From ecee2f079f027c1d3dcd507c0e1bd7a75970df8d Mon Sep 17 00:00:00 2001
From: Dario <dario.rekowski@gmx.de>
Date: Mon, 28 Oct 2019 14:44:50 +0100
Subject: [PATCH] check transaction for signing

---
 .../HTTPInterface/CheckTransactionPage.cpp    | 224 ++++++++++++++++++
 src/cpp/HTTPInterface/CheckTransactionPage.h  |  20 ++
 src/cpp/HTTPInterface/ElopageWebhook.cpp      |  28 +--
 src/cpp/HTTPInterface/ElopageWebhook.h        |   4 +-
 src/cpp/HTTPInterface/LoginPage.cpp           |  20 +-
 .../PageRequestHandlerFactory.cpp             |  75 ++++--
 .../HTTPInterface/PageRequestHandlerFactory.h |   3 +-
 .../PageRequestMessagedHandler.h              |   1 +
 src/cpp/HTTPInterface/SaveKeysPage.cpp        |   2 +-
 src/cpp/model/Profiler.cpp                    |   5 +
 src/cpp/model/Profiler.h                      |   1 +
 src/cpp/model/Session.cpp                     |  33 ++-
 src/cpp/model/Session.h                       |   2 +
 src/cpp/model/TransactionBase.cpp             |  17 ++
 src/cpp/model/TransactionBase.h               |   8 +
 src/cpp/model/TransactionCreation.cpp         |   4 +-
 src/cpp/model/TransactionCreation.h           |   3 +-
 src/cpp/model/TransactionTransfer.cpp         |   4 +-
 src/cpp/model/TransactionTransfer.h           |   2 +-
 src/cpp/tasks/ProcessingTransaction.cpp       |   4 +-
 src/cpp/tasks/SigningTransaction.cpp          |  16 ++
 src/cpp/tasks/SigningTransaction.h            |  40 ++++
 src/cpsp/checkTransaction.cpsp                |  59 ++++-
 src/cpsp/login.cpsp                           |  12 +-
 src/cpsp/saveKeys.cpsp                        |   2 +-
 25 files changed, 523 insertions(+), 66 deletions(-)
 create mode 100644 src/cpp/HTTPInterface/CheckTransactionPage.cpp
 create mode 100644 src/cpp/HTTPInterface/CheckTransactionPage.h
 create mode 100644 src/cpp/model/TransactionBase.cpp
 create mode 100644 src/cpp/tasks/SigningTransaction.cpp
 create mode 100644 src/cpp/tasks/SigningTransaction.h

