Fossil SCM
Separate "nobody" and "anonymous" logins.
Commit
9c952d247e5164a53ae2c24d5e0068d45e72e72e
Parent
5b58559c0c35cd8…
4 files changed
+74
-37
-1
+18
-15
+1
-1
+74
-37
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -21,10 +21,30 @@ | ||
| 21 | 21 | ** http://www.hwaci.com/drh/ |
| 22 | 22 | ** |
| 23 | 23 | ******************************************************************************* |
| 24 | 24 | ** |
| 25 | 25 | ** This file contains code for generating the login and logout screens. |
| 26 | +** | |
| 27 | +** Notes: | |
| 28 | +** | |
| 29 | +** There are two special-case user-ids: "anonymous" and "nobody". | |
| 30 | +** The capabilities of the nobody user are available to anyone, | |
| 31 | +** regardless of whether or not they are logged in. The capabilities | |
| 32 | +** of anonymous are only available after logging in, but the login | |
| 33 | +** screen displays the password for the anonymous login, so this | |
| 34 | +** should not prevent a human user from doing so. | |
| 35 | +** | |
| 36 | +** The nobody user has capabilities that you want spiders to have. | |
| 37 | +** The anonymous user has capabilities that you want people without | |
| 38 | +** logins to have. | |
| 39 | +** | |
| 40 | +** Of course, a sophisticated spider could easily circumvent the | |
| 41 | +** anonymous login requirement and walk the website. But that is | |
| 42 | +** not really the point. The anonymous login keeps search-engine | |
| 43 | +** crawlers and site download tools like wget from walking change | |
| 44 | +** logs and downloading diffs of very version of the archive that | |
| 45 | +** has ever existed, and things like that. | |
| 26 | 46 | */ |
| 27 | 47 | #include "config.h" |
| 28 | 48 | #include "login.h" |
| 29 | 49 | #include <time.h> |
| 30 | 50 | |
| @@ -42,10 +62,11 @@ | ||
| 42 | 62 | ** Generate the login page |
| 43 | 63 | */ |
| 44 | 64 | void login_page(void){ |
| 45 | 65 | const char *zUsername, *zPasswd, *zGoto; |
| 46 | 66 | const char *zNew1, *zNew2; |
| 67 | + const char *zAnonPw; | |
| 47 | 68 | char *zErrMsg = ""; |
| 48 | 69 | |
| 49 | 70 | login_check_credentials(); |
| 50 | 71 | zUsername = P("u"); |
| 51 | 72 | zPasswd = P("p"); |
| @@ -53,11 +74,11 @@ | ||
| 53 | 74 | if( P("out")!=0 ){ |
| 54 | 75 | const char *zCookieName = login_cookie_name(); |
| 55 | 76 | cgi_set_cookie(zCookieName, "", 0, -86400); |
| 56 | 77 | cgi_redirect(zGoto); |
| 57 | 78 | } |
| 58 | - if( !g.isAnon && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ | |
| 79 | + if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ | |
| 59 | 80 | if( db_int(1, "SELECT 0 FROM user" |
| 60 | 81 | " WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){ |
| 61 | 82 | sleep(1); |
| 62 | 83 | zErrMsg = |
| 63 | 84 | @ <p><font color="red"> |
| @@ -78,36 +99,39 @@ | ||
| 78 | 99 | ); |
| 79 | 100 | cgi_redirect("index"); |
| 80 | 101 | return; |
| 81 | 102 | } |
| 82 | 103 | } |
| 83 | - if( zUsername!=0 && zPasswd!=0 && strcmp(zUsername,"anonymous")!=0 ){ | |
| 104 | + if( zUsername!=0 && zPasswd!=0 ){ | |
| 84 | 105 | int uid = db_int(0, |
| 85 | 106 | "SELECT uid FROM user" |
| 86 | 107 | " WHERE login=%Q AND pw=%Q", zUsername, zPasswd); |
| 87 | - if( uid<=0 ){ | |
| 108 | + if( uid<=0 || strcmp(zUsername,"nobody")==0 ){ | |
| 88 | 109 | sleep(1); |
| 89 | 110 | zErrMsg = |
| 90 | 111 | @ <p><font color="red"> |
| 91 | 112 | @ You entered an unknown user or an incorrect password. |
| 92 | 113 | @ </font></p> |
| 93 | 114 | ; |
| 94 | 115 | }else{ |
| 95 | 116 | char *zCookie; |
| 96 | 117 | const char *zCookieName = login_cookie_name(); |
| 97 | - const char *zIpAddr = PD("REMOTE_ADDR","nil"); | |
| 98 | 118 | const char *zExpire = db_get("cookie-expire","8766"); |
| 99 | - int expires; | |
| 100 | - | |
| 101 | - zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); | |
| 102 | - expires = atoi(zExpire)*3600; | |
| 103 | - cgi_set_cookie(zCookieName, zCookie, 0, expires); | |
