bool HTTPAuthorized(map& mapHeaders)
{
    string strAuth = mapHeaders["authorization"];
    if (strAuth.substr(0,6) != "Basic ")
        return false;
    string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
    string strUserPass = DecodeBase64(strUserPass64);
    LogPrintf("1:%s 2:%s\n", strUserPass, strRPCUserColonPass); // ADD THIS LINE
    return TimingResistantEqual(strUserPass, strRPCUserColonPass);
}

Enter host password for user 'salfter': [password pasted in here]
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8844 (#0)
* Server auth using Basic with user 'salfter'
> POST / HTTP/1.1
> Authorization: Basic [base64 encoding of RPC password redacted]
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:8844
> Accept: */*
> content-type: text/plain;
> Content-Length: 71
>
* upload completely sent off: 71 out of 71 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 401 Authorization Required
< Date: Wed, 03 Dec 2014 20:05:43 +0000
< Server: joulecoin-json-rpc/v0.9.2.2-beta
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="jsonrpc"
< Content-Type: text/html
< Content-Length: 296
<
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">





401 Unauthorized.


* Closing connection 0

Enter host password for user 'salfter': [password pasted in here]
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8332 (#0)
* Server auth using Basic with user 'salfter'
> POST / HTTP/1.1
> Authorization: Basic [base64 encoding of RPC password redacted]
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:8332
> Accept: */*
> content-type: text/plain;
> Content-Length: 71
>
* upload completely sent off: 71 out of 71 bytes
< HTTP/1.1 200 OK
< Date: Wed, 03 Dec 2014 20:08:43 +0000
< Connection: keep-alive
< Content-Length: 456
< Content-Type: application/json
* Server bitcoin-json-rpc/v0.9.99.0-c1def0d is not blacklisted
< Server: bitcoin-json-rpc/v0.9.99.0-c1def0d
<
{"result":{"version":99900,"protocolversion":70002,"walletversion":60000,"balance":0.93079170,"blocks":332738,"timeoffset":0,"connections":8,"proxy":"","difficulty":40007470271.27126312,"testnet":false,"keypoololdest":1415387100,"keypoolsize":99,"unlocked_until":0,"paytxfee":0.00000000,"relayfee":0.00001000,"errors":"This is a pre-release test build - use at your own risk - do not use for mining or merchant applications"},"error":null,"id":"curltest"}
* Connection #0 to host 127.0.0.1 left intact

        // Check authorization
        if (mapHeaders.count("authorization") == 0)
        {
            conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush;
            break;
        }
        if (!HTTPAuthorized(mapHeaders))
        {
            LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string());
            /* Deter brute-forcing short passwords.
               If this results in a DoS the user really
               shouldn't have their RPC port exposed. */
            if (mapArgs["-rpcpassword"].size() < 20)
                MilliSleep(250);

            conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush;
            break;
        }

curl --user user --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://127.0.0.1:8844/