Index: C:/Documents and Settings/gec/workspace/trunks-users/xwiki/core/src/main/java/com/xpn/xwiki/xmlrpc/ConfluenceRpcHandler.java
===================================================================
--- C:/Documents and Settings/gec/workspace/trunks-users/xwiki/core/src/main/java/com/xpn/xwiki/xmlrpc/ConfluenceRpcHandler.java	(revision 1954)
+++ C:/Documents and Settings/gec/workspace/trunks-users/xwiki/core/src/main/java/com/xpn/xwiki/xmlrpc/ConfluenceRpcHandler.java	(working copy)
@@ -55,20 +55,22 @@
     public String login(String username, String password) throws XWikiException {
         XWikiContext context = getXWikiContext();
         XWiki xwiki = context.getWiki();
-        if (username.equals("guest")) {
-            String ip = context.getRequest().getRemoteAddr();
-            String token = getValidationHash("guest", "guest", ip);
-            getTokens(context).put(token, new RemoteUser("XWiki.XWikiGuest", ip));
-            return token;
-        }   else if (xwiki.getAuthService().authenticate(username, password, context)!=null) {
+        
+        // guest logins are allowed everytime, all others need to checked
+        if (username.equals("guest") || xwiki.getAuthService().authenticate(username, password, context) != null) {
+                  
+            // token should be unique - lets hope so
+            String token = xwiki.generateValidationKey(128);
             String ip = context.getRequest().getRemoteAddr();
-            String token = getValidationHash(username, password, ip);
+            
             getTokens(context).put(token, new RemoteUser("XWiki." + username, ip));
             return token;
-        } else
-            return null;
-    }
-
+        }
+        
+    	// login failed
+    	return null;        
+    }    
+    
     private Map getTokens(XWikiContext context) {
         Map tokens = (Map) context.getEngineContext().getAttribute("xmlrpc_tokens");
         if (tokens==null) {
@@ -78,48 +80,6 @@
         return tokens;
     }
 
-    private String getValidationHash(String username, String password, String clientIP) {
-        String validationKey = "xmlrpcapi";
-        MessageDigest md5 = null;
-        StringBuffer sbValueBeforeMD5 = new StringBuffer();
-
-        try {
-            md5 = MessageDigest.getInstance("MD5");
-        } catch (NoSuchAlgorithmException e) {
-            System.out.println("Error: " + e);
-        }
-
-        try {
-            md5 = MessageDigest.getInstance("MD5");
-            sbValueBeforeMD5.append(username.toString());
-            sbValueBeforeMD5.append(":");
-            sbValueBeforeMD5.append(password.toString());
-            sbValueBeforeMD5.append(":");
-            sbValueBeforeMD5.append(clientIP.toString());
-            sbValueBeforeMD5.append(":");
-            sbValueBeforeMD5.append(validationKey.toString());
-
-            String valueBeforeMD5 = sbValueBeforeMD5.toString();
-            md5.update(valueBeforeMD5.getBytes());
-
-            byte[] array = md5.digest();
-            StringBuffer sb = new StringBuffer();
-            for (int j = 0; j < array.length; ++j) {
-                int b = array[j] & 0xFF;
-                if (b < 0x10) sb.append('0');
-                sb.append(Integer.toHexString(b));
-            }
-            String valueAfterMD5 = sb.toString();
-            return valueAfterMD5;
-        } catch (NoSuchAlgorithmException e) {
-            System.out.println("Error: " + e);
-        }
-        catch (Exception ex) {
-            log.error("Unhandled exception:", ex);
-        }
-        return null;
-    }
-
     private void checkToken(String token, XWikiContext context) throws XWikiException {
         RemoteUser user = null;
         String ip = context.getRequest().getRemoteAddr();