| 104 | - db_multi_exec( | |
| 105 | - "UPDATE user SET cookie=%Q, ipaddr=%Q, " | |
| 106 | - " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", | |
| 107 | - zCookie, zIpAddr, expires, uid | |
| 108 | - ); | |
| 119 | + int expires = atoi(zExpire)*3600; | |
| 120 | + const char *zIpAddr = PD("REMOTE_ADDR","nil"); | |
| 121 | + | |
| 122 | + if( strcmp(zUsername, "anonymous")==0 ){ | |
| 123 | + cgi_set_cookie(zCookieName, "anonymous", 0, expires); | |
| 124 | + }else{ | |
| 125 | + zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); | |
| 126 | + cgi_set_cookie(zCookieName, zCookie, 0, expires); | |
| 127 | + db_multi_exec( | |
| 128 | + "UPDATE user SET cookie=%Q, ipaddr=%Q, " | |
| 129 | + " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", | |
| 130 | + zCookie, zIpAddr, expires, uid | |
| 131 | + ); | |
| 132 | + } | |
| 109 | 133 | cgi_redirect(zGoto); |
| 110 | 134 | } |
| 111 | 135 | } |
| 112 | 136 | style_header("Login/Logout"); |
| 113 | 137 | @ %s(zErrMsg) |
| @@ -127,32 +151,40 @@ | ||
| 127 | 151 | @ <tr> |
| 128 | 152 | @ <td></td> |
| 129 | 153 | @ <td><input type="submit" name="in" value="Login"></td> |
| 130 | 154 | @ </tr> |
| 131 | 155 | @ </table> |
| 132 | - if( g.isAnon || g.zLogin==0 || g.zLogin[0]==0 ){ | |
| 156 | + if( g.zLogin==0 ){ | |
| 133 | 157 | @ <p>To login |
| 134 | 158 | }else{ |
| 135 | 159 | @ <p>You are current logged in as <b>%h(g.zLogin)</b></p> |
| 136 | 160 | @ <p>To change your login to a different user |
| 137 | 161 | } |
| 138 | 162 | @ enter the user-id and password at the left and press the |
| 139 | 163 | @ "Login" button. Your user name will be stored in a browser cookie. |
| 140 | 164 | @ You must configure your web browser to accept cookies in order for |
| 141 | 165 | @ the login to take.</p> |
| 142 | - if( db_exists("SELECT uid FROM user WHERE login='anonymous'") ){ | |
| 143 | - @ <p>This server is configured to allow limited access to users | |
| 144 | - @ who are not logged in.</p> | |
| 166 | + if( g.zLogin==0 ){ | |
| 167 | + zAnonPw = db_text(0, "SELECT pw FROM user" | |
| 168 | + " WHERE login='anonymous'" | |
| 169 | + " AND cap!=''"); | |
| 170 | + if( zAnonPw ){ | |
| 171 | + @ <p>If you do not have a user-id, enter "<b>anonymous</b>" with a | |
| 172 | + @ password of "<b>%h(zAnonPw)</b>".</p> | |
| 173 | + }else{ | |
| 174 | + @ <p>A valid user-id and password is required. Anonymous access | |
| 175 | + @ is not allowed on this installation.</p> | |
| 176 | + } | |
| 145 | 177 | } |
| 146 | - if( !g.isAnon ){ | |
| 178 | + if( g.zLogin ){ | |
| 147 | 179 | @ <br clear="both"><hr> |
| 148 | 180 | @ <p>To log off the system (and delete your login cookie) |
| 149 | 181 | @ press the following button:<br> |
| 150 | 182 | @ <input type="submit" name="out" value="Logout"></p> |
| 151 | 183 | } |
| 152 | 184 | @ </form> |
| 153 | - if( !g.isAnon ){ | |
| 185 | + if( g.okPassword ){ | |
| 154 | 186 | @ <br clear="both"><hr> |
| 155 | 187 | @ <p>To change your password, enter your old password and your |
| 156 | 188 | @ new password twice below then press the "Change Password" |
| 157 | 189 | @ button.</p> |
| 158 | 190 | @ <form action="login" method="POST"> |
| @@ -184,11 +216,11 @@ | ||
| 184 | 216 | const char *zCookie; |
| 185 | 217 | const char *zRemoteAddr; |
| 186 | 218 | const char *zCap = 0; |
| 187 | 219 | |
| 188 | 220 | /* Only run this check once. */ |
| 189 | - if( g.zLogin!=0 ) return; | |
| 221 | + if( g.userUid!=0 ) return; | |
| 190 | 222 | |
| 191 | 223 | |
| 192 | 224 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 193 | 225 | ** local login is disabled, then there is no need to check |
| 194 | 226 | ** user credentials. |
| @@ -198,45 +230,50 @@ | ||
| 198 | 230 | && db_get_int("authenticate-localhost",1)==0 ){ |
| 199 | 231 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 200 | 232 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 201 | 233 | zCap = "s"; |
| 202 | 234 | g.noPswd = 1; |
