 					mSession->generatePassphrase();
 					state = PAGE_SHOW_PASSPHRASE;
 				}
 			}
 		} else {
 			state = PAGE_VERIFICATION_FAILED;
 		}
 	}
 %>
 <!DOCTYPE html>
 <html>
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Gradido Login Server: Email OptIn</title>
+<title>Gradido Login Server: Email Verification</title>
 <!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
 <link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
 <style type="text/css" >
@ -109,62 +39,17 @@ label:not(.grd_radio_label) {
 		<%= mSession->getErrorsHtml() %>
 	<%} %>
 	<h1>Einen neuen Account anlegen</h1>
-	<% if(state == PAGE_SHOW_PASSPHRASE) {%>
+	<% if(mSession && mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
 		<div class="grd_text-max-width">
 		<div class="grd_text">
-				Schreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.
+			<p>Die E-Mail wurde noch nicht verschickt, bitte habe noch etwas Geduld.</p>
 			<p>Versuche es einfach in 1-2 Minuten erneut.</p>
 		</div>
-			<div class="grd_textarea">
+	<% } else { %>
 				<%= mSession->getPassphrase() %>
 			</div>
 			<a href="/saveKeys">Weiter</a>
 		</div>
 	<% } else if(state == PAGE_ASK_PASSPHRASE) { %>
 	<form method="POST">
 		<fieldset class="grd_container_small">
 			<legend>Account anlegen</legend>
 			<p>Bitte gebe deine Daten um einen Account anzulegen</p>
 			<p>Hast du schonmal ein Gradido Konto besessen?</p>
 			<p class="grd_small">
 				<input id="passphrase-new-yes" type="radio" name="passphrase" value="yes" checked/>
 				<label class="grd_radio_label" for="passphrase-new-yes">Nein, bitte ein neues erstellen!</label>
 			</p>
 			<p class="grd_small">
 				<input id="passphrase-new-no" type="radio" name="passphrase" value="no"/>
 				<label class="grd_radio_label" for="passphrase-new-no">Ja, bitte wiederherstellen!</label>
 			</p>
 			<textarea style="width:100%;height:100px" name="passphrase-existing"><%= !form.empty() ? form.get("register-key-existing", "") : "" %></textarea>
 		</fieldset>
 		<input class="grd_bn_succeed" type="submit" name="submit" value="Weiter">
 	</form>
 	<% } else if(state == PAGE_ASK_VERIFICATION_CODE) { %>
 	<form method="GET">
 		<p>Bitte gebe deinen E-Mail Verification Code ein. </p>
 		<input type="number" name="email-verification-code">
 		<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
 	</form>
 	<% } else if(state == PAGE_VERIFICATION_FAILED) { %>
 		<% if(mSession) { %>
 			<% if(mSession->getSessionState() == SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
 				<p>Bitte versuche es erneut</p>
 				<form method="GET" action="/checkEmail">
 					<input type="number" name="email-verification-code">
 					<input class="grd_bn_succeed" type="submit" value="Überprüfe Code">
 				</form>
 			<% } else if(mSession->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_SEND) { %>
 				<div class="grd_text">Die E-Mail wurde nicht verschickt, bitte habe noch etwas Geduld.</div>
 			<% } else { %>
 				<div class="grd_text">Der Account wurde schon freigeschaltet.</div>
 				<a href="/">Zurück</a>
 			<% } %>
 		<% } else { %>
 			<p>Fehler, bitte wende dich an den Server-Admin order versuche dich erneut zu registrieren.</p>
 		<% } %>
 	<% } else { %>
 		<div class="grd_text">
 			Ungültige Seite, wenn du das siehst stimmt hier was nicht. Bitte wende dich an den Server-Admin. 
 		</div>
 	<% } %>
 </div>
 </body>
--- a/src/cpsp/passphrase.cpsp
+++ b/src/cpsp/passphrase.cpsp
@ -0,0 +1,110 @@
 <%@ page class="PassphrasePage" %>
 <%@ page baseClass="SessionHTTPRequestHandler" %>
 <%@ page ctorArg="Session*" %>
 <%@ header include="SessionHTTPRequestHandler.h" %>
 <%@ page form="true" %>
 <%@	page compressed="true" %>
 <%!
 enum PageState 
 {
 	PAGE_ASK_PASSPHRASE,
 	PAGE_SHOW_PASSPHRASE
 };
 %>
 <%%
 	PageState state = PAGE_ASK_PASSPHRASE;
 	bool hasErrors = mSession->errorCount() > 0;
 	// save login cookie, because maybe we've get an new session
 	auto cookie_id = mSession->getHandle();
 	auto user_host = request.clientAddress().host();
 	mSession->setClientIp(user_host);
 	response.addCookie(Poco::Net::HTTPCookie("user", std::to_string(cookie_id)));
 	if (!form.empty()) {
 		auto registerKeyChoice = form.get("passphrase", "");
 		std::string oldPassphrase = "";
 		if (registerKeyChoice == "no") {
 			auto oldPassphrase = form.get("passphrase-existing", "");
 			if (oldPassphrase != "" && User::validatePassphrase(oldPassphrase)) {
 				// passphrase is valid 
 				session->setPassphrase(oldPassphrase);
 				session->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
 				state = PAGE_SHOW_PASSPHRASE;
 			}
 			else {
 				session->addError(new Error("Merkspruch", "Dieser Merkspruch ist ung&uuml;ltig, bitte &uuml;berpr&uuml;fen oder neu generieren (lassen)."));
 			}
 		}
 		else if (registerKeyChoice == "yes") {
 			session->generatePassphrase();
 		}
 	}
 	if(mSession->getSessionState() == SESSION_STATE_PASSPHRASE_GENERATED) {
 		state = PAGE_SHOW_PASSPHRASE;
 		mSession->updateState(SESSION_STATE_PASSPHRASE_SHOWN);
 	}
 %>
 <!DOCTYPE html>
 <html>
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>Gradido Login Server: Merkspruch</title>
 <!--<link rel="stylesheet" type="text/css" href="css/styles.min.css">-->
 <link rel="stylesheet" type="text/css" href="https://gradido2.dario-rekowski.de/css/styles.css">
 <style type="text/css" >
 input:not([type='radio']) {
 	width:200px;
 }
 label:not(.grd_radio_label) {
 	width:80px;
 	display:inline-block;
 }
 </style>
 </head>
 <body>
 <div class="grd_container">
 	<% if(mSession && hasErrors) {%>
 		<%= mSession->getErrorsHtml() %>
 	<%} %>
 	<h1>Einen neuen Account anlegen</h1>
 	<% if(state == PAGE_SHOW_PASSPHRASE) {%>
 		<div class="grd_text-max-width">
 			<div class="grd_text">
 				Schreibe dir den Merkspruch auf und packe ihn gut weg. Du brauchst ihn um deine Adresse wiederherzustellen. Wenn du ihn verlierst, sind auch deine Gradidos verloren.
 			</div>
 			<div class="grd_textarea">
 				<%= mSession->getPassphrase() %>
 			</div>
 			<a href="/saveKeys">Weiter</a>
 		</div>
 	<% } else if(state == PAGE_ASK_PASSPHRASE) { %>
 	<form method="POST">
 		<fieldset class="grd_container_small">
 			<legend>Neue Gradido Adresse anlegen / wiederherstellen</legend>
 			<p>Hast du schonmal ein Gradido Konto besessen?</p>
 			<p class="grd_small">
 				<input id="passphrase-new-yes" type="radio" name="passphrase" value="yes" checked/>
 				<label class="grd_radio_label" for="passphrase-new-yes">Nein, bitte ein neues erstellen!</label>
 			</p>
 			<p class="grd_small">
 				<input id="passphrase-new-no" type="radio" name="passphrase" value="no"/>
 				<label class="grd_radio_label" for="passphrase-new-no">Ja, bitte wiederherstellen!</label>
 			</p>
 			<textarea style="width:100%;height:100px" name="passphrase-existing"><%= !form.empty() ? form.get("passphrase-existing", "") : "" %></textarea>
 		</fieldset>
 		<input class="grd_bn_succeed" type="submit" name="submit" value="Weiter">
 	</form>
 	<% } else { %>
 		<div class="grd_text">
 			Ungültige Seite, wenn du das siehst stimmt hier etwas nicht. Bitte wende dich an den Server-Admin. 
 		</div>
 	<% } %>
 </div>
 </body>
 </html>
--- a/src/cpsp/register.cpsp
+++ b/src/cpsp/register.cpsp
@ -56,11 +56,6 @@ label:not(.grd_radio_label) {
 			<div class="grd_text">
 				Deine Anmeldung wird verarbeitet und es wird dir eine E-Mail zugeschickt. 
 				Wenn sie da ist, befolge ihren Anweisungen. 
 				Möchtest du wissen ob die E-Mail schon verschickt wurde? 
 				Dann klicke einfach hier: 
 				<form action="/">
 					<input type="submit" value="Status überprüfen">
 				</form>
 			</div>
 		</div>
 	<% } else { %>
--- a/src/cpsp/saveKeys.cpsp
+++ b/src/cpsp/saveKeys.cpsp
@ -5,16 +5,42 @@
 <%@ page form="true" %>
 <%@	page compressed="true" %>
 <%!
-
+	enum PageState {
-#include "../model/Session.h"
+		PAGE_ASK,
-
+		PAGE_SHOW_PUBKEY
 	}
 %>
 <%%
 	bool hasErrors = mSession->errorCount() > 0;
 	bool hasPassword = mSession->getUser()->hasCryptoKey();
 	PageState state = PAGE_ASK;
 	if(!form.empty()) {
 		// privkey
 		auto savePrivkeyChoice = form.get("save-privkey");
 		bool savePrivkey = false;
 		if(savePrivkeyChoice == "yes") {
 			if(!hasPassword) {
 				// check pwd
 				auto pwd = form.get("save-privkey-password", "");
 				if(!mSession->getUser()->validatePwd(pwd)) {
 					mSession->addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
 					hasErrors = true;
 				} else {
 					savePrivkey = true;
 				}
 			} else {
 				savePrivkey = true;
 			}
 		}
 		if(!hasErrors) {
 			auto savePassphraseChoice = form.get("save-passphrase");
 			bool savePassphrase = false;
 			if(savePassphraseChoice == "yes") {
 				savePassphrase = true;
 			}
 		}
 	}
 %>
 <!DOCTYPE html>
@ -41,6 +67,7 @@ label:not(.grd_radio_label) {
 		<%= mSession->getErrorsHtml() %>
 	<%} %>
 	<h1>Daten speichern</h1>
 	<% if(state == PAGE_ASK) { %>
 	<form method="POST">
 		<fieldset>
 			<legend>Gradido Private Key speichern</legend>
@ -82,6 +109,9 @@ label:not(.grd_radio_label) {
 		</fieldset>
 		<input class="grd_bn_succeed" type="submit" value="Speichern">
 	</form>
 	<% } else if(state == PAGE_SHOW_PUBKEY) { %>
 	<% } %>
 </div>
 </body>
 </html>