fossil_exit(0);
    }
  }
  fossil_free(zDecode);
  return uid;
}

/*
** SETTING: robot-limiter                 boolean default=off
** If enabled, HTTP requests with one or more query parameters and
** without a REFERER string and without a valid login cookie are
** assumed to be hostile robots and are redirected to the honeypot.
** See also the robot-allow and robot-restrict settings which can
** be used to override the value of this setting for specific pages.
*/
/*
** SETTING: robot-allow                   width=40 block-text
** The VALUE of this setting is a list of GLOB patterns which match
** pages for which the robot-limiter is overwritten to false.  If this
** setting is missing or an empty string, then it is assumed to match
** nothing.
*/
/*
** SETTING: robot-restrict                width=40 block-text
** The VALUE of this setting is a list of GLOB patterns which match
** pages for which the robot-limiter setting should be enforced.
** In other words, if the robot-limiter is true and this setting either
** does not exist or is empty or matches the current page, then a
** redirect to the honeypot is issues.  If this setting exists
** but does not match the current page, then the robot-limiter setting
** is overridden to false.


*/

/*
** Check to see if the current HTTP request is a complex request that
** is coming from a robot and if access should restricted for such robots.
** For the purposes of this module, a "complex request" is an HTTP
** request with one or more query parameters.
**
** If this routine determines that robots should be restricted, then
** this routine publishes a redirect to the honeypot and exits without
** returning to the caller.
**
** This routine believes that this is a complex request is coming from
** a robot if all of the following are true:
**
**    *   The user is "nobody".
**    *   The REFERER field of the HTTP header is missing or empty.
**    *   There are one or more query parameters other than "name".
**
** Robot restrictions are governed by settings.
**
**    robot-limiter     The restrictions implemented by this routine only
**                      apply if this setting exists and is true.
**
**    robot-allow       If this setting exists and the page of the request
**                      matches the comma-separate GLOB list that is the
**                      value of this setting, then no robot restrictions
**                      are applied.
**
**    robot-restrict    If this setting exists then robot restrictions only
**                      apply to pages that match the comma-separated
**                      GLOB list that is the value of this setting.
*/
void login_restrict_robot_access(void){
  const char *zReferer;
  const char *zGlob;
  Glob *pGlob;
  int go = 1;
  if( g.zLogin!=0 ) return;
  zReferer = P("HTTP_REFERER");
  if( zReferer && zReferer[0]!=0 ) return;
  if( !db_get_boolean("robot-limiter",0) ) return;
  if( cgi_qp_count()<1 ) return;
  zGlob = db_get("robot-allow",0);
  if( zGlob && zGlob[0] ){
    pGlob = glob_create(zGlob);
    go = glob_match(pGlob, g.zPath);
    glob_free(pGlob);
    if( go ) return;
  }
  zGlob = db_get("robot-restrict",0);
  if( zGlob && zGlob[0] ){
    pGlob = glob_create(zGlob);
    go = glob_match(pGlob, g.zPath);
    glob_free(pGlob);
    if( !go ) return;
  }

  /* If we reach this point, it means we have a situation where we
  ** want to restrict the activity of a robot.
  */
  cgi_set_cookie("fossil-goto", cgi_reconstruct_original_url(), 0, 600);
  cgi_redirectf("%R/honeypot");
}  

  @ computations here.  Set this to 0.0 to disable the load average limit.
  @ This limit is only enforced on Unix servers.  On Linux systems,
  @ access to the /proc virtual filesystem is required, which means this limit
  @ might not work inside a chroot() jail.
  @ (Property: "max-loadavg")</p>

  @ <hr>
  onoff_attribute("Prohibit robots from issuing complex requests",
                  "robot-limiter", "rlb", 0, 0);
  @ <p> A "complex request" is an HTTP request that has one or more query
  @ parameters. Some robots will spend hours juggling around query parameters
  @ or even forging fake query parameters in an effort to discover new
  @ behavior or to find an SQL injection opportunity or similar.  This can
  @ waste hours of CPU time and gigabytes of bandwidth on the server.  Hence,
  @ it is recommended to turn this feature on to stop such nefarious behavior.

  @ (Property: robot-limiter)
  @
  @ <p> When enabled, complex requests from user "nobody" without a Referer
  @ redirect to the honeypot.
  @
  @ <p> Additional settings below allow positive and negative overrides of
  @ this complex request limiter. 
  @ <p><b>Allow Robots To See These Pages</b> (Property: robot-allow)<br>
  textarea_attribute("", 4, 80,
      "robot-allow", "rballow", "", 0);
  @ <p><b>Restrict Robots From Seeing Only These Pages</b>
  @ (Property: robot-restrict)<br>
  textarea_attribute("", 4, 80,
      "robot-restