Fossil SCM
Improvements to user management: (1) Provide a textarea for entering contact information. (2) Disable superfluous entry boxes for special users. (3) Give an error when creating a duplicate login name.
Commit
1b4b8a95b29d1e8443597003174e05300dc7445d
Parent
fa6ece72b6e55fe…
2 files changed
+12
-4
+28
-19
+12
-4
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -737,10 +737,21 @@ | ||
| 737 | 737 | } |
| 738 | 738 | sqlite3_close(pOther); |
| 739 | 739 | fossil_free(zOtherRepo); |
| 740 | 740 | return nXfer; |
| 741 | 741 | } |
| 742 | + | |
| 743 | +/* | |
| 744 | +** Return TRUE if zLogin is one of the special usernames | |
| 745 | +*/ | |
| 746 | +int login_is_special(const char *zLogin){ | |
| 747 | + if( fossil_strcmp(zLogin, "anonymous")==0 ) return 1; | |
| 748 | + if( fossil_strcmp(zLogin, "nobody")==0 ) return 1; | |
| 749 | + if( fossil_strcmp(zLogin, "developer")==0 ) return 1; | |
| 750 | + if( fossil_strcmp(zLogin, "reader")==0 ) return 1; | |
| 751 | + return 0; | |
| 752 | +} | |
| 742 | 753 | |
| 743 | 754 | /* |
| 744 | 755 | ** Lookup the uid for a non-built-in user with zLogin and zCookie and |
| 745 | 756 | ** zRemoteAddr. Return 0 if not found. |
| 746 | 757 | ** |
| @@ -752,14 +763,11 @@ | ||
| 752 | 763 | const char *zLogin, /* User name */ |
| 753 | 764 | const char *zCookie, /* Login cookie value */ |
| 754 | 765 | const char *zRemoteAddr /* Abbreviated IP address for valid login */ |
| 755 | 766 | ){ |
| 756 | 767 | int uid; |
| 757 | - if( fossil_strcmp(zLogin, "anonymous")==0 ) return 0; | |
| 758 | - if( fossil_strcmp(zLogin, "nobody")==0 ) return 0; | |
| 759 | - if( fossil_strcmp(zLogin, "developer")==0 ) return 0; | |
| 760 | - if( fossil_strcmp(zLogin, "reader")==0 ) return 0; | |
| 768 | + if( login_is_special(zLogin) ) return 0; | |
| 761 | 769 | uid = db_int(0, |
| 762 | 770 | "SELECT uid FROM user" |
| 763 | 771 | " WHERE login=%Q" |
| 764 | 772 | " AND ipaddr=%Q" |
| 765 | 773 | " AND cexpire>julianday('now')" |
| 766 | 774 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -737,10 +737,21 @@ | |
| 737 | } |
| 738 | sqlite3_close(pOther); |
| 739 | fossil_free(zOtherRepo); |
| 740 | return nXfer; |
| 741 | } |
| 742 | |
| 743 | /* |
| 744 | ** Lookup the uid for a non-built-in user with zLogin and zCookie and |
| 745 | ** zRemoteAddr. Return 0 if not found. |
| 746 | ** |
| @@ -752,14 +763,11 @@ | |
| 752 | const char *zLogin, /* User name */ |
| 753 | const char *zCookie, /* Login cookie value */ |
| 754 | const char *zRemoteAddr /* Abbreviated IP address for valid login */ |
| 755 | ){ |
| 756 | int uid; |
| 757 | if( fossil_strcmp(zLogin, "anonymous")==0 ) return 0; |
| 758 | if( fossil_strcmp(zLogin, "nobody")==0 ) return 0; |
| 759 | if( fossil_strcmp(zLogin, "developer")==0 ) return 0; |
| 760 | if( fossil_strcmp(zLogin, "reader")==0 ) return 0; |
| 761 | uid = db_int(0, |
| 762 | "SELECT uid FROM user" |
| 763 | " WHERE login=%Q" |
| 764 | " AND ipaddr=%Q" |
| 765 | " AND cexpire>julianday('now')" |
| 766 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -737,10 +737,21 @@ | |
| 737 | } |
| 738 | sqlite3_close(pOther); |
| 739 | fossil_free(zOtherRepo); |
| 740 | return nXfer; |
| 741 | } |
| 742 | |
| 743 | /* |
| 744 | ** Return TRUE if zLogin is one of the special usernames |
| 745 | */ |
| 746 | int login_is_special(const char *zLogin){ |
| 747 | if( fossil_strcmp(zLogin, "anonymous")==0 ) return 1; |
| 748 | if( fossil_strcmp(zLogin, "nobody")==0 ) return 1; |
| 749 | if( fossil_strcmp(zLogin, "developer")==0 ) return 1; |
| 750 | if( fossil_strcmp(zLogin, "reader")==0 ) return 1; |
| 751 | return 0; |
| 752 | } |
| 753 | |
| 754 | /* |
