diff --git a/world/net/include/place.gen b/world/net/include/place.gen
index 0331277..db72af8 100644
--- a/world/net/include/place.gen
+++ b/world/net/include/place.gen
@@ -613,21 +613,24 @@ htget(prot, query, headers, qs) {
 #ifdef CHALLENGE_MATCH
 #include <sys/regexp.h>
 
+// maybe this all belongs into archetype.gen.. chesmo!
 htget(prot, query, headers, qs, data, noprocess) {
-	// could use a hash of the password instead
 	if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
-		 "challenge=complete&answer=" CHALLENGE_MATCH))
+		 "challenge=complete&answer="+ md5(CHALLENGE_MATCH)))
+# ifdef HTGET
+	    return HTGET;
+# else
 	    return ::htget(prot, query, headers, qs, data, noprocess);
+# endif
 	string item = headers[item] || "/@"+ MYNICK;
-	if (stringp(query["answer"]) &&
+	if (stringp(query["answer"]) && headers["cookie"] &&
 	    regmatch(headers["cookie"], "challenge=given") &&
-	    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH,
-		     RE_MATCH_SUBS)) {
+	    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
 		// lazy me could have used referer here ;)
 		string nu = stringp(query["parameters"]) &&
 			     strlen(query["parameters"]) ?
 			 item +"?"+ query["parameters"] : item;
-		htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer=" CHALLENGE_MATCH "\"; path="+ item +";\n");
+		htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; path="+ item +";\n");
 		return 1;
 	}
 	sTextPath(query["layout"], query["lang"], "html");
@@ -641,7 +644,7 @@ htget(prot, query, headers, qs, data, noprocess) {
 		    // we maintain the original qs for next attempt:
 	       "_parameters" : query["parameters"] || qs,
 	       "_nick_place" : MYNICK ]) );
-	printf("%O (%O) in %O\n", query, qs, headers);
+	// printf("%O vs %O\n", query, headers);
 	return 1;
 }
 #endif
diff --git a/world/net/place/archetype.gen b/world/net/place/archetype.gen
index 1471b61..6991f04 100644
--- a/world/net/place/archetype.gen
+++ b/world/net/place/archetype.gen
@@ -670,6 +670,7 @@ htget(prot, query, headers, qs, data, noprocess) {
 	write("\n\nYou are looking at the "+MYNICK+" default page.\n");
 #  endif
 # endif
+	//printf("%O: %O (%O) in %O\n", this_interactive(), query, qs, headers);
 	return 1;
 }
 #endif