diff --git a/ChangeLog b/ChangeLog
index 36c74f8b1..ee4e1a04f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2008-08-26  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -setUserName:_value])
+	([SOGoRootPage -userName]): removed accessors, since the
+	corresponding ivar is not used and was removed too.
+
+	* UI/SOGoUI/UIxComponent.m ([-shortUserNameForDisplay]): no longer
+	make use of the "wrongusernamepassword" hack.
+
+	* UI/MainUI/SOGoRootPage.m ([SOGoRootPage -connectAction]): return
+	HTTP code 403 if the username and the password passed in the
+	request are not valid.
+
 	* SoObjects/SOGo/SOGoUserFolder.m ([SOGoUserFolder
 	-lookupName:_keyinContext:_ctxacquire:_flag]): whenever a user has
 	no access to the specified module, a response with code 403 and
diff --git a/UI/MainUI/SOGoRootPage.h b/UI/MainUI/SOGoRootPage.h
index 387e11cd7..045d5d888 100644
--- a/UI/MainUI/SOGoRootPage.h
+++ b/UI/MainUI/SOGoRootPage.h
@@ -26,9 +26,6 @@
 #import <UI/SOGoUI/UIxComponent.h>
 
 @interface SOGoRootPage : UIxComponent
-{
-  NSString *userName;
-}
 
 @end
 
diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m
index c47d8c8dc..b41ad202a 100644
--- a/UI/MainUI/SOGoRootPage.m
+++ b/UI/MainUI/SOGoRootPage.m
@@ -46,24 +46,8 @@
 
 @implementation SOGoRootPage
 
-- (void) dealloc
-{
-  [userName release];
-  [super dealloc];
-}
-
 /* accessors */
 
-- (void) setUserName: (NSString *) _value
-{
-  ASSIGNCOPY (userName, _value);
-}
-
-- (NSString *) userName
-{
-  return userName;
-}
-
 - (NSString *) connectURL
 {
   return [NSString stringWithFormat: @"%@connect", [self applicationPath]];
@@ -77,20 +61,27 @@
   WOCookie *authCookie;
   SOGoWebAuthenticator *auth;
   NSString *cookieValue, *cookieString;
+  NSString *userName, *password;
 
   auth = [[WOApplication application]
 	   authenticatorInContext: context];
   request = [context request];
-  response = [self responseWith204];
-  cookieString = [NSString stringWithFormat: @"%@:%@",
-			   [request formValueForKey: @"userName"],
-			   [request formValueForKey: @"password"]];
-  cookieValue = [NSString stringWithFormat: @"basic %@",
-			  [cookieString stringByEncodingBase64]];
-  authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context]
-			 value: cookieValue];
-  [authCookie setPath: @"/"];
-  [response addCookie: authCookie];
+  userName = [request formValueForKey: @"userName"];
+  password = [request formValueForKey: @"password"];
+  if ([auth checkLogin: userName password: password])
+    {
+      response = [self responseWith204];
+      cookieString = [NSString stringWithFormat: @"%@:%@",
+			       userName, password];
+      cookieValue = [NSString stringWithFormat: @"basic %@",
+			      [cookieString stringByEncodingBase64]];
+      authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context]
+			     value: cookieValue];
+      [authCookie setPath: @"/"];
+      [response addCookie: authCookie];
+    }
+  else
+    response = [self responseWithStatus: 403];
 
   return response;
 }
diff --git a/UI/SOGoUI/UIxComponent.m b/UI/SOGoUI/UIxComponent.m
index b64b5f02b..0417b4f0e 100644
--- a/UI/SOGoUI/UIxComponent.m
+++ b/UI/SOGoUI/UIxComponent.m
@@ -446,9 +446,6 @@ static BOOL uixDebugEnabled = NO;
 