| 203 | - g.isAnon = 0; | |
| 204 | 235 | } |
| 205 | 236 | |
| 206 | 237 | /* Check the login cookie to see if it matches a known valid user. |
| 207 | 238 | */ |
| 208 | - if( uid==0 ){ | |
| 209 | - if( (zCookie = P(login_cookie_name()))!=0 ){ | |
| 239 | + if( uid==0 && (zCookie = P(login_cookie_name()))!=0 ){ | |
| 240 | + if( isdigit(zCookie[0]) ){ | |
| 210 | 241 | uid = db_int(0, |
| 211 | 242 | "SELECT uid FROM user" |
| 212 | 243 | " WHERE uid=%d" |
| 213 | 244 | " AND cookie=%Q" |
| 214 | 245 | " AND ipaddr=%Q" |
| 215 | 246 | " AND cexpire>julianday('now')", |
| 216 | 247 | atoi(zCookie), zCookie, zRemoteAddr |
| 217 | 248 | ); |
| 218 | - }else{ | |
| 249 | + }else if( zCookie[0]=='a' ){ | |
| 219 | 250 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 220 | 251 | } |
| 221 | 252 | } |
| 222 | 253 | |
| 223 | 254 | if( uid==0 ){ |
| 224 | - g.isAnon = 1; | |
| 225 | - g.zLogin = ""; | |
| 226 | - zCap = db_get("nologin-cap","onrj"); | |
| 227 | - }else if( zCap==0 ){ | |
| 228 | - Stmt s; | |
| 229 | - db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); | |
| 230 | - db_step(&s); | |
| 231 | - g.zLogin = db_column_malloc(&s, 0); | |
| 232 | - zCap = db_column_malloc(&s, 1); | |
| 233 | - g.isAnon = 0; | |
| 234 | - db_finalize(&s); | |
| 255 | + uid = db_int(0, "SELECT uid FROM user WHERE login='nobody'"); | |
| 256 | + if( uid==0 ){ | |
| 257 | + uid = -1; | |
| 258 | + zCap = ""; | |
| 259 | + } | |
| 260 | + } | |
| 261 | + if( zCap==0 ){ | |
| 262 | + if( uid ){ | |
| 263 | + Stmt s; | |
| 264 | + db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); | |
| 265 | + db_step(&s); | |
| 266 | + g.zLogin = db_column_malloc(&s, 0); | |
| 267 | + zCap = db_column_malloc(&s, 1); | |
| 268 | + db_finalize(&s); | |
| 269 | + } | |
| 270 | + if( zCap==0 ){ | |
| 271 | + zCap = ""; | |
| 272 | + } | |
| 235 | 273 | } |
| 236 | 274 | g.userUid = uid; |
| 237 | - | |
| 238 | 275 | login_set_capabilities(zCap); |
| 239 | 276 | } |
| 240 | 277 | |
| 241 | 278 | /* |
| 242 | 279 | ** Set the global capability flags based on a capability string. |
| 243 | 280 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -21,10 +21,30 @@ | |
| 21 | ** http://www.hwaci.com/drh/ |
| 22 | ** |
| 23 | ******************************************************************************* |
| 24 | ** |
| 25 | ** This file contains code for generating the login and logout screens. |
| 26 | */ |
| 27 | #include "config.h" |
| 28 | #include "login.h" |
| 29 | #include <time.h> |
| 30 | |
| @@ -42,10 +62,11 @@ | |
| 42 | ** Generate the login page |
| 43 | */ |
| 44 | void login_page(void){ |
| 45 | const char *zUsername, *zPasswd, *zGoto; |
| 46 | const char *zNew1, *zNew2; |
| 47 | char *zErrMsg = ""; |
| 48 | |
| 49 | login_check_credentials(); |
| 50 | zUsername = P("u"); |
| 51 | zPasswd = P("p"); |
| @@ -53,11 +74,11 @@ | |
| 53 | if( P("out")!=0 ){ |
| 54 | const char *zCookieName = login_cookie_name(); |
| 55 | cgi_set_cookie(zCookieName, "", 0, -86400); |
| 56 | cgi_redirect(zGoto); |
| 57 | } |
| 58 | if( !g.isAnon && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ |
| 59 | if( db_int(1, "SELECT 0 FROM user" |
| 60 | " WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){ |
| 61 | sleep(1); |
| 62 | zErrMsg = |
| 63 | @ <p><font color="red"> |
| @@ -78,36 +99,39 @@ | |
| 78 | ); |
| 79 | cgi_redirect("index"); |
| 80 | return; |
| 81 | } |
| 82 | } |
| 83 | if( zUsername!=0 && zPasswd!=0 && strcmp(zUsername,"anonymous")!=0 ){ |
| 84 | int uid = db_int(0, |
| 85 | "SELECT uid FROM user" |
| 86 | " WHERE login=%Q AND pw=%Q", zUsername, zPasswd); |
| 87 | if( uid<=0 ){ |
| 88 | sleep(1); |
| 89 | zErrMsg = |
| 90 | @ <p><font color="red"> |
| 91 | @ You entered an unknown user or an incorrect password. |
| 92 | @ </font></p> |
| 93 | ; |
| 94 | }else{ |
| 95 | char *zCookie; |
| 96 | const char *zCookieName = login_cookie_name(); |
| 97 | const char *zIpAddr = PD("REMOTE_ADDR","nil"); |