| 755 | ** Lookup the uid for a non-built-in user with zLogin and zCookie and |
| 756 | ** zRemoteAddr. Return 0 if not found. |
| 757 | ** |
| @@ -752,14 +763,11 @@ | |
| 763 | const char *zLogin, /* User name */ |
| 764 | const char *zCookie, /* Login cookie value */ |
| 765 | const char *zRemoteAddr /* Abbreviated IP address for valid login */ |
| 766 | ){ |
| 767 | int uid; |
| 768 | if( login_is_special(zLogin) ) return 0; |
| 769 | uid = db_int(0, |
| 770 | "SELECT uid FROM user" |
| 771 | " WHERE login=%Q" |
| 772 | " AND ipaddr=%Q" |
| 773 | " AND cexpire>julianday('now')" |
| 774 |
+28
-19
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -326,11 +326,11 @@ | ||
| 326 | 326 | zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid); |
| 327 | 327 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 328 | 328 | } |
| 329 | 329 | |
| 330 | 330 | if( P("can") ){ |
| 331 | - cgi_redirect("setup_ulist"); | |
| 331 | + cgi_redirect("setup_ulist"); /* User pressed the Cancel button */ | |
| 332 | 332 | return; |
| 333 | 333 | } |
| 334 | 334 | |
| 335 | 335 | /* If we have all the necessary information, write the new or |
| 336 | 336 | ** modified user record. After writing the user record, redirect |
| @@ -363,13 +363,11 @@ | ||
| 363 | 363 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| 364 | 364 | }else{ |
| 365 | 365 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| 366 | 366 | } |
| 367 | 367 | zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid); |
| 368 | - if( uid>0 && | |
| 369 | - db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) | |
| 370 | - ){ | |
| 368 | + if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) ){ | |
| 371 | 369 | style_header("User Creation Error"); |
| 372 | 370 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 373 | 371 | @ a different user.</span> |
| 374 | 372 | @ |
| 375 | 373 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| @@ -486,10 +484,15 @@ | ||
| 486 | 484 | style_header("Add A New User"); |
| 487 | 485 | } |
| 488 | 486 | @ <div class="ueditCapBox"> |
| 489 | 487 | @ <form action="%s(g.zPath)" method="post"><div> |
| 490 | 488 | login_insert_csrf_secret(); |
| 489 | + if( login_is_special(zLogin) ){ | |
| 490 | + @ <input type="hidden" name="login" value="%s(zLogin)"> | |
| 491 | + @ <input type="hidden" name="info" value=""> | |
| 492 | + @ <input type="hidden" name="pw" value="*"> | |
| 493 | + } | |
| 491 | 494 | @ <table> |
| 492 | 495 | @ <tr> |
| 493 | 496 | @ <td class="usetupEditLabel">User ID:</td> |
| 494 | 497 | if( uid ){ |
| 495 | 498 | @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)" /></td> |
| @@ -497,15 +500,19 @@ | ||
| 497 | 500 | @ <td>(new user)<input type="hidden" name="id" value="0" /></td> |
| 498 | 501 | } |
| 499 | 502 | @ </tr> |
| 500 | 503 | @ <tr> |
| 501 | 504 | @ <td class="usetupEditLabel">Login:</td> |
| 502 | - @ <td><input type="text" name="login" value="%h(zLogin)" /></td> | |
| 503 | - @ </tr> | |
| 504 | - @ <tr> | |
| 505 | - @ <td class="usetupEditLabel">Contact Info:</td> | |
| 506 | - @ <td><input type="text" name="info" size="40" value="%h(zInfo)" /></td> | |
| 505 | + if( login_is_special(zLogin) ){ | |
| 506 | + @ <td><b>%h(zLogin)</b></td> | |
| 507 | + }else{ | |
| 508 | + @ <td><input type="text" name="login" value="%h(zLogin)" /></td> | |
| 509 | + @ </tr> | |
| 510 | + @ <tr> | |
| 511 | + @ <td class="usetupEditLabel">Contact Info:</td> | |
| 512 | + @ <td><textarea name="info" cols="40" rows="2">%h(zInfo)</textarea></td> | |
| 513 | + } | |
| 507 | 514 | @ </tr> |
| 508 | 515 | @ <tr> |
| 509 | 516 | @ <td class="usetupEditLabel">Capabilities:</td> |
| 510 | 517 | @ <td> |
| 511 | 518 | #define B(x) inherit[x] |
