Fossil SCM
Allow writes to the accesslog table to record a login attempt even if the request is not from the same origin. This is needed in case a query request url it typed in manually but there is a cookie with login credentials that the browser adds automatically.
Commit
e31c2c01e16c9f6dac3065b7aba68d562bc5d41a1279eeed7cf4f7a7903f0517
Parent
884436ce749154d…
1 file changed
+2
+2
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -174,10 +174,11 @@ | ||
| 174 | 174 | static void record_login_attempt( |
| 175 | 175 | const char *zUsername, /* Name of user logging in */ |
| 176 | 176 | const char *zIpAddr, /* IP address from which they logged in */ |
| 177 | 177 | int bSuccess /* True if the attempt was a success */ |
| 178 | 178 | ){ |
| 179 | + db_unprotect(PROTECT_READONLY); | |
| 179 | 180 | if( db_get_boolean("access-log", 0) ){ |
| 180 | 181 | create_accesslog_table(); |
| 181 | 182 | db_multi_exec( |
| 182 | 183 | "INSERT INTO accesslog(uname,ipaddr,success,mtime)" |
| 183 | 184 | "VALUES(%Q,%Q,%d,julianday('now'));", |
| @@ -185,10 +186,11 @@ | ||
| 185 | 186 | ); |
| 186 | 187 | } |
| 187 | 188 | if( bSuccess ){ |
| 188 | 189 | alert_user_contact(zUsername); |
| 189 | 190 | } |
| 191 | + db_protect_pop(); | |
| 190 | 192 | } |
| 191 | 193 | |
| 192 | 194 | /* |
| 193 | 195 | ** Searches for the user ID matching the given name and password. |
| 194 | 196 | ** On success it returns a positive value. On error it returns 0. |
| 195 | 197 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | static void record_login_attempt( |
| 175 | const char *zUsername, /* Name of user logging in */ |
| 176 | const char *zIpAddr, /* IP address from which they logged in */ |
| 177 | int bSuccess /* True if the attempt was a success */ |
| 178 | ){ |
| 179 | if( db_get_boolean("access-log", 0) ){ |
| 180 | create_accesslog_table(); |
| 181 | db_multi_exec( |
| 182 | "INSERT INTO accesslog(uname,ipaddr,success,mtime)" |
| 183 | "VALUES(%Q,%Q,%d,julianday('now'));", |
| @@ -185,10 +186,11 @@ | |
| 185 | ); |
| 186 | } |
| 187 | if( bSuccess ){ |
| 188 | alert_user_contact(zUsername); |
| 189 | } |
| 190 | } |
| 191 | |
| 192 | /* |
| 193 | ** Searches for the user ID matching the given name and password. |
| 194 | ** On success it returns a positive value. On error it returns 0. |
| 195 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | static void record_login_attempt( |
| 175 | const char *zUsername, /* Name of user logging in */ |
| 176 | const char *zIpAddr, /* IP address from which they logged in */ |
| 177 | int bSuccess /* True if the attempt was a success */ |
| 178 | ){ |
| 179 | db_unprotect(PROTECT_READONLY); |
| 180 | if( db_get_boolean("access-log", 0) ){ |
| 181 | create_accesslog_table(); |
| 182 | db_multi_exec( |
| 183 | "INSERT INTO accesslog(uname,ipaddr,success,mtime)" |
| 184 | "VALUES(%Q,%Q,%d,julianday('now'));", |
| @@ -185,10 +186,11 @@ | |
| 186 | ); |
| 187 | } |
| 188 | if( bSuccess ){ |
| 189 | alert_user_contact(zUsername); |
| 190 | } |
| 191 | db_protect_pop(); |
| 192 | } |
| 193 | |
| 194 | /* |
| 195 | ** Searches for the user ID matching the given name and password. |
| 196 | ** On success it returns a positive value. On error it returns 0. |
| 197 |