diff --git a/src/cpp/HTTPInterface/CheckTransactionPage.cpp b/src/cpp/HTTPInterface/CheckTransactionPage.cpp
new file mode 100644
index 000000000..7113517ff
--- /dev/null
+++ b/src/cpp/HTTPInterface/CheckTransactionPage.cpp
@@ -0,0 +1,224 @@
+#include "CheckTransactionPage.h"
+#include "Poco/Net/HTTPServerRequest.h"
+#include "Poco/Net/HTTPServerResponse.h"
+#include "Poco/Net/HTMLForm.h"
+#include "Poco/DeflatingStream.h"
+
+
+#line 7 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+
+#include "../SingletonManager/SessionManager.h"
+#include "../model/TransactionCreation.h"
+#include "../model/TransactionTransfer.h"
+
+enum PageState {
+	PAGE_TRANSACTION_CREATION,
+	PAGE_TRANSACTION_TRANSFER,
+	PAGE_NO_TRANSACTIONS
+};
+
+
+
+CheckTransactionPage::CheckTransactionPage(Session* arg):
+	SessionHTTPRequestHandler(arg)
+{
+}
+
+
+void CheckTransactionPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
+{
+	response.setChunkedTransferEncoding(true);
+	response.setContentType("text/html");
+	bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
+	if (_compressResponse) response.set("Content-Encoding", "gzip");
+
+	Poco::Net::HTMLForm form(request, request.stream());
+#line 19 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ 
+	PageState state = PAGE_NO_TRANSACTIONS;
+	size_t notReadyTransactions = 0;
+	size_t sumTransactions = mSession->getProcessingTransactionCount();
+	auto processingTransaction = mSession->getNextReadyTransaction(&notReadyTransactions);
+	auto accountUser = mSession->getUser();
+	if(!processingTransaction.isNull()) {
+		auto transactionType = processingTransaction->getType();
+		switch(transactionType) {
+			case TRANSACTION_CREATION: state = PAGE_TRANSACTION_CREATION; break;
+			case TRANSACTION_TRANSFER: state = PAGE_TRANSACTION_TRANSFER; break;
+		}
+	}
+	bool hasErrors = false;
+	if(!form.empty()) {
+		auto ok = form.get("ok", "");
+		auto abort = form.get("abort", "");
+		if(abort != "") {
+			mSession->finalizeTransaction(false, true);
+		} else if(ok != "") {
+			if(!accountUser->hasCryptoKey()) {
+				auto pwd = form.get("sign-password", "");
+				if(!mSession->isPwdValid(pwd)) {
+					addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
+					hasErrors = true;
+				}
+			}
+			if(!hasErrors) {
+				mSession->finalizeTransaction(true, false);
+			}
+		}
+	}
+
+	std::ostream& _responseStream = response.send();
+	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
+	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
+	responseStream << "\n";
+	responseStream << "<!DOCTYPE html>\n";
+	responseStream << "<html>\n";
+	responseStream << "<head>\n";
+	responseStream << "<meta charset=\"UTF-8\">\n";
+	responseStream << "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
+	responseStream << "<title>Gradido Login Server: &Uuml;berpr&uuml;fe Transaktion</title>\n";
+	responseStream << "<!--<link rel=\"stylesheet\" type=\"text/css\" href=\"css/styles.min.css\">-->\n";
+	responseStream << "<link rel=\"stylesheet\" type=\"text/css\" href=\"https://gradido2.dario-rekowski.de/css/styles.css\">\n";
+	responseStream << "<style type=\"text/css\" >\n";
+	responseStream << ".grd_container\n";
+	responseStream << "{\n";
+	responseStream << "  max-width:820px;\n";
+	responseStream << "  margin-left:auto;\n";
+	responseStream << "  margin-right:auto;\n";
+	responseStream << "}\n";
+	responseStream << "\n";
+	responseStream << "input:not([type='radio']) {\n";
+	responseStream << "\twidth:200px;\n";
+	responseStream << "}\n";
+	responseStream << "label:not(.grd_radio_label) {\n";
+	responseStream << "\twidth:80px;\n";
+	responseStream << "\tdisplay:inline-block;\n";
+	responseStream << "}\n";
+	responseStream << "</style>\n";
+	responseStream << "</head>\n";
+	responseStream << "<body>\n";
+	responseStream << "<div class=\"grd_container\">\n";
+	responseStream << "\t<h1>Eine Transaktion pr&uuml;fen</h1>\n";
+	responseStream << "\t";
+#line 81 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( getErrorsHtml() );
+	responseStream << "\n";
+	responseStream << "\t";
+#line 82 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ if(sumTransactions - notReadyTransactions != 1) { 	responseStream << "\n";
+	responseStream << "\t\t<pre>";
+#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( sumTransactions - notReadyTransactions );
+	responseStream << " von ";
+#line 83 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( sumTransactions );
+	responseStream << " Transaktionen sind bereit zum pr&uuml;fen</pre>\n";
+	responseStream << "\t";
+#line 84 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "\t";
+#line 85 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ if(state == PAGE_NO_TRANSACTIONS) { 	responseStream << "\n";
+	responseStream << "\t<div class=\"grd_text-max-width\">\n";
+	responseStream << "\t\t";
+#line 87 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ if(sumTransactions == 0) { 	responseStream << "\n";
+	responseStream << "\t\t\t<div class=\"grd_text\">Es gibt zurzeit keine Transaktionen zum &uuml;berpr&uuml;fen</div>\n";
+	responseStream << "\t\t";
+#line 89 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } else { 	responseStream << "\n";
+	responseStream << "\t\t\t<div class=\"grd_text\">Transaktion(en) werden noch vorbereitet, bitte lade die Seite in wenigen Augenblicken erneut.</div>\n";
+	responseStream << "\t\t";
+#line 91 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "\t</div>\n";
+	responseStream << "\t\n";
+	responseStream << "\t";
+#line 94 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } else if(state == PAGE_TRANSACTION_CREATION) { 
+		auto creationTransaction = processingTransaction->getCreationTransaction();
+		auto transactionUser = creationTransaction->getUser();
+		
+		responseStream << "\n";
+	responseStream << "\t<div class=\"grd_text-max-width\">\n";
+	responseStream << "\t\t<h2>Sch&ouml;pfungstransaktion</h2>\n";
+	responseStream << "\t\t<b>Memo: </b>\n";
+	responseStream << "\t\t<p>";
+#line 102 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( creationTransaction->getMemo() );
+	responseStream << "</p>\n";
+	responseStream << "\t\t<b>Empf&auml;nger: </b>\n";
+	responseStream << "\t\t";
+#line 104 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ if(transactionUser) { 	responseStream << "\n";
+	responseStream << "\t\t\t";
+#line 105 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( transactionUser->getFirstName() );
+	responseStream << " ";
+#line 105 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( transactionUser->getLastName() );
+	responseStream << "\n";
+	responseStream << "\t\t\t";
+#line 106 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( transactionUser->getEmail() );
+	responseStream << "\n";
+	responseStream << "\t\t";
+#line 107 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } else { 	responseStream << "\n";
+	responseStream << "\t\t\t";
+#line 108 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( creationTransaction->getPublicHex() );
+	responseStream << "\n";
+	responseStream << "\t\t";
+#line 109 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "\t\t<b>Summe: </b>\n";
+	responseStream << "\t\t";
+#line 111 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( creationTransaction->getAmountString() );
+	responseStream << "&nbsp;Gradido\n";
+	responseStream << "\t\t<form >\n";
+	responseStream << "\t\t\tUnterschreiben mit aktuellem Account?<br>\n";
+	responseStream << "\t\t\t<p>";
+#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( accountUser->getFirstName() );
+	responseStream << " ";
+#line 114 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( accountUser->getLastName() );
+	responseStream << "</p>\n";
+	responseStream << "\t\t\t<p>";
+#line 115 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( accountUser->getEmail() );
+	responseStream << "</p>\n";
+	responseStream << "\t\t\t";
+#line 116 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ // TODO: additional password check 	responseStream << "\n";
+	responseStream << "\t\t\t";
+#line 117 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ if(!accountUser->hasCryptoKey()) {	responseStream << "\n";
+	responseStream << "\t\t\t<p>Ich brauche nochmal dein Passwort</p>\n";
+	responseStream << "\t\t\t\t<p class=\"grd_small\">\n";
+	responseStream << "\t\t\t\t\t<label for=\"sign-password\">Passwort</label>\n";
+	responseStream << "\t\t\t\t\t<input id=\"sign-password\" type=\"password\" name=\"sign-password\"/>\n";
+	responseStream << "\t\t\t\t</p>\n";
+	responseStream << "\t\t\t";
+#line 123 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "\t\t\t<input class=\"grd_bn grd_bn_succeed grd_clickable\" type=\"submit\" name=\"ok\" value=\"Transaktion unterzeichnen\">\n";
+	responseStream << "\t\t\t<input class=\"grd_bn grd_bn_delete grd_clickable\" type=\"submit\" name=\"abort\" value=\"Transaktion verwerfen\">\n";
+	responseStream << "\t\t</form>\n";
+	responseStream << "\t</div>\t\n";
+	responseStream << "\t";
+#line 128 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+ } 	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "<div class=\"grd-time-used\">\n";
+	responseStream << "\t";
+#line 131 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\checkTransaction.cpsp"
+	responseStream << ( mTimeProfiler.string() );
+	responseStream << "\n";
+	responseStream << "</div>\n";
+	responseStream << "</body>\n";
+	responseStream << "</html>";
+	if (_compressResponse) _gzipStream.close();
+}
diff --git a/src/cpp/HTTPInterface/CheckTransactionPage.h b/src/cpp/HTTPInterface/CheckTransactionPage.h
new file mode 100644
index 000000000..1677260f8
--- /dev/null
+++ b/src/cpp/HTTPInterface/CheckTransactionPage.h
@@ -0,0 +1,20 @@
+#ifndef CheckTransactionPage_INCLUDED
+#define CheckTransactionPage_INCLUDED
+
+
+#include "Poco/Net/HTTPRequestHandler.h"
+
+
+#include "SessionHTTPRequestHandler.h"
+
+
+class CheckTransactionPage: public SessionHTTPRequestHandler
+{
+public:
+	CheckTransactionPage(Session*);
+
+	void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
+};
+
+
+#endif // CheckTransactionPage_INCLUDED
diff --git a/src/cpp/HTTPInterface/ElopageWebhook.cpp b/src/cpp/HTTPInterface/ElopageWebhook.cpp
index cfa2299b9..9d7d01ca2 100644
--- a/src/cpp/HTTPInterface/ElopageWebhook.cpp
+++ b/src/cpp/HTTPInterface/ElopageWebhook.cpp
@@ -1,7 +1,6 @@
 #include "ElopageWebhook.h"
 #include "Poco/Net/HTTPServerRequest.h"
 #include "Poco/Net/HTTPServerResponse.h"
-#include "Poco/DeflatingStream.h"
 #include "Poco/URI.h"
 #include "Poco/Data/Binding.h"
 
@@ -26,8 +25,7 @@ void ElopageWebhook::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	// simply write request to file for later lookup
 	//ServerConfig::writeToFile(request.stream(), "elopage_webhook_requests.txt");
 
-	
-
+	// empty response, we didn't need to set anything
 
 	std::istream& stream = request.stream();
 	std::string completeRequest;
@@ -90,6 +88,12 @@ void ElopageWebhook::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 		breakCount--;
 	}
 
+	// check event type
+	std::string event = elopageRequestData.get("event", "");
+	if (event == "lesson.viewed") {
+		return;
+	}
+
 	// write stream result also to file
 	static Poco::Mutex mutex;
 
@@ -116,17 +120,6 @@ void ElopageWebhook::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::
 	UniLib::controller::TaskPtr handleElopageTask(new HandleElopageRequestTask(elopageRequestData));
 	handleElopageTask->scheduleTask(handleElopageTask);
 
-	response.setChunkedTransferEncoding(true);
-	response.setContentType("application/json");
-	bool _compressResponse(request.hasToken("Accept-Encoding", "gzip"));
-	if (_compressResponse) response.set("Content-Encoding", "gzip");
-
-	
-	std::ostream& _responseStream = response.send();
-	Poco::DeflatingOutputStream _gzipStream(_responseStream, Poco::DeflatingStreamBuf::STREAM_GZIP, 1);
-	std::ostream& responseStream = _compressResponse ? _gzipStream : _responseStream;
-	
-	if (_compressResponse) _gzipStream.close();
 }
 
 
@@ -197,7 +190,12 @@ int HandleElopageRequestTask::getUserIdFromDB()
 int HandleElopageRequestTask::run()
 {
 	// get input data
-	
+	// check event type
+	std::string event = mRequestData.get("event", "");
+	if (event == "lesson.viewed") {
+		return 0;
+	}
+
 	mEmail = mRequestData.get("payer[email]", "");
 	mFirstName = mRequestData.get("payer[first_name]", "");
 	mLastName = mRequestData.get("payer[last_name]", "");
diff --git a/src/cpp/HTTPInterface/ElopageWebhook.h b/src/cpp/HTTPInterface/ElopageWebhook.h
index 231809c4a..c6219e324 100644
--- a/src/cpp/HTTPInterface/ElopageWebhook.h
+++ b/src/cpp/HTTPInterface/ElopageWebhook.h
@@ -2,13 +2,13 @@
 #define Elopage_Webhook_INCLUDED
 
 
-#include "Poco/Net/HTTPRequestHandler.h"
+#include "PageRequestMessagedHandler.h"
 #include "../tasks/CPUTask.h"
 #include "../model/ErrorList.h"
 
 #include "Poco/Net/NameValueCollection.h"
 
-class ElopageWebhook : public Poco::Net::HTTPRequestHandler
+class ElopageWebhook : public PageRequestMessagedHandler
 {
 public:
 	void handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response);
diff --git a/src/cpp/HTTPInterface/LoginPage.cpp b/src/cpp/HTTPInterface/LoginPage.cpp
index 654a9e2f9..47071b36b 100644
--- a/src/cpp/HTTPInterface/LoginPage.cpp
+++ b/src/cpp/HTTPInterface/LoginPage.cpp
@@ -7,9 +7,12 @@
 
 #line 6 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
  
-#include "../SingletonManager/SessionManager.h"
+
 #include "Poco/Net/HTTPCookie.h"
 #include "Poco/Net/HTTPServerParams.h"
+#include "Poco/Logger.h"
+
+#include "../SingletonManager/SessionManager.h"
 #include "../model/Profiler.h"
 #include "../ServerConfig.h"	
 	