| @@ -565,20 +572,22 @@ | ||
| 565 | 572 | @ <label><input type="checkbox" name="az"%s(oa['z']) />%s(B('z'))Download |
| 566 | 573 | @ Zip </label> |
| 567 | 574 | @ </td></tr></table> |
| 568 | 575 | @ </td> |
| 569 | 576 | @ </tr> |
| 570 | - @ <tr> | |
| 571 | - @ <td align="right">Password:</td> | |
| 572 | - if( zPw[0] ){ | |
| 573 | - /* Obscure the password for all users */ | |
| 574 | - @ <td><input type="password" name="pw" value="**********" /></td> | |
| 575 | - }else{ | |
| 576 | - /* Show an empty password as an empty input field */ | |
| 577 | - @ <td><input type="password" name="pw" value="" /></td> | |
| 578 | - } | |
| 579 | - @ </tr> | |
| 577 | + if( !login_is_special(zLogin) ){ | |
| 578 | + @ <tr> | |
| 579 | + @ <td align="right">Password:</td> | |
| 580 | + if( zPw[0] ){ | |
| 581 | + /* Obscure the password for all users */ | |
| 582 | + @ <td><input type="password" name="pw" value="**********" /></td> | |
| 583 | + }else{ | |
| 584 | + /* Show an empty password as an empty input field */ | |
| 585 | + @ <td><input type="password" name="pw" value="" /></td> | |
| 586 | + } | |
| 587 | + @ </tr> | |
| 588 | + } | |
| 580 | 589 | zGroup = login_group_name(); |
| 581 | 590 | if( zGroup ){ |
| 582 | 591 | @ <tr> |
| 583 | 592 | @ <td valign="top" align="right">Scope:</td> |
| 584 | 593 | @ <td valign="top"> |
| 585 | 594 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -326,11 +326,11 @@ | |
| 326 | zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid); |
| 327 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 328 | } |
| 329 | |
| 330 | if( P("can") ){ |
| 331 | cgi_redirect("setup_ulist"); |
| 332 | return; |
| 333 | } |
| 334 | |
| 335 | /* If we have all the necessary information, write the new or |
| 336 | ** modified user record. After writing the user record, redirect |
| @@ -363,13 +363,11 @@ | |
| 363 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| 364 | }else{ |
| 365 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| 366 | } |
| 367 | zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid); |
| 368 | if( uid>0 && |
| 369 | db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) |
| 370 | ){ |
| 371 | style_header("User Creation Error"); |
| 372 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 373 | @ a different user.</span> |
| 374 | @ |
| 375 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| @@ -486,10 +484,15 @@ | |
| 486 | style_header("Add A New User"); |
| 487 | } |
| 488 | @ <div class="ueditCapBox"> |
| 489 | @ <form action="%s(g.zPath)" method="post"><div> |
| 490 | login_insert_csrf_secret(); |
| 491 | @ <table> |
| 492 | @ <tr> |
| 493 | @ <td class="usetupEditLabel">User ID:</td> |
| 494 | if( uid ){ |
| 495 | @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)" /></td> |
| @@ -497,15 +500,19 @@ | |
| 497 | @ <td>(new user)<input type="hidden" name="id" value="0" /></td> |
| 498 | } |
| 499 | @ </tr> |
| 500 | @ <tr> |
| 501 | @ <td class="usetupEditLabel">Login:</td> |
| 502 | @ <td><input type="text" name="login" value="%h(zLogin)" /></td> |
| 503 | @ </tr> |
| 504 | @ <tr> |
| 505 | @ <td class="usetupEditLabel">Contact Info:</td> |
| 506 | @ <td><input type="text" name="info" size="40" value="%h(zInfo)" /></td> |
| 507 | @ </tr> |
| 508 | @ <tr> |
| 509 | @ <td class="usetupEditLabel">Capabilities:</td> |
| 510 | @ <td> |
| 511 | #define B(x) inherit[x] |
| @@ -565,20 +572,22 @@ | |
| 565 | @ <label><input type="checkbox" name="az"%s(oa['z']) />%s(B('z'))Download |
| 566 | @ Zip </label> |
| 567 | @ </td></tr></table> |
| 568 | @ </td> |
| 569 | @ </tr> |
| 570 | @ <tr> |
| 571 | @ <td align="right">Password:</td> |
