Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
History of file src/setupuser.c at check-in eabccae174afdf0f
|
2025-12-23
| ||
| 16:06 | Assorted fixes of typos and grammar in code comments. No functional changes. file: [08acbf2c94] check-in: [e2bdc10572] user: danield branch: trunk, size: 41453 | |
|
2025-07-05
| ||
| 11:35 | On the 'user capabilities changed' notification, correct /setup_uedit?uid=... to /setup_uedit?id=... file: [910baefbf5] check-in: [c786b19094] user: stephan branch: trunk, size: 41452 | |
|
2025-04-15
| ||
| 10:22 | Slightly simplify the previous checkin. file: [86e28decbe] check-in: [6a9c71f391] user: stephan branch: trunk, size: 41453 | |
| 10:15 | A proposed solution to the problem of /setup_ulist fails for repos with no subscriber table. Reported in [forum:e2b0008592f6a776|forum post e2b0008592f6a776]. file: [1eb8c40ce7] check-in: [e50a5aac37] user: stephan branch: trunk, size: 41477 | |
|
2025-04-08
| ||
| 15:58 | Change the user-elevation notification subscription to a user-perms-changed notification, per /chat disucssion. file: [07a8f5e879] check-in: [36f72c0872] user: stephan branch: trunk, size: 41363 | |
| 15:02 | In /setup_ulist, show the email address in the Alerts column so that accounts which have multiple notification subscriptions under different email addresses to not appear as visually-indistinguishable duplicates (they're distinguishable by the parameters for their subscription info link, but not to the naked eye). file: [af20c44d60] check-in: [a4f5a53c55] user: stephan branch: trunk, size: 40092 | |
| 12:43 | Change the message for the 'user elevation' notification to help clarify that it's not necessarily an elevation. Help/message text changes only - no functional changes. file: [6d1316a770] check-in: [eabccae174] user: stephan branch: trunk, size: 39855 | |
|
2025-03-09
| ||
| 07:39 | Update change log. Doc updates related to the user elevation subscription. file: [b707636bb0] check-in: [a5d2c9e826] user: stephan branch: useredit-note-elevation, size: 39859 | |
| 07:12 |
Cleanups, mostly docs, in the user elevation alerts. Document the currently-known ways which this particular alert differs from others. This needs more sanding-down | |
|
2025-03-08
| ||
| 14:47 | Send the alert for new users even if they have empty permissions. file: [674c2601c7] check-in: [5772d2f132] user: stephan branch: useredit-note-elevation, size: 39552 | |
| 14:43 | Slight simplification to the previous check-in. file: [2f620609ee] check-in: [28b4382e23] user: stephan branch: useredit-note-elevation, size: 39542 | |
| 14:41 | Distinguish between new and edited users in the admin log and the new alert. Self-registered users do not trigger an alert. file: [ac1306c44f] check-in: [a2ad05a855] user: stephan branch: useredit-note-elevation, size: 39639 | |
| 13:39 | Send notifications to subscribers with a 'u' subscription when setup_uedit adds new permissions to a user. file: [661e4c39b8] check-in: [a69c933e0c] user: stephan branch: useredit-note-elevation, size: 38876 | |
| 12:48 | Initial alerts infrastructure for user-elevation notifications. Alerts are not yet sent. file: [d6b5aeeb48] check-in: [54db7c07a7] user: stephan branch: useredit-note-elevation, size: 36855 | |
| 11:34 | Remove a duplicated query. file: [a43b2e63ae] check-in: [4332ba5d37] user: stephan branch: useredit-note-elevation, size: 36976 | |
| 11:31 | Initial steps toward more prominently recording when a user's permissions are elevated. This currently only changes the admin log output but the eventual intent is to enable optional email notifications when a user account is elevated. file: [c309a755aa] check-in: [22b648e9e5] user: stephan branch: useredit-note-elevation, size: 37021 | |
| 11:17 | In /setup_uedit, rename the locally-shadowed zCap to aCap to avoid confusion in a pending change. No functional changes. file: [ca6a49084a] check-in: [74b149f2e2] user: stephan branch: trunk, size: 36273 | |