@@ -23,7 +26,7 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	if (_compressResponse) response.set("Content-Encoding", "gzip");
 
 	Poco::Net::HTMLForm form(request, request.stream());
-#line 14 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+#line 17 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
  
 	
 	auto sm = SessionManager::getInstance();
@@ -36,9 +39,14 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 			auto session = sm->getSession(request);
 			if(!session) {
 				session = sm->getNewSession();		
-				auto user_host = request.clientAddress().host();
+				
+				// for debugging client ip
 				auto client_ip = request.clientAddress();
-				printf("client ip: %s\n", client_ip.toString().data());
+				std::string clientIpString = "client ip: ";
+				clientIpString += client_ip.toString();
+				Poco::Logger::get("requestLog").information(clientIpString);
+				// debugging end
+				auto user_host = request.clientAddress().host();
 				session->setClientIp(user_host);
 				response.addCookie(session->getLoginCookie());
 			}
@@ -109,7 +117,7 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "\t<div class=\"grd_container\">\n";
 	responseStream << "\t\t<h1>Login</h1>\n";
 	responseStream << "\t\t";
-#line 93 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+#line 103 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
 	responseStream << ( getErrorsHtml() );
 	responseStream << "\n";
 	responseStream << "\t\t<fieldset class=\"grd_container_small\">\n";
@@ -131,7 +139,7 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
 	responseStream << "\t</div>\n";
 	responseStream << "\t<div class=\"grd-time-used\">\n";
 	responseStream << "\t\t";
-#line 112 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
+#line 122 "I:\\Code\\C++\\Eigene_Projekte\\Gradido_LoginServer\\src\\cpsp\\login.cpsp"
 	responseStream << ( mTimeProfiler.string() );
 	responseStream << "\n";
 	responseStream << "\t</div>\n";
diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
index 350146926..dab43617a 100644
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
@@ -33,7 +33,7 @@ PageRequestHandlerFactory::PageRequestHandlerFactory()
 Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(const Poco::Net::HTTPServerRequest& request)
 {
 	//printf("request uri: %s\n", request.getURI().data());
-
+	Profiler timeUsed;
 	std::string uri = request.getURI();
 	std::string url_first_part;
 	mRemoveGETParameters.extract(uri, url_first_part);
@@ -48,7 +48,9 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 
 	if (url_first_part == "/elopage_webhook_261") {
 		printf("call from elopage\n");
-		return new ElopageWebhook;
+		auto pageRequestHandler = new ElopageWebhook;
+		pageRequestHandler->setProfiler(timeUsed);
+		return pageRequestHandler;
 	}
 
 	// check if user has valid session
@@ -78,16 +80,20 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 	if (url_first_part == "/checkEmail") {
 		//return new CheckEmailPage(s);
 		if (!s || s->getSessionState() < SESSION_STATE_EMAIL_VERIFICATION_CODE_CHECKED) {
-			return handleCheckEmail(s, uri, request);
+			return handleCheckEmail(s, uri, request, timeUsed);
 		}
 	}
 	if (url_first_part == "/register") {
-		return new RegisterPage;
+		auto pageRequestHandler = new RegisterPage;
+		pageRequestHandler->setProfiler(timeUsed);
+		return pageRequestHandler;
 	}
 	if (s) {
 		auto user = s->getUser();
 		if (s->errorCount() || (!user.isNull() && user->errorCount())) {
-			return new Error500Page(s);
+			auto pageRequestHandler = new Error500Page(s);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 
 		if(url_first_part == "/logout") {
@@ -95,12 +101,16 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 			// remove cookie
 			
 			//printf("session released\n");
-			return new LoginPage;
+			auto pageRequestHandler = new LoginPage;
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 		if(url_first_part == "/user_delete") {
 			if(s->deleteUser()) {
 				sm->releaseSession(s);
-				return new LoginPage;			
+				auto pageRequestHandler = new LoginPage;
+				pageRequestHandler->setProfiler(timeUsed);
+				return pageRequestHandler;
 			}			
 		}
 		auto sessionState = s->getSessionState();
@@ -108,18 +118,27 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 		   sessionState == SESSION_STATE_PASSPHRASE_GENERATED) {
 		//if (url_first_part == "/passphrase") {
 			//return handlePassphrase(s, request);
-			return new PassphrasePage(s);
+			auto pageRequestHandler = new PassphrasePage(s);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 		else if(sessionState == SESSION_STATE_PASSPHRASE_SHOWN) {
 		//else if (uri == "/saveKeys") {
-			return new SaveKeysPage(s);
+			auto pageRequestHandler = new SaveKeysPage(s);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 		if (url_first_part == "/checkTransactions") {
-			return new CheckTransactionPage(s);
+			auto pageRequestHandler = new CheckTransactionPage(s);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
+
 		}
 		if (s && !user.isNull() && user->hasCryptoKey()) {
 			//printf("[PageRequestHandlerFactory] go to dashboard page with user\n");
-			return new DashboardPage(s);
+			auto pageRequestHandler = new DashboardPage(s);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 		
 	} else {
@@ -128,17 +147,20 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
 			return new ConfigPage;
 		}
 		else if (url_first_part == "/login") {
-			return new LoginPage;
+			auto pageRequestHandler = new LoginPage;
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 	}
-	return new LoginPage;
+	auto pageRequestHandler = new LoginPage;
+	pageRequestHandler->setProfiler(timeUsed);
+	return pageRequestHandler;
 	//return new HandleFileRequest;
 	//return new PageRequestHandlerFactory;
 }
 
-Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request)
+Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request, Profiler timeUsed)
 {
-	Profiler timeUsed;
 	Poco::Net::HTMLForm form(request);
 	unsigned long long verificationCode = 0;
 
@@ -171,7 +193,9 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 
 	// if no verification code given or error with given code, show form
 	if (!verificationCode) {
-		return new CheckEmailPage(session);
+		auto pageRequestHandler = new CheckEmailPage(session);
+		pageRequestHandler->setProfiler(timeUsed);
+		return pageRequestHandler;
 	}
 
 	// we have a verification code, now let's check that thing
@@ -197,7 +221,9 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 		}
 		else {	
 			//sm->releaseSession(session);
-			return new CheckEmailPage(session);
+			auto pageRequestHandler = new CheckEmailPage(session);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 	}
 	// suitable session found or created
@@ -207,20 +233,25 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 
 		if (session->getUser()->isEmptyPassword()) {
 			// user has no password, maybe account created from elopage webhook
-			return new UpdateUserPasswordPage(session);
+			auto pageRequestHandler = new UpdateUserPasswordPage(session);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 
 		// update session, mark as verified 
 		if (session->updateEmailVerification(verificationCode)) {
 			printf("[PageRequestHandlerFactory::handleCheckEmail] timeUsed: %s\n", timeUsed.string().data());
-			return new PassphrasePage(session);
+			auto pageRequestHandler = new PassphrasePage(session);
+			pageRequestHandler->setProfiler(timeUsed);
+			return pageRequestHandler;
 		}
 		
 	}
 	if (session) {
 		sm->releaseSession(session);
 	}
-	
-	return new CheckEmailPage(nullptr);
-	
+
+	auto pageRequestHandler = new CheckEmailPage(nullptr);
+	pageRequestHandler->setProfiler(timeUsed);
+	return pageRequestHandler;
 }
diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.h b/src/cpp/HTTPInterface/PageRequestHandlerFactory.h
index d3654a01d..fe9edbdf2 100644
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.h
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.h
@@ -5,6 +5,7 @@
 #include "Poco/RegularExpression.h"
 #include "Poco/Logger.h"
 #include "../model/Session.h"
+#include "../model/Profiler.h"
 
 #define HTTP_PAGES_COUNT 1
 
@@ -15,7 +16,7 @@ public:
 	Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request);
 
 protected:
-	Poco::Net::HTTPRequestHandler* handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request);
+	Poco::Net::HTTPRequestHandler* handleCheckEmail(Session* session, const std::string uri, const Poco::Net::HTTPServerRequest& request, Profiler timeUsed);
 
 	Poco::RegularExpression mRemoveGETParameters;
 	Poco::Logger& mLogging;
diff --git a/src/cpp/HTTPInterface/PageRequestMessagedHandler.h b/src/cpp/HTTPInterface/PageRequestMessagedHandler.h
index f5fd04823..6ea805868 100644
--- a/src/cpp/HTTPInterface/PageRequestMessagedHandler.h
+++ b/src/cpp/HTTPInterface/PageRequestMessagedHandler.h
@@ -13,6 +13,7 @@ class PageRequestMessagedHandler : public Poco::Net::HTTPRequestHandler, public
 public:
 	PageRequestMessagedHandler() {}
 
+	inline void setProfiler(Profiler profiler) { mTimeProfiler = profiler; }
 	//Poco::Net::HTTPRequestHandler* createRequestHandler(const Poco::Net::HTTPServerRequest& request);
 
 protected:
diff --git a/src/cpp/HTTPInterface/SaveKeysPage.cpp b/src/cpp/HTTPInterface/SaveKeysPage.cpp
index 93307c5a5..d004cf9c5 100644
--- a/src/cpp/HTTPInterface/SaveKeysPage.cpp
+++ b/src/cpp/HTTPInterface/SaveKeysPage.cpp
@@ -139,7 +139,7 @@ void SaveKeysPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Ne
  if(!hasPassword) { 	responseStream << "\n";
 	responseStream << "\t\t\t\t<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>\n";
 	responseStream << "\t\t\t\t<p class=\"grd_small\">\n";
-	responseStream << "\t\t\t\t\t<label for=\"login-password\">Passwort</label>\n";
+	responseStream << "\t\t\t\t\t<label for=\"save-privkey-password\">Passwort</label>\n";
 	responseStream << "\t\t\t\t\t<input id=\"save-privkey-password\" type=\"password\" name=\"save-privkey-password\"/>\n";
 	responseStream << "\t\t\t\t</p>\n";
 	responseStream << "\t\t\t";
diff --git a/src/cpp/model/Profiler.cpp b/src/cpp/model/Profiler.cpp
index d3b3255ce..bca7e2035 100644
--- a/src/cpp/model/Profiler.cpp
+++ b/src/cpp/model/Profiler.cpp
@@ -7,6 +7,11 @@ Profiler::Profiler()
 	reset();
 }
 
+Profiler::Profiler(const Profiler& copy)
+{
+	mStartTick = copy.mStartTick;
+}
+
 Profiler::~Profiler()
 {
 
diff --git a/src/cpp/model/Profiler.h b/src/cpp/model/Profiler.h
index e86a83652..e1d4be5a9 100644
--- a/src/cpp/model/Profiler.h
+++ b/src/cpp/model/Profiler.h
@@ -17,6 +17,7 @@ class Profiler
 {
 public:
 	Profiler();
+	Profiler(const Profiler& copy);
 	~Profiler();
 