| 98 | const char *zExpire = db_get("cookie-expire","8766"); |
| 99 | int expires; |
| 100 | |
| 101 | zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); |
| 102 | expires = atoi(zExpire)*3600; |
| 103 | cgi_set_cookie(zCookieName, zCookie, 0, expires); |
| 104 | db_multi_exec( |
| 105 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 106 | " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", |
| 107 | zCookie, zIpAddr, expires, uid |
| 108 | ); |
| 109 | cgi_redirect(zGoto); |
| 110 | } |
| 111 | } |
| 112 | style_header("Login/Logout"); |
| 113 | @ %s(zErrMsg) |
| @@ -127,32 +151,40 @@ | |
| 127 | @ <tr> |
| 128 | @ <td></td> |
| 129 | @ <td><input type="submit" name="in" value="Login"></td> |
| 130 | @ </tr> |
| 131 | @ </table> |
| 132 | if( g.isAnon || g.zLogin==0 || g.zLogin[0]==0 ){ |
| 133 | @ <p>To login |
| 134 | }else{ |
| 135 | @ <p>You are current logged in as <b>%h(g.zLogin)</b></p> |
| 136 | @ <p>To change your login to a different user |
| 137 | } |
| 138 | @ enter the user-id and password at the left and press the |
| 139 | @ "Login" button. Your user name will be stored in a browser cookie. |
| 140 | @ You must configure your web browser to accept cookies in order for |
| 141 | @ the login to take.</p> |
| 142 | if( db_exists("SELECT uid FROM user WHERE login='anonymous'") ){ |
| 143 | @ <p>This server is configured to allow limited access to users |
| 144 | @ who are not logged in.</p> |
| 145 | } |
| 146 | if( !g.isAnon ){ |
| 147 | @ <br clear="both"><hr> |
| 148 | @ <p>To log off the system (and delete your login cookie) |
| 149 | @ press the following button:<br> |
| 150 | @ <input type="submit" name="out" value="Logout"></p> |
| 151 | } |
| 152 | @ </form> |
| 153 | if( !g.isAnon ){ |
| 154 | @ <br clear="both"><hr> |
| 155 | @ <p>To change your password, enter your old password and your |
| 156 | @ new password twice below then press the "Change Password" |
| 157 | @ button.</p> |
| 158 | @ <form action="login" method="POST"> |
| @@ -184,11 +216,11 @@ | |
| 184 | const char *zCookie; |
| 185 | const char *zRemoteAddr; |
| 186 | const char *zCap = 0; |
| 187 | |
| 188 | /* Only run this check once. */ |
| 189 | if( g.zLogin!=0 ) return; |
| 190 | |
| 191 | |
| 192 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 193 | ** local login is disabled, then there is no need to check |
| 194 | ** user credentials. |
| @@ -198,45 +230,50 @@ | |
| 198 | && db_get_int("authenticate-localhost",1)==0 ){ |
| 199 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 200 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 201 | zCap = "s"; |
| 202 | g.noPswd = 1; |
| 203 | g.isAnon = 0; |
| 204 | } |
| 205 | |
| 206 | /* Check the login cookie to see if it matches a known valid user. |
| 207 | */ |
| 208 | if( uid==0 ){ |
| 209 | if( (zCookie = P(login_cookie_name()))!=0 ){ |
| 210 | uid = db_int(0, |
| 211 | "SELECT uid FROM user" |
| 212 | " WHERE uid=%d" |
| 213 | " AND cookie=%Q" |
| 214 | " AND ipaddr=%Q" |
| 215 | " AND cexpire>julianday('now')", |
| 216 | atoi(zCookie), zCookie, zRemoteAddr |
| 217 | ); |
| 218 | }else{ |
| 219 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | if( uid==0 ){ |
| 224 | g.isAnon = 1; |
| 225 | g.zLogin = ""; |
| 226 | zCap = db_get("nologin-cap","onrj"); |
| 227 | }else if( zCap==0 ){ |
| 228 | Stmt s; |
| 229 | db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); |
| 230 | db_step(&s); |
| 231 | g.zLogin = db_column_malloc(&s, 0); |
| 232 | zCap = db_column_malloc(&s, 1); |
| 233 | g.isAnon = 0; |
| 234 | db_finalize(&s); |
| 235 | } |
| 236 | g.userUid = uid; |
| 237 | |
| 238 | login_set_capabilities(zCap); |
| 239 | } |
| 240 | |
| 241 | /* |
| 242 | ** Set the global capability flags based on a capability string. |
| 243 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -21,10 +21,30 @@ | |
| 21 | ** http://www.hwaci.com/drh/ |
| 22 | ** |
| 23 | ******************************************************************************* |
