if not check_password(submitted_password) then HTTP 401 else if password_last_changed < threshold then change_password(submitted_password + submitted_password) HTTP 401 else log_user_in() HTTP 200 endif