 	inline void reset() { mStartTick = std::chrono::high_resolution_clock::now(); }
diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp
index 60253f5ac..33ccc1591 100644
--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@@ -307,25 +307,48 @@ Poco::AutoPtr<ProcessingTransaction> Session::getNextReadyTransaction(size_t* wo
 	if (working) {
 		*working = 0;
 	}
-	Poco::AutoPtr<ProcessingTransaction> ret;
+	else if (!mCurrentActiveProcessingTransaction.isNull()) 
+	{
+		unlock();
+		return mCurrentActiveProcessingTransaction;	
+	}
 	for (auto it = mProcessingTransactions.begin(); it != mProcessingTransactions.end(); it++) {
 		if (working && !(*it)->isTaskFinished()) {
 			*working++;
 		}
-		if (ret.isNull() && (*it)->isTaskFinished()) {
+		if (mCurrentActiveProcessingTransaction.isNull() && (*it)->isTaskFinished()) {
 			if (!working) {
+				mCurrentActiveProcessingTransaction = *it;
 				unlock();
-				return *it;
+				return mCurrentActiveProcessingTransaction;
 			}
 			// no early exit
 			else {
-				ret = *it;
+				mCurrentActiveProcessingTransaction = *it;
 			}
 			
 		}
 	}
 	unlock();
-	return nullptr;
+	return mCurrentActiveProcessingTransaction;
+}
+
+void Session::finalizeTransaction(bool sign, bool reject)
+{
+	lock();
+	if (mCurrentActiveProcessingTransaction.isNull()) {
+		unlock();
+		return;
+	}
+	mProcessingTransactions.remove(mCurrentActiveProcessingTransaction);
+	
+	if (!reject) {
+		if (sign) {
+
+		}
+	}
+	mCurrentActiveProcessingTransaction = nullptr;
+	unlock();
 }
 
 bool Session::isPwdValid(const std::string& pwd)
diff --git a/src/cpp/model/Session.h b/src/cpp/model/Session.h
index 49420f89d..4fedf92c8 100644
--- a/src/cpp/model/Session.h
+++ b/src/cpp/model/Session.h
@@ -102,6 +102,7 @@ public:
 	bool startProcessingTransaction(const std::string& proto_message_base64);
 	//! \param working if set will filled with transaction running
 	Poco::AutoPtr<ProcessingTransaction> getNextReadyTransaction(size_t* working = nullptr);
+	void finalizeTransaction(bool sign, bool reject);
 	inline size_t getProcessingTransactionCount() { lock(); auto ret = mProcessingTransactions.size(); unlock(); return ret; }
 
 protected:
@@ -127,6 +128,7 @@ private:
 
 	bool mActive;
 	std::list<Poco::AutoPtr<ProcessingTransaction>> mProcessingTransactions;
+	Poco::AutoPtr<ProcessingTransaction> mCurrentActiveProcessingTransaction;
 };
 
 
diff --git a/src/cpp/model/TransactionBase.cpp b/src/cpp/model/TransactionBase.cpp
new file mode 100644
index 000000000..665f38f80
--- /dev/null
+++ b/src/cpp/model/TransactionBase.cpp
@@ -0,0 +1,17 @@
+#include "TransactionBase.h"
+#include <iomanip>
+
+
+TransactionBase::TransactionBase(const std::string& memo)
+	: mMemo(memo)
+{
+
+}
+
+std::string TransactionBase::amountToString(google::protobuf::int64 amount)
+{
+	std::stringstream ss;
+	double dAmount = amount / 10000.0;
+	ss << std::fixed << std::setprecision(2) << dAmount;
+	return ss.str();
+}
diff --git a/src/cpp/model/TransactionBase.h b/src/cpp/model/TransactionBase.h
index d61e21196..6ab247329 100644
--- a/src/cpp/model/TransactionBase.h
+++ b/src/cpp/model/TransactionBase.h
@@ -10,11 +10,19 @@
 #define GRADIDO_LOGIN_SERVER_MODEL_TRANSACTION_BASE_INCLUDE
 
 #include "ErrorList.h"
+#include "../proto/gradido/BasicTypes.pb.h"
 
 class TransactionBase : public ErrorList
 {
 public:
+	TransactionBase(const std::string& memo);
 	virtual int prepare() = 0;
+
+	static std::string amountToString(google::protobuf::int64 amount);
+	inline const std::string& getMemo() const { return mMemo; }
+
+protected:
+	std::string mMemo;
 };
 
 #endif //GRADIDO_LOGIN_SERVER_MODEL_TRANSACTION_BASE_INCLUDE
\ No newline at end of file
diff --git a/src/cpp/model/TransactionCreation.cpp b/src/cpp/model/TransactionCreation.cpp
index ba4363595..6d7a12fd7 100644
--- a/src/cpp/model/TransactionCreation.cpp
+++ b/src/cpp/model/TransactionCreation.cpp
@@ -1,8 +1,8 @@
 #include "TransactionCreation.h"
 #include <sodium.h>
 
-TransactionCreation::TransactionCreation(const model::messages::gradido::TransactionCreation& protoCreation)
-	: mProtoCreation(protoCreation), mReceiverUser(nullptr)
+TransactionCreation::TransactionCreation(const std::string& memo, const model::messages::gradido::TransactionCreation& protoCreation)
+	: TransactionBase(memo), mProtoCreation(protoCreation), mReceiverUser(nullptr)
 {
 	memset(mReceiverPublicHex, 0, 65);
 }
diff --git a/src/cpp/model/TransactionCreation.h b/src/cpp/model/TransactionCreation.h
index 94c229392..af489c5c7 100644
--- a/src/cpp/model/TransactionCreation.h
+++ b/src/cpp/model/TransactionCreation.h
@@ -16,7 +16,7 @@
 class TransactionCreation : public TransactionBase
 {
 public:
-	TransactionCreation(const model::messages::gradido::TransactionCreation& protoCreation);
+	TransactionCreation(const std::string& memo, const model::messages::gradido::TransactionCreation& protoCreation);
 	~TransactionCreation();
 
 	int prepare();
@@ -25,6 +25,7 @@ public:
 	inline google::protobuf::int64 getAmount() { return mProtoCreation.receiveramount().amount(); }
 	inline char* getPublicHex() { return mReceiverPublicHex; }
 