| 24 | ** |
| 25 | ** This file contains code for generating the login and logout screens. |
| 26 | ** |
| 27 | ** Notes: |
| 28 | ** |
| 29 | ** There are two special-case user-ids: "anonymous" and "nobody". |
| 30 | ** The capabilities of the nobody user are available to anyone, |
| 31 | ** regardless of whether or not they are logged in. The capabilities |
| 32 | ** of anonymous are only available after logging in, but the login |
| 33 | ** screen displays the password for the anonymous login, so this |
| 34 | ** should not prevent a human user from doing so. |
| 35 | ** |
| 36 | ** The nobody user has capabilities that you want spiders to have. |
| 37 | ** The anonymous user has capabilities that you want people without |
| 38 | ** logins to have. |
| 39 | ** |
| 40 | ** Of course, a sophisticated spider could easily circumvent the |
| 41 | ** anonymous login requirement and walk the website. But that is |
| 42 | ** not really the point. The anonymous login keeps search-engine |
| 43 | ** crawlers and site download tools like wget from walking change |
| 44 | ** logs and downloading diffs of very version of the archive that |
| 45 | ** has ever existed, and things like that. |
| 46 | */ |
| 47 | #include "config.h" |
| 48 | #include "login.h" |
| 49 | #include <time.h> |
| 50 | |
| @@ -42,10 +62,11 @@ | |
| 62 | ** Generate the login page |
| 63 | */ |
| 64 | void login_page(void){ |
| 65 | const char *zUsername, *zPasswd, *zGoto; |
| 66 | const char *zNew1, *zNew2; |
| 67 | const char *zAnonPw; |
| 68 | char *zErrMsg = ""; |
| 69 | |
| 70 | login_check_credentials(); |
| 71 | zUsername = P("u"); |
| 72 | zPasswd = P("p"); |
| @@ -53,11 +74,11 @@ | |
| 74 | if( P("out")!=0 ){ |
| 75 | const char *zCookieName = login_cookie_name(); |
| 76 | cgi_set_cookie(zCookieName, "", 0, -86400); |
| 77 | cgi_redirect(zGoto); |
| 78 | } |
| 79 | if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ |
| 80 | if( db_int(1, "SELECT 0 FROM user" |
| 81 | " WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){ |
| 82 | sleep(1); |
| 83 | zErrMsg = |
| 84 | @ <p><font color="red"> |
| @@ -78,36 +99,39 @@ | |
| 99 | ); |
| 100 | cgi_redirect("index"); |
| 101 | return; |
| 102 | } |
| 103 | } |
| 104 | if( zUsername!=0 && zPasswd!=0 ){ |
| 105 | int uid = db_int(0, |
| 106 | "SELECT uid FROM user" |
| 107 | " WHERE login=%Q AND pw=%Q", zUsername, zPasswd); |
| 108 | if( uid<=0 || strcmp(zUsername,"nobody")==0 ){ |
| 109 | sleep(1); |
| 110 | zErrMsg = |
| 111 | @ <p><font color="red"> |
| 112 | @ You entered an unknown user or an incorrect password. |
| 113 | @ </font></p> |
| 114 | ; |
| 115 | }else{ |
| 116 | char *zCookie; |
| 117 | const char *zCookieName = login_cookie_name(); |
| 118 | const char *zExpire = db_get("cookie-expire","8766"); |
| 119 | int expires = atoi(zExpire)*3600; |
| 120 | const char *zIpAddr = PD("REMOTE_ADDR","nil"); |
| 121 | |
| 122 | if( strcmp(zUsername, "anonymous")==0 ){ |
| 123 | cgi_set_cookie(zCookieName, "anonymous", 0, expires); |
| 124 | }else{ |
| 125 | zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid); |
| 126 | cgi_set_cookie(zCookieName, zCookie, 0, expires); |
| 127 | db_multi_exec( |
| 128 | "UPDATE user SET cookie=%Q, ipaddr=%Q, " |
| 129 | " cexpire=julianday('now')+%d/86400.0 WHERE uid=%d", |
| 130 | zCookie, zIpAddr, expires, uid |
| 131 | ); |
| 132 | } |
| 133 | cgi_redirect(zGoto); |
| 134 | } |
| 135 | } |
| 136 | style_header("Login/Logout"); |
| 137 | @ %s(zErrMsg) |
| @@ -127,32 +151,40 @@ | |
| 151 | @ <tr> |
| 152 | @ <td></td> |
| 153 | @ <td><input type="submit" name="in" value="Login"></td> |
| 154 | @ </tr> |
| 155 | @ </table> |
| 156 | if( g.zLogin==0 ){ |
| 157 | @ <p>To login |
| 158 | }else{ |
| 159 | @ <p>You are current logged in as <b>%h(g.zLogin)</b></p> |
| 160 | @ <p>To change your login to a different user |
| 161 | } |
| 162 | @ enter the user-id and password at the left and press the |