 - (NSString *) shortUserNameForDisplay
 {
-  if ([context activeUser] == nil)
-    return @"wrongusernamepassword";
-
   return [[context activeUser] login];
 }
 
diff --git a/UI/Templates/MainUI/SOGoRootPage.wox b/UI/Templates/MainUI/SOGoRootPage.wox
index fd37387d3..8e281e830 100644
--- a/UI/Templates/MainUI/SOGoRootPage.wox
+++ b/UI/Templates/MainUI/SOGoRootPage.wox
@@ -7,6 +7,7 @@
   xmlns:const="http://www.skyrix.com/od/constant"
   xmlns:rsrc="OGo:url"
   xmlns:label="OGo:label"
+  const:popup="YES"
   ><var:string var:value="doctype" const:escapeHTML="NO"/>
   <form id="connectForm" var:href="connectURL">
     <div id="loginScreen">
@@ -14,9 +15,8 @@
 	 type="text/javascript">var loginSuffix = '<var:string value="loginSuffix"/>';</script
 	></var:if>
       <img const:alt="*" id="splash" rsrc:src="lori-login.jpg"/><br/><br/>
-      <var:if condition="shortUserNameForDisplay" const:value="wrongusernamepassword"
-      ><p class="error"><var:string label:value="Wrong username or password."/></p>
-      </var:if><label><var:string label:value="Username:"/><br/>
+      <p id="loginErrorMessage"><var:string label:value="Wrong username or password."/></p>
+      <label><var:string label:value="Username:"/><br/>
 	<input class="textField" id="userName" name="userName"
 	  type="text" var:value="userName" /></label><br/>
       <label><var:string label:value="Password:"/><br/>
diff --git a/UI/Templates/UIxPageFrame.wox b/UI/Templates/UIxPageFrame.wox
index 345176b90..3beb3e2cb 100644
--- a/UI/Templates/UIxPageFrame.wox
+++ b/UI/Templates/UIxPageFrame.wox
@@ -41,65 +41,58 @@
 
       <body var:class="bodyClasses"
 	><var:if condition="isCompatibleBrowser"
-	  >
-	  <var:if condition="shortUserNameForDisplay" const:value="anonymous"
-	    const:negate="YES"
-	    ><var:if condition="shortUserNameForDisplay"
-	      const:value="wrongusernamepassword"
-	      const:negate="YES"
-	      ><var:if condition="isPopup" const:negate="YES"
-		><var:if condition="context.isUIxDebugEnabled"
-		  ><div id="logConsole"><!-- space --></div></var:if>
-		<div id="linkBanner" class="linkbanner">
-		  <a id="logoff" var:href="logoffPath"
-		    ><var:string label:value="Disconnect" /></a>
-		  <var:if condition="userHasCalendarAccess">
-		    <var:if condition="isCalendar">
-		      <span class="active"><var:string label:value="Calendar"
-			  /></span>
-		    </var:if>
-		    <var:if condition="isCalendar" const:negate="YES">
-		      <a id="calendarBannerLink"
-			var:href="relativeCalendarPath"
-			><var:string label:value="Calendar" /></a>
-		    </var:if>
-		    |
+	  ><var:if condition="isPopup" const:negate="YES"
+	    ><var:if condition="context.isUIxDebugEnabled"
+	      ><div id="logConsole"><!-- space --></div></var:if>
+	    <div id="linkBanner" class="linkbanner">
+	      <a id="logoff" var:href="logoffPath"
+		><var:string label:value="Disconnect" /></a>
+	      <var:if condition="userHasCalendarAccess">
+		<var:if condition="isCalendar">
+		  <span class="active"><var:string label:value="Calendar"
+		      /></span>
 		  </var:if>
-		  <var:if condition="isContacts">
-		    <span class="active"><var:string label:value="Address Book"
-			/></span>
-		  </var:if>
-		  <var:if condition="isContacts" const:negate="YES">
-		    <a id="contactsBannerLink"
-		      var:href="relativeContactsPath"
-		      ><var:string label:value="Address Book" /></a>
-		  </var:if>
-		  |
-		  <var:if condition="userHasMailAccess">
-		    <var:if condition="isMail">
-		      <span class="active"><var:string label:value="Mail"
-			  /></span>
-		    </var:if>
-		    <var:if condition="isMail" const:negate="YES">
-		      <a id="mailBannerLink" var:href="relativeMailPath"
-			><var:string label:value="Mail" /></a>
-		    </var:if>
-		      |
-		  </var:if>
-		  <a id="preferencesBannerLink"
-		    var:href="relativePreferencesPath"
-		    ><var:string label:value="Preferences" /></a>
-		  <var:if condition="context.isUIxDebugEnabled"
-		    >| <a id="consoleBannerLink"
-		      href="#"><var:string
-			label:value="Log Console (dev.)" /></a
-		      ></var:if>
-		</div>
-	      </var:if
-		><var:component className="UIxToolbar" var:toolbar="toolbar"
-		/>
-	    </var:if></var:if>
-	  
+		<var:if condition="isCalendar" const:negate="YES">
+		  <a id="calendarBannerLink"
+		    var:href="relativeCalendarPath"
+		    ><var:string label:value="Calendar" /></a>
+		</var:if>
+		|
+	      </var:if>
+	      <var:if condition="isContacts">
+		<span class="active"><var:string label:value="Address Book"
+		    /></span>
+	      </var:if>
+	      <var:if condition="isContacts" const:negate="YES">
+		<a id="contactsBannerLink"
+		  var:href="relativeContactsPath"
+		  ><var:string label:value="Address Book" /></a>
+	      </var:if>
+	      |
+	      <var:if condition="userHasMailAccess">
+		<var:if condition="isMail">
+		    <span class="active"><var:string label:value="Mail"
+		      /></span>
+		</var:if>
+		<var:if condition="isMail" const:negate="YES">
+		  <a id="mailBannerLink" var:href="relativeMailPath"
+		    ><var:string label:value="Mail" /></a>
+		</var:if>
+		|
+	      </var:if>
+	      <a id="preferencesBannerLink"
+		var:href="relativePreferencesPath"
+		><var:string label:value="Preferences" /></a>
+	      <var:if condition="context.isUIxDebugEnabled"
+		>| <a id="consoleBannerLink"
+		  href="#"><var:string
+		    label:value="Log Console (dev.)" /></a
+		  ></var:if>
+	    </div>
+	  </var:if
+	    ><var:component className="UIxToolbar" var:toolbar="toolbar"
+	    />
+
 	  <div id="pageContent"><var:component-content/></div>
 