+	inline std::string getAmountString() { return amountToString(getAmount()); }
 
 protected:
 	const model::messages::gradido::TransactionCreation& mProtoCreation;
diff --git a/src/cpp/model/TransactionTransfer.cpp b/src/cpp/model/TransactionTransfer.cpp
index 7cf1b2cb8..ca2c405bc 100644
--- a/src/cpp/model/TransactionTransfer.cpp
+++ b/src/cpp/model/TransactionTransfer.cpp
@@ -1,7 +1,7 @@
 #include "TransactionTransfer.h"
 
-TransactionTransfer::TransactionTransfer(const model::messages::gradido::Transfer& protoTransfer)
-	: mProtoTransfer(protoTransfer)
+TransactionTransfer::TransactionTransfer(const std::string& memo, const model::messages::gradido::Transfer& protoTransfer)
+	: TransactionBase(memo), mProtoTransfer(protoTransfer)
 {
 
 }
diff --git a/src/cpp/model/TransactionTransfer.h b/src/cpp/model/TransactionTransfer.h
index a977cd3f6..22363ef03 100644
--- a/src/cpp/model/TransactionTransfer.h
+++ b/src/cpp/model/TransactionTransfer.h
@@ -15,7 +15,7 @@
 class TransactionTransfer : public TransactionBase
 {
 public:
-	TransactionTransfer(const model::messages::gradido::Transfer& protoTransfer);
+	TransactionTransfer(const std::string& memo, const model::messages::gradido::Transfer& protoTransfer);
 
 	int prepare();
 
diff --git a/src/cpp/tasks/ProcessingTransaction.cpp b/src/cpp/tasks/ProcessingTransaction.cpp
index 6debc796b..927c94d48 100644
--- a/src/cpp/tasks/ProcessingTransaction.cpp
+++ b/src/cpp/tasks/ProcessingTransaction.cpp
@@ -57,11 +57,11 @@ int ProcessingTransaction::run()
 	// check Type
 	if (mTransactionBody.has_creation()) {
 		mType = TRANSACTION_CREATION;
-		mTransactionSpecific = new TransactionCreation(mTransactionBody.creation());
+		mTransactionSpecific = new TransactionCreation(mTransactionBody.memo(), mTransactionBody.creation());
 	}
 	else if (mTransactionBody.has_transfer()) {
 		mType = TRANSACTION_TRANSFER;
-		mTransactionSpecific = new TransactionTransfer(mTransactionBody.transfer());
+		mTransactionSpecific = new TransactionTransfer(mTransactionBody.memo(), mTransactionBody.transfer());
 	}
 	if (mTransactionSpecific) {
 		if (mTransactionSpecific->prepare()) {
diff --git a/src/cpp/tasks/SigningTransaction.cpp b/src/cpp/tasks/SigningTransaction.cpp
new file mode 100644
index 000000000..bcd46b019
--- /dev/null
+++ b/src/cpp/tasks/SigningTransaction.cpp
@@ -0,0 +1,16 @@
+#include "SigningTransaction.h"
+
+SigningTransaction::SigningTransaction(Poco::AutoPtr<ProcessingTransaction> transactionBody)
+	: mTransactionBody(transactionBody)
+{
+
+}
+
+SigningTransaction::~SigningTransaction()
+{
+
+}
+
+int SigningTransaction::run() {
+	return 0;
+}
\ No newline at end of file
diff --git a/src/cpp/tasks/SigningTransaction.h b/src/cpp/tasks/SigningTransaction.h
new file mode 100644
index 000000000..234580274
--- /dev/null
+++ b/src/cpp/tasks/SigningTransaction.h
@@ -0,0 +1,40 @@
+#ifndef GRADIDO_LOGIN_SERVER_TASKS_SIGNING_TRANSACTION_INCLUDE 
+#define GRADIDO_LOGIN_SERVER_TASKS_SIGNING_TRANSACTION_INCLUDE
+
+#include "CPUTask.h"
+
+#include "../model/ErrorList.h"
+#include "../model/TransactionBase.h"
+
+#include "../proto/gradido/Transaction.pb.h"
+
+#include "ProcessingTransaction.h"
+
+/*
+* @author: Dario Rekowski
+*
+* @date: 28.10.19
+* @desc: Task for signing Transactions
+*/
+
+class SigningTransaction : public UniLib::controller::CPUTask, public ErrorList
+{
+public:
+	SigningTransaction(Poco::AutoPtr<ProcessingTransaction> transactionBody);
+	virtual ~SigningTransaction();
+
+	int run();
+
+	const char* getResourceType() const { return "SigningTransaction"; };
+
+	
+
+protected:
+	Poco::AutoPtr<ProcessingTransaction> mTransactionBody;
+	
+private:
+
+};
+
+
+#endif //GRADIDO_LOGIN_SERVER_TASKS_SIGNING_TRANSACTION_INCLUDE
\ No newline at end of file
diff --git a/src/cpsp/checkTransaction.cpsp b/src/cpsp/checkTransaction.cpsp
index 9c682e2b3..219ed8857 100644
--- a/src/cpsp/checkTransaction.cpsp
+++ b/src/cpsp/checkTransaction.cpsp
@@ -6,6 +6,8 @@
 <%@	page compressed="true" %>
 <%!
 #include "../SingletonManager/SessionManager.h"
+#include "../model/TransactionCreation.h"
+#include "../model/TransactionTransfer.h"
 