| 163 | @ "Login" button. Your user name will be stored in a browser cookie. |
| 164 | @ You must configure your web browser to accept cookies in order for |
| 165 | @ the login to take.</p> |
| 166 | if( g.zLogin==0 ){ |
| 167 | zAnonPw = db_text(0, "SELECT pw FROM user" |
| 168 | " WHERE login='anonymous'" |
| 169 | " AND cap!=''"); |
| 170 | if( zAnonPw ){ |
| 171 | @ <p>If you do not have a user-id, enter "<b>anonymous</b>" with a |
| 172 | @ password of "<b>%h(zAnonPw)</b>".</p> |
| 173 | }else{ |
| 174 | @ <p>A valid user-id and password is required. Anonymous access |
| 175 | @ is not allowed on this installation.</p> |
| 176 | } |
| 177 | } |
| 178 | if( g.zLogin ){ |
| 179 | @ <br clear="both"><hr> |
| 180 | @ <p>To log off the system (and delete your login cookie) |
| 181 | @ press the following button:<br> |
| 182 | @ <input type="submit" name="out" value="Logout"></p> |
| 183 | } |
| 184 | @ </form> |
| 185 | if( g.okPassword ){ |
| 186 | @ <br clear="both"><hr> |
| 187 | @ <p>To change your password, enter your old password and your |
| 188 | @ new password twice below then press the "Change Password" |
| 189 | @ button.</p> |
| 190 | @ <form action="login" method="POST"> |
| @@ -184,11 +216,11 @@ | |
| 216 | const char *zCookie; |
| 217 | const char *zRemoteAddr; |
| 218 | const char *zCap = 0; |
| 219 | |
| 220 | /* Only run this check once. */ |
| 221 | if( g.userUid!=0 ) return; |
| 222 | |
| 223 | |
| 224 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 225 | ** local login is disabled, then there is no need to check |
| 226 | ** user credentials. |
| @@ -198,45 +230,50 @@ | |
| 230 | && db_get_int("authenticate-localhost",1)==0 ){ |
| 231 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 232 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 233 | zCap = "s"; |
| 234 | g.noPswd = 1; |
| 235 | } |
| 236 | |
| 237 | /* Check the login cookie to see if it matches a known valid user. |
| 238 | */ |
| 239 | if( uid==0 && (zCookie = P(login_cookie_name()))!=0 ){ |
| 240 | if( isdigit(zCookie[0]) ){ |
| 241 | uid = db_int(0, |
| 242 | "SELECT uid FROM user" |
| 243 | " WHERE uid=%d" |
| 244 | " AND cookie=%Q" |
| 245 | " AND ipaddr=%Q" |
| 246 | " AND cexpire>julianday('now')", |
| 247 | atoi(zCookie), zCookie, zRemoteAddr |
| 248 | ); |
| 249 | }else if( zCookie[0]=='a' ){ |
| 250 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 251 | } |
| 252 | } |
| 253 | |
| 254 | if( uid==0 ){ |
| 255 | uid = db_int(0, "SELECT uid FROM user WHERE login='nobody'"); |
| 256 | if( uid==0 ){ |
| 257 | uid = -1; |
| 258 | zCap = ""; |
| 259 | } |
| 260 | } |
| 261 | if( zCap==0 ){ |
| 262 | if( uid ){ |
| 263 | Stmt s; |
| 264 | db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); |
| 265 | db_step(&s); |
| 266 | g.zLogin = db_column_malloc(&s, 0); |
| 267 | zCap = db_column_malloc(&s, 1); |
| 268 | db_finalize(&s); |
| 269 | } |
| 270 | if( zCap==0 ){ |
| 271 | zCap = ""; |
| 272 | } |
| 273 | } |
| 274 | g.userUid = uid; |
| 275 | login_set_capabilities(zCap); |
| 276 | } |
| 277 | |
| 278 | /* |
| 279 | ** Set the global capability flags based on a capability string. |
| 280 |
-1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -74,11 +74,10 @@ | ||
| 74 | 74 | char *urlUser; /* User id for http: */ |
| 75 | 75 | char *urlPasswd; /* Password for http: */ |
| 76 | 76 | char *urlCanonical; /* Canonical representation of the URL */ |
| 77 | 77 | |
| 78 | 78 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 79 | - int isAnon; /* True if logged in anoymously */ | |
| 80 | 79 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 81 | 80 | int userUid; /* Integer user id */ |
| 82 | 81 | |
| 83 | 82 | /* Information used to populate the RCVFROM table */ |
| 84 | 83 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 85 | 84 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -74,11 +74,10 @@ | |
| 74 | char *urlUser; /* User id for http: */ |