 	  <div id="javascriptSafetyNet"><!-- space --></div>
diff --git a/UI/WebServerResources/SOGoRootPage.css b/UI/WebServerResources/SOGoRootPage.css
index 2709e4799..1228fc9b8 100644
--- a/UI/WebServerResources/SOGoRootPage.css
+++ b/UI/WebServerResources/SOGoRootPage.css
@@ -48,8 +48,9 @@ DIV#loginButton IMG#progressIndicator
   margin-top: 5px;
   margin-left: 5px; }
 
-P.error
-{ color: #f00;
+#loginErrorMessage
+{ display: none;
+  color: #f00;
   text-align: center; }
 
 P.browser
diff --git a/UI/WebServerResources/SOGoRootPage.js b/UI/WebServerResources/SOGoRootPage.js
index 75fb9da6f..3cb8156e5 100644
--- a/UI/WebServerResources/SOGoRootPage.js
+++ b/UI/WebServerResources/SOGoRootPage.js
@@ -1,76 +1,80 @@
 function initLogin() {
-  var date = new Date();
-  date.setTime(date.getTime() - 86400000);
-  document.cookie = ("0xHIGHFLYxSOGo-0.9=discard; path=/"
-		     + "; expires=" + date.toGMTString());
-  var submit = $("submit");
-  submit.observe("click", onLoginClick);
+    var date = new Date();
+    date.setTime(date.getTime() - 86400000);
+    document.cookie = ("0xHIGHFLYxSOGo-0.9=discard; path=/"
+                       + "; expires=" + date.toGMTString());
+    var submit = $("submit");
+    submit.observe("click", onLoginClick);
 
-  var userName = $("userName");
-  userName.focus();
+    var userName = $("userName");
+    userName.focus();
 
-  var image = $("preparedAnimation");
-  image.parentNode.removeChild(image);
+    var image = $("preparedAnimation");
+    image.parentNode.removeChild(image);
 }
 
 function onLoginClick(event) {
-  var userNameField = $("userName");
-  var userName = userNameField.value;
-  var password = $("password").value;
+    var userNameField = $("userName");
+    var userName = userNameField.value;
+    var password = $("password").value;
 