 enum PageState {
 	PAGE_TRANSACTION_CREATION,
@@ -19,6 +21,7 @@ enum PageState {
 	size_t notReadyTransactions = 0;
 	size_t sumTransactions = mSession->getProcessingTransactionCount();
 	auto processingTransaction = mSession->getNextReadyTransaction(&notReadyTransactions);
+	auto accountUser = mSession->getUser();
 	if(!processingTransaction.isNull()) {
 		auto transactionType = processingTransaction->getType();
 		switch(transactionType) {
@@ -26,7 +29,25 @@ enum PageState {
 			case TRANSACTION_TRANSFER: state = PAGE_TRANSACTION_TRANSFER; break;
 		}
 	}
-	
+	bool hasErrors = false;
+	if(!form.empty()) {
+		auto ok = form.get("ok", "");
+		auto abort = form.get("abort", "");
+		if(abort != "") {
+			mSession->finalizeTransaction(false, true);
+		} else if(ok != "") {
+			if(!accountUser->hasCryptoKey()) {
+				auto pwd = form.get("sign-password", "");
+				if(!mSession->isPwdValid(pwd)) {
+					addError(new Error("Passwort", "Das Passwort stimmt nicht. Bitte verwende dein Passwort von der Registrierung"));
+					hasErrors = true;
+				}
+			}
+			if(!hasErrors) {
+				mSession->finalizeTransaction(true, false);
+			}
+		}
+	}
 
 %>
 <!DOCTYPE html>
@@ -56,7 +77,6 @@ label:not(.grd_radio_label) {
 </head>
 <body>
 <div class="grd_container">
-	
 	<h1>Eine Transaktion pr&uuml;fen</h1>
 	<%= getErrorsHtml() %>
 	<% if(sumTransactions - notReadyTransactions != 1) { %>
@@ -71,7 +91,40 @@ label:not(.grd_radio_label) {
 		<% } %>
 	</div>
 	
-	<% } else if(state == PAGE_TRANSACTION_CREATION) { %>
+	<% } else if(state == PAGE_TRANSACTION_CREATION) { 
+		auto creationTransaction = processingTransaction->getCreationTransaction();
+		auto transactionUser = creationTransaction->getUser();
+		
+	%>
+	<div class="grd_text-max-width">
+		<h2>Sch&ouml;pfungstransaktion</h2>
+		<b>Memo: </b>
+		<p><%= creationTransaction->getMemo() %></p>
+		<b>Empf&auml;nger: </b>
+		<% if(transactionUser) { %>
+			<%= transactionUser->getFirstName() %> <%= transactionUser->getLastName() %>
+			<%= transactionUser->getEmail() %>
+		<% } else { %>
+			<%= creationTransaction->getPublicHex() %>
+		<% } %>
+		<b>Summe: </b>
+		<%= creationTransaction->getAmountString() %>&nbsp;Gradido
+		<form >
+			Unterschreiben mit aktuellem Account?<br>
+			<p><%= accountUser->getFirstName() %> <%= accountUser->getLastName() %></p>
+			<p><%= accountUser->getEmail() %></p>
+			<% // TODO: additional password check %>
+			<% if(!accountUser->hasCryptoKey()) {%>
+			<p>Ich brauche nochmal dein Passwort</p>
+				<p class="grd_small">
+					<label for="sign-password">Passwort</label>
+					<input id="sign-password" type="password" name="sign-password"/>
+				</p>
+			<% } %>
+			<input class="grd_bn grd_bn_succeed grd_clickable" type="submit" name="ok" value="Transaktion unterzeichnen">
+			<input class="grd_bn grd_bn_delete grd_clickable" type="submit" name="abort" value="Transaktion verwerfen">
+		</form>
+	</div>	
 	<% } %>
 </div>
 <div class="grd-time-used">
diff --git a/src/cpsp/login.cpsp b/src/cpsp/login.cpsp
index 7a6d78a8b..074c58d9e 100644
--- a/src/cpsp/login.cpsp
+++ b/src/cpsp/login.cpsp
@@ -4,9 +4,12 @@
 <%@ header include="PageRequestMessagedHandler.h" %>
 <%@	page compressed="true" %>
 <%! 
-#include "../SingletonManager/SessionManager.h"
+
 #include "Poco/Net/HTTPCookie.h"
 #include "Poco/Net/HTTPServerParams.h"
+#include "Poco/Logger.h"
+
+#include "../SingletonManager/SessionManager.h"
 #include "../model/Profiler.h"
 #include "../ServerConfig.h"	
 	
@@ -23,8 +26,13 @@
 			auto session = sm->getSession(request);
 			if(!session) {
 				session = sm->getNewSession();		
+				
+				// for debugging client ip
 				auto client_ip = request.clientAddress();
-				printf("client ip: %s\n", client_ip.toString());
+				std::string clientIpString = "client ip: ";
+				clientIpString += client_ip.toString();
+				Poco::Logger::get("requestLog").information(clientIpString);
+				// debugging end
 				auto user_host = request.clientAddress().host();
 				session->setClientIp(user_host);
 				response.addCookie(session->getLoginCookie());
diff --git a/src/cpsp/saveKeys.cpsp b/src/cpsp/saveKeys.cpsp
index 3c86924af..216d3badf 100644
--- a/src/cpsp/saveKeys.cpsp
+++ b/src/cpsp/saveKeys.cpsp
@@ -111,7 +111,7 @@ label:not(.grd_radio_label) {
 			<% if(!hasPassword) { %>
 				<p>Ich brauche nochmal dein Passwort wenn du dich für ja entscheidest.</p>
 				<p class="grd_small">
-					<label for="login-password">Passwort</label>
+					<label for="save-privkey-password">Passwort</label>
 					<input id="save-privkey-password" type="password" name="save-privkey-password"/>
 				</p>
 			<% } %>