| 75 | char *urlPasswd; /* Password for http: */ |
| 76 | char *urlCanonical; /* Canonical representation of the URL */ |
| 77 | |
| 78 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 79 | int isAnon; /* True if logged in anoymously */ |
| 80 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 81 | int userUid; /* Integer user id */ |
| 82 | |
| 83 | /* Information used to populate the RCVFROM table */ |
| 84 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 85 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -74,11 +74,10 @@ | |
| 74 | char *urlUser; /* User id for http: */ |
| 75 | char *urlPasswd; /* Password for http: */ |
| 76 | char *urlCanonical; /* Canonical representation of the URL */ |
| 77 | |
| 78 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 79 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 80 | int userUid; /* Integer user id */ |
| 81 | |
| 82 | /* Information used to populate the RCVFROM table */ |
| 83 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 84 |
+18
-15
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -81,11 +81,11 @@ | ||
| 81 | 81 | void setup_ulist(void){ |
| 82 | 82 | Stmt s; |
| 83 | 83 | |
| 84 | 84 | style_footer(); |
| 85 | 85 | login_check_credentials(); |
| 86 | - if( !g.okWrite || g.isAnon ){ | |
| 86 | + if( !g.okSetup ){ | |
| 87 | 87 | login_needed(); |
| 88 | 88 | return; |
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| @@ -371,24 +371,27 @@ | ||
| 371 | 371 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 372 | 372 | @ is able to change the repository to |
| 373 | 373 | @ which this program is linked. |
| 374 | 374 | @ </p></li> |
| 375 | 375 | @ |
| 376 | - if( zId==0 || strcmp(zId,"anonymous")==0 ){ | |
| 377 | - @ <li><p> | |
| 378 | - @ No login is required for user "<b>anonymous</b>". The capabilities | |
| 379 | - @ of this user are available to anyone without supplying a username or | |
| 380 | - @ password. To disable anonymous access, make sure there is no user | |
| 381 | - @ with an ID of <b>anonymous</b>. | |
| 382 | - @ </p></li> | |
| 383 | - @ | |
| 384 | - @ <li><p> | |
| 385 | - @ The password for the "<b>anonymous</b>" user is used for anonymous | |
| 386 | - @ access. The recommended value for the anonymous password | |
| 387 | - @ is "anonymous". | |
| 388 | - @ </p></li> | |
| 389 | - } | |
| 376 | + @ <li><p> | |
| 377 | + @ No login is required for user "<b>nobody</b>". The capabilities | |
| 378 | + @ of this user are available to anyone without supplying a username or | |
| 379 | + @ password. To disable nobody access, make sure there is no user | |
| 380 | + @ with an ID of <b>nobody</b> or that the nobody user has no | |
| 381 | + @ capabilities enabled. The password for the noloing user is ignore. | |
| 382 | + @ </p></li> | |
| 383 | + @ | |
| 384 | + @ <li><p> | |
| 385 | + @ Login is required for user "<b>anonymous</b>" but the password | |
| 386 | + @ is displayed on the login screen beside the password entry box | |
| 387 | + @ so anybody who can read should be able to login as anonymous. | |
| 388 | + @ On the other hand, spiders and web-crawlers will typically not | |
| 389 | + @ be able to login. Set the capabilities of the anonymous user | |
| 390 | + @ to things that you want any human to be able to do, but no any | |
| 391 | + @ spider. | |
| 392 | + @ </p></li> | |
| 390 | 393 | @ </form> |
| 391 | 394 | style_footer(); |
| 392 | 395 | } |
| 393 | 396 | |
| 394 | 397 | |
| 395 | 398 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -81,11 +81,11 @@ | |
| 81 | void setup_ulist(void){ |
| 82 | Stmt s; |
| 83 | |
| 84 | style_footer(); |
| 85 | login_check_credentials(); |
| 86 | if( !g.okWrite || g.isAnon ){ |
| 87 | login_needed(); |
| 88 | return; |
| 89 | } |
| 90 | |
| 91 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| @@ -371,24 +371,27 @@ | |
| 371 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 372 | @ is able to change the repository to |