| 572 | if( zPw[0] ){ |
| 573 | /* Obscure the password for all users */ |
| 574 | @ <td><input type="password" name="pw" value="**********" /></td> |
| 575 | }else{ |
| 576 | /* Show an empty password as an empty input field */ |
| 577 | @ <td><input type="password" name="pw" value="" /></td> |
| 578 | } |
| 579 | @ </tr> |
| 580 | zGroup = login_group_name(); |
| 581 | if( zGroup ){ |
| 582 | @ <tr> |
| 583 | @ <td valign="top" align="right">Scope:</td> |
| 584 | @ <td valign="top"> |
| 585 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -326,11 +326,11 @@ | |
| 326 | zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid); |
| 327 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 328 | } |
| 329 | |
| 330 | if( P("can") ){ |
| 331 | cgi_redirect("setup_ulist"); /* User pressed the Cancel button */ |
| 332 | return; |
| 333 | } |
| 334 | |
| 335 | /* If we have all the necessary information, write the new or |
| 336 | ** modified user record. After writing the user record, redirect |
| @@ -363,13 +363,11 @@ | |
| 363 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| 364 | }else{ |
| 365 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| 366 | } |
| 367 | zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid); |
| 368 | if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) ){ |
| 369 | style_header("User Creation Error"); |
| 370 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 371 | @ a different user.</span> |
| 372 | @ |
| 373 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| @@ -486,10 +484,15 @@ | |
| 484 | style_header("Add A New User"); |
| 485 | } |
| 486 | @ <div class="ueditCapBox"> |
| 487 | @ <form action="%s(g.zPath)" method="post"><div> |
| 488 | login_insert_csrf_secret(); |
| 489 | if( login_is_special(zLogin) ){ |
| 490 | @ <input type="hidden" name="login" value="%s(zLogin)"> |
| 491 | @ <input type="hidden" name="info" value=""> |
| 492 | @ <input type="hidden" name="pw" value="*"> |
| 493 | } |
| 494 | @ <table> |
| 495 | @ <tr> |
| 496 | @ <td class="usetupEditLabel">User ID:</td> |
| 497 | if( uid ){ |
| 498 | @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)" /></td> |
| @@ -497,15 +500,19 @@ | |
| 500 | @ <td>(new user)<input type="hidden" name="id" value="0" /></td> |
| 501 | } |
| 502 | @ </tr> |
| 503 | @ <tr> |
| 504 | @ <td class="usetupEditLabel">Login:</td> |
| 505 | if( login_is_special(zLogin) ){ |
| 506 | @ <td><b>%h(zLogin)</b></td> |
| 507 | }else{ |
| 508 | @ <td><input type="text" name="login" value="%h(zLogin)" /></td> |
| 509 | @ </tr> |
| 510 | @ <tr> |
| 511 | @ <td class="usetupEditLabel">Contact Info:</td> |
| 512 | @ <td><textarea name="info" cols="40" rows="2">%h(zInfo)</textarea></td> |
| 513 | } |
| 514 | @ </tr> |
| 515 | @ <tr> |
| 516 | @ <td class="usetupEditLabel">Capabilities:</td> |
| 517 | @ <td> |
| 518 | #define B(x) inherit[x] |
| @@ -565,20 +572,22 @@ | |
| 572 | @ <label><input type="checkbox" name="az"%s(oa['z']) />%s(B('z'))Download |
| 573 | @ Zip </label> |
| 574 | @ </td></tr></table> |
| 575 | @ </td> |
| 576 | @ </tr> |
| 577 | if( !login_is_special(zLogin) ){ |
| 578 | @ <tr> |
| 579 | @ <td align="right">Password:</td> |
| 580 | if( zPw[0] ){ |
| 581 | /* Obscure the password for all users */ |
| 582 | @ <td><input type="password" name="pw" value="**********" /></td> |
| 583 | }else{ |
| 584 | /* Show an empty password as an empty input field */ |
| 585 | @ <td><input type="password" name="pw" value="" /></td> |
| 586 | } |
| 587 | @ </tr> |
| 588 | } |
| 589 | zGroup = login_group_name(); |
| 590 | if( zGroup ){ |
| 591 | @ <tr> |
| 592 | @ <td valign="top" align="right">Scope:</td> |
| 593 | @ <td valign="top"> |
| 594 |