|
2024-12-04
| ||
| 06:32 | Correct a mismatched TD HTML tag, as reported in [forum:5a7ca99ebe|forum post 5a7ca99ebe]. file: [25e70f55d7] check-in: [11dafcf68d] user: stephan branch: trunk, size: 36257 | |
|
2024-11-13
| ||
| 11:23 | Change the /setup_ulist page to show the most recently changed users first by default, as that seems to be the most common use case. file: [d47e2a3bb3] check-in: [7b0a237895] user: drh branch: trunk, size: 36257 | |
|
2024-09-03
| ||
| 09:47 | In /setup_uinfo, correct the URL parameter passed from the 'edit' link to /setup_uedit: id instead of uid. file: [aa855e8095] check-in: [a84b669e52] user: stephan branch: trunk, size: 36127 | |
|
2024-08-23
| ||
| 19:54 | New admin-only page /setup_uinfo that shows combined information from the USER and SUBSCRIBER tables about a single user. Give a hyperlink to this page when a timeline delivered to an admin says "by user". file: [ac128b1ec2] check-in: [24eb182248] user: drh branch: trunk, size: 36128 | |
|
2024-02-02
| ||
| 22:18 | Remove trailing whitespace from non-external C files. file: [85e0ec8a0b] check-in: [7db0a2d910] user: danield branch: fix-overlength-lines, size: 33415 | |
|
2023-09-18
| ||
| 15:10 | More intensive use of the Synchronizer Token Pattern for CSRF defense. file: [3b1136b8d5] check-in: [0a66be2b75] user: drh branch: csrf-defense-enhancement, size: 33416 | |
| 13:18 | Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. file: [c7da451cff] check-in: [88a402fe2a] user: drh branch: csrf-defense-enhancement, size: 33416 | |
|
2023-05-10
| ||
| 18:40 | Removed all of the XML-style " />" tag closing markers on empty tags such as "hr", "br", and "input" to placate modern HTML5 validators. That's the doctype we declare, not XHTML, so we should conform. (Besides which, the XHTML dream is dead.) file: [1d33f3201b] check-in: [f5482a0a79] user: wyoung branch: trunk, size: 33425 | |
|
2022-11-13
| ||
| 16:26 | Apply fixes to all web views to pass WCAG 2.1 tests performed by "axe DevTools" browser extension. Most fixes related to screen reader compatibility, like making sure that form elements have labels. Some color changes to improve contrast on Default skin. Made more HTML5 compliant. Minor improvement to select combo boxes for UX. Improved Search form UX. Two minor bug fixes for malformed HTML. Fixed help pages to resolve issues with non-compliant HTML being generated. Mostly documented at https://fossil-scm.org/forum/forumpost/aafb17a981df4166 file: [e93f31f3a0] check-in: [1f231db380] user: ericwikman branch: wcag-2.1, size: 33459 | |
|
2022-11-04
| ||
| 11:11 | Add a note to /setup_uedit that leaving the ostensibly populated password field unchanged will retain the current password, per discussion in [forum:0463cc2e87a3c676|forum post 0463cc2e87a3c676]. (Branched for later addition to v2.21.) file: [822f467a99] check-in: [fe37399487] user: stephan branch: setupuser-retain-pw, size: 33505 | |
|
2022-08-18
| ||
| 13:21 | Add the "Timeline" submenu link on the setup_edit page, for ordinary users. Change the "Access Log" link on that same page so that it is only present for ordinary users - not special users like "reader" or "developer". file: [4608c17a70] check-in: [6f70a236ce] user: drh branch: trunk, size: 33458 | |
|
2022-01-18
| ||
| 03:59 | When renaming a user, rename any matching subscription entry to avoid that the user can no longer subscribe with the new name because the email address is already mapped. Also log user renames to the admin log. This does not work across all login groups because we don't know if each member has the subscriber table. file: [7fe18356b3] check-in: [cdcffc413d] user: stephan branch: trunk, size: 33345 | |
|
2021-12-19
| ||
| 18:10 | Add the "E" and "F" capability letters to control reading and writing to the synclog. file: [edc4252116] check-in: [06b3ace4ce] user: drh branch: synclog, size: 32528 | |
|
2021-02-04
| ||
| 00:57 | Split off the automatic background color chooser into a separate source file "color.c". Add a separate routine "user_color()" to choose background colors based on user name. Abandon the "color-hash-seed" setting. Instead, provide the "user-color-map" setting for overriding the automatic color choices for a few users, which color collisions occur between key project members. file: [66d1c85ebb] check-in: [4d0af2a68f] user: drh branch: user-color-revamp, size: 32328 | |
|
2021-02-03
| ||
| 23:51 | Paint backgrounds with the hash_color for the login name when the "ubg" query parameter is given on the /setup_ulist page. file: [5192d98bb0] check-in: [eb1415d8c5] user: drh branch: trunk, size: 32328 | |
|
2021-01-02
| ||
| 13:39 | Provide suggested password in places where a users is required to invent a new password. file: [cff08bafee] check-in: [49f68be83b] user: drh branch: trunk, size: 32147 | |
|
2020-12-22
| ||
| 20:11 | Begin trying to integrate the chatroom prototype into the Fossil core. New code is in src/chat.c and src/chat.js. Add the new "C" capability to enable access to chat. The new code compiles but is not yet functional. (This is an incremental check-in.) The original tools/chat.tcl Wapp script is still available for reference. file: [f8785accf8] check-in: [217b0d2548] user: drh branch: chatroom-dev, size: 32075 | |
| 12:13 | Removed the parameter from style_finish_page() since the resulting content div class is now redundant with respect to the body class. This potentially breaks CSS made against old class names that a prior commit on this branch changed, but such skins would be made against an unreleased version of Fossil, it's unlikely many are using that first version of the feature anyway, and most of the class names did *not* change unless you were targeting a "div" instead of "body" or just a generic class name. None of the shipping skins are affected. file: [d7ad0a333f] check-in: [0e83ca88ce] user: wyoung branch: body-feature-class, size: 31980 | |
| 11:58 | Calling the new style_set_current_feature() function to override the new TH1 variable $current_feature for Fossil UI pages where the page name isn't what we want used as the "body" CSS class. For the most part, this matches the value currently being passed to style_finish_page(), but a few have changed with the benefit of hindsight. Not all calls to style_finish_page() have a corresponding call to the new function since the default value for $current_page now suffices. file: [e2b724b07a] check-in: [8ac0830bfc] user: wyoung branch: body-feature-class, size: 32057 | |
|
2020-12-19
| ||
| 15:59 | On the User List admin page, show the user's subscriptions and provide a like to the subscription page (if any). file: [421aff98fb] check-in: [8b287e8d97] user: drh branch: trunk, size: 31904 | |
|
2020-11-07
| ||
| 13:25 | Rename the "style_body_and_footer()" interface to "style_finish_page()" and add a more detailed header comment to the implementation. file: [b1a857a085] check-in: [942b2076c6] user: drh branch: default-css-cleanups, size: 31145 | |
|
2020-11-05
| ||
| 23:15 | Added a parameter to style_footer() and renamed it to match its actual function (style_body_and_footer()) so we can add a CSS class to each page that indicates which major Fossil feature served the page, so we can have module-specific CSS. file: [abc28b05a8] check-in: [ef5424b683] user: wyoung branch: default-css-cleanups, size: 31173 | |
|
2020-10-28
| ||
| 16:13 | When deleting a subscription, also provide the opportunity to delete the corresponding user. When deleting a user, always also delete subscriptions associated with that user. file: [4b57bec5a1] check-in: [b6b5a7dc62] user: drh branch: trunk, size: 31033 | |
|
2020-08-18
| ||
| 01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. file: [e26e425738] check-in: [ca9156aa0a] user: drh branch: sec2020, size: 30769 | |