| 373 | @ which this program is linked. |
| 374 | @ </p></li> |
| 375 | @ |
| 376 | if( zId==0 || strcmp(zId,"anonymous")==0 ){ |
| 377 | @ <li><p> |
| 378 | @ No login is required for user "<b>anonymous</b>". The capabilities |
| 379 | @ of this user are available to anyone without supplying a username or |
| 380 | @ password. To disable anonymous access, make sure there is no user |
| 381 | @ with an ID of <b>anonymous</b>. |
| 382 | @ </p></li> |
| 383 | @ |
| 384 | @ <li><p> |
| 385 | @ The password for the "<b>anonymous</b>" user is used for anonymous |
| 386 | @ access. The recommended value for the anonymous password |
| 387 | @ is "anonymous". |
| 388 | @ </p></li> |
| 389 | } |
| 390 | @ </form> |
| 391 | style_footer(); |
| 392 | } |
| 393 | |
| 394 | |
| 395 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -81,11 +81,11 @@ | |
| 81 | void setup_ulist(void){ |
| 82 | Stmt s; |
| 83 | |
| 84 | style_footer(); |
| 85 | login_check_credentials(); |
| 86 | if( !g.okSetup ){ |
| 87 | login_needed(); |
| 88 | return; |
| 89 | } |
| 90 | |
| 91 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| @@ -371,24 +371,27 @@ | |
| 371 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 372 | @ is able to change the repository to |
| 373 | @ which this program is linked. |
| 374 | @ </p></li> |
| 375 | @ |
| 376 | @ <li><p> |
| 377 | @ No login is required for user "<b>nobody</b>". The capabilities |
| 378 | @ of this user are available to anyone without supplying a username or |
| 379 | @ password. To disable nobody access, make sure there is no user |
| 380 | @ with an ID of <b>nobody</b> or that the nobody user has no |
| 381 | @ capabilities enabled. The password for the noloing user is ignore. |
| 382 | @ </p></li> |
| 383 | @ |
| 384 | @ <li><p> |
| 385 | @ Login is required for user "<b>anonymous</b>" but the password |
| 386 | @ is displayed on the login screen beside the password entry box |
| 387 | @ so anybody who can read should be able to login as anonymous. |
| 388 | @ On the other hand, spiders and web-crawlers will typically not |
| 389 | @ be able to login. Set the capabilities of the anonymous user |
| 390 | @ to things that you want any human to be able to do, but no any |
| 391 | @ spider. |
| 392 | @ </p></li> |
| 393 | @ </form> |
| 394 | style_footer(); |
| 395 | } |
| 396 | |
| 397 | |
| 398 |
+1
-1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -76,11 +76,11 @@ | ||
| 76 | 76 | @ <body bgcolor="white"> |
| 77 | 77 | @ <hr size="1"> |
| 78 | 78 | @ <table border="0" cellpadding="0" cellspacing="0" width="100%%"> |
| 79 | 79 | @ <tr><td valign="top" align="left"> |
| 80 | 80 | @ <big><big><b>%s(zTitle)</b></big></big><br> |
| 81 | - if( g.zLogin==0 || g.zLogin[0]==0 ){ | |
| 81 | + if( g.zLogin==0 ){ | |
| 82 | 82 | @ <small>not logged in</small> |
| 83 | 83 | zLogInOut = "Login"; |
| 84 | 84 | }else{ |
| 85 | 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | 86 | } |
| 87 | 87 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -76,11 +76,11 @@ | |
| 76 | @ <body bgcolor="white"> |
| 77 | @ <hr size="1"> |
| 78 | @ <table border="0" cellpadding="0" cellspacing="0" width="100%%"> |
| 79 | @ <tr><td valign="top" align="left"> |
| 80 | @ <big><big><b>%s(zTitle)</b></big></big><br> |
| 81 | if( g.zLogin==0 || g.zLogin[0]==0 ){ |
| 82 | @ <small>not logged in</small> |
| 83 | zLogInOut = "Login"; |
| 84 | }else{ |
| 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | } |
| 87 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -76,11 +76,11 @@ | |
| 76 | @ <body bgcolor="white"> |
| 77 | @ <hr size="1"> |
| 78 | @ <table border="0" cellpadding="0" cellspacing="0" width="100%%"> |
| 79 | @ <tr><td valign="top" align="left"> |
| 80 | @ <big><big><b>%s(zTitle)</b></big></big><br> |
| 81 | if( g.zLogin==0 ){ |
| 82 | @ <small>not logged in</small> |
| 83 | zLogInOut = "Login"; |
| 84 | }else{ |
| 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | } |
| 87 |