-  if (userName.length > 0) {
-    startAnimation($("loginButton"), $("submit"));
+    if (userName.length > 0) {
+        startAnimation($("loginButton"), $("submit"));
 
-    if (typeof(loginSuffix) != "undefined"
-	&& loginSuffix.length > 0
-	&& !userName.endsWith(loginSuffix))
-      userName += loginSuffix;
-    var url = $("connectForm").getAttribute("action");
-    var parameters = ("userName=" + encodeURI(userName) + "&password=" + encodeURI(password));
-    document.cookie = "";
-    triggerAjaxRequest(url, onLoginCallback, null, parameters,
-		       { "Content-type": "application/x-www-form-urlencoded",
-			 "Content-length": parameters.length,
-			 "Connection": "close" });
-  }
-  else
-    userNameField.focus();
+        if (typeof(loginSuffix) != "undefined"
+            && loginSuffix.length > 0
+            && !userName.endsWith(loginSuffix))
+            userName += loginSuffix;
+        var url = $("connectForm").getAttribute("action");
+        var parameters = ("userName=" + encodeURI(userName) + "&password=" + encodeURI(password));
+        document.cookie = "";
+        triggerAjaxRequest(url, onLoginCallback, null, parameters,
+                           { "Content-type": "application/x-www-form-urlencoded",
+                                   "Content-length": parameters.length,
+                                   "Connection": "close" });
+    }
+    else
+        userNameField.focus();
 
-  preventDefault(event);
+    preventDefault(event);
 }
 
 function onLoginCallback(http) {
-  if (http.readyState == 4) {
-    if (isHttpStatus204(http.status)) {
-      var userName = $("userName").value;
-      if (typeof(loginSuffix) != "undefined"
-          && loginSuffix.length > 0
-          && !userName.endsWith(loginSuffix))
-        userName += loginSuffix;
-      var address = "" + window.location.href;
-      var baseAddress = ApplicationBaseURL + encodeURI(userName);
-      var altBaseAddress;
-      if (baseAddress[0] == "/") {
-        var parts = address.split("/");
-        var hostpart = parts[2];
-        var protocol = parts[0];
-        baseAddress = protocol + "//" + hostpart + baseAddress;
-      }
-      var altBaseAddress;
-      var parts = baseAddress.split("/");
-      parts.splice(3, 0);
-      altBaseAddress = parts.join("/");
+    if (http.readyState == 4) {
+        if (isHttpStatus204(http.status)) {
+            var userName = $("userName").value;
+            if (typeof(loginSuffix) != "undefined"
+                && loginSuffix.length > 0
+                && !userName.endsWith(loginSuffix))
+                userName += loginSuffix;
+            var address = "" + window.location.href;
+            var baseAddress = ApplicationBaseURL + encodeURI(userName);
+            var altBaseAddress;
+            if (baseAddress[0] == "/") {
+                var parts = address.split("/");
+                var hostpart = parts[2];
+                var protocol = parts[0];
+                baseAddress = protocol + "//" + hostpart + baseAddress;
+            }
+            var altBaseAddress;
+            var parts = baseAddress.split("/");
+            parts.splice(3, 0);
+            altBaseAddress = parts.join("/");
 
-      var newAddress;
-      if ((address.startsWith(baseAddress)
-           || address.startsWith(altBaseAddress))
-          && !address.endsWith("/logoff"))
-        newAddress = address;
-      else
-        newAddress = baseAddress;
-      window.location.href = newAddress;
+            var newAddress;
+            if ((address.startsWith(baseAddress)
+                 || address.startsWith(altBaseAddress))
+                && !address.endsWith("/logoff"))
+                newAddress = address;
+            else
+                newAddress = baseAddress;
+            window.location.href = newAddress;
+        }
+        else {
+            var message = $("loginErrorMessage");
+            message.setStyle({ display: "block" });
+        }
     }
-  }
 }
 
 FastInit.addOnLoad(initLogin);