|
2020-07-31
| ||
| 20:02 | Begin integrating the builtin_request_js() interface. file: [a87e8429e5] check-in: [13caa6e61e] user: drh branch: refactor-js-handling, size: 30599 | |
|
2020-05-16
| ||
| 01:08 | Integrate ARIA suggestions from Peter Laursen. file: [e28eb5df04] check-in: [7dd07b2e01] user: drh branch: trunk, size: 30603 | |
|
2020-04-24
| ||
| 00:49 | Add the ability to deny capabilities to self-registered accounts until the email verification comes through. file: [4e54d4b194] check-in: [3b7970e032] user: drh branch: restricted-self-registration, size: 30377 | |
|
2020-04-23
| ||
| 22:17 | Fix bugs in the /subscribe page that could allow an attacker to subscribe and verify without actually having a working email address. file: [b364c80f6c] check-in: [15e15298f8] user: drh branch: trunk, size: 30376 | |
|
2020-04-05
| ||
| 23:45 | Match the COMMAND and WEBPAGE names with _cmd and _page functions; forumpost/045bffda68 file: [d66b2d252f] check-in: [06afb7022f] user: ashepilko branch: api-cleanup, size: 30482 | |
|
2020-03-27
| ||
| 13:00 | Add the "unused" query parameter to the /setup_ulist page. file: [9f805c40d7] check-in: [7711a4fbc2] user: drh branch: trunk, size: 30460 | |
|
2020-03-26
| ||
| 14:48 | Set the autocomplete="off" parameter on the password input to the user editing screen. file: [3989fca47d] check-in: [a02385427f] user: drh branch: trunk, size: 29846 | |
|
2020-03-25
| ||
| 17:48 | Add the email address editing to the subscriber information screen (/alerts). Improved cross-linking between subscriber and user editing screens for administrators. file: [40fa7cc2a6] check-in: [54a6f098ec] user: drh branch: trunk, size: 29786 | |
|
2020-03-12
| ||
| 10:50 | Omit the 'd' capability (the ability to delete wiki and tickets). This capability does not do anything. Apparently, it is a hold-over from the old CVSTrac code. file: [631732f9ae] check-in: [3941824d85] user: drh branch: trunk, size: 29306 | |
|
2019-07-25
| ||
| 23:56 | Neither Setup nor Admin users get Write-Unversioned permission by default. And only Setup users are able to include Write-Unversioned permission when editing a user. file: [5c7982f3ce] check-in: [9ca4eb2bda] user: drh branch: trunk, size: 29277 | |
|
2019-05-17
| ||
| 07:27 | When deleting a user via /setup_uedit, also disapprove any pending-moderation entries for users which are no longer in the user table. This is programmatically simpler than only removing entries for the removed user but (potential corner case) would also disapprove pending modreq entries if a user account is renamed while moderation of their content is pending. file: [c99de47894] check-in: [b14cf3bc68] user: stephan branch: moderate-disapprove-on-user-delete, size: 29265 | |
| 05:58 | /setup_uedit now records deletion of a user in the administrative log. file: [28d88987ca] check-in: [25eae5150c] user: stephan branch: trunk, size: 29216 | |
|
2018-10-04
| ||
| 14:56 | On the /setup_ucap_list page, show the number of users having each capability, with a link to a list of users. This only works for administrators. file: [a83137eb8e] check-in: [594421796a] user: drh branch: trunk, size: 29113 | |
|
2018-08-30
| ||
| 16:05 | Add the ability to delete users to the /setup_uedit webpage. file: [53ae6abd6f] check-in: [1e5cdd35cd] user: drh branch: trunk, size: 28936 | |
|
2018-08-29
| ||
| 12:57 | Improvements to the capability listing page: /setup_ucap_list file: [732ca982b1] check-in: [8689cf8b83] user: drh branch: trunk, size: 27312 | |
|
2018-08-20
| ||
| 17:51 | Add automatic columnation of the capabilities in the /setup_uedit screen. file: [9b651cce6e] check-in: [4f4956f831] user: drh branch: mobile, size: 26641 | |
|
2018-08-17
| ||
| 13:04 | Added: Break out the user configuration pages into a separate "setupuser.c" source file. file: [611e3ac886] check-in: [a49ed35bb7] user: drh branch: trunk, size: 26696 | |