Reorganize administrator authentication so that it is done up-front

instead of on each pending message.  Two advantages: you can't even
see the held messages if you don't have the password, and it's also
easier to deal with the held messages this way.

Two nasty bits: most of the code was copied from admin.py, so there's
a lot of crufty duplication of effort (but then, all the CGI stuff
could go through a major cleaning).  Also, if there are no messages
being held, that information is given without need for admin
password.  That seems innocuous enough.

Also got rid of a couple of eval()s lurking in the code.  I think they
were just there to do string->int conversion, and there's a much safer
way of doing this.

0 files changed, 0 insertions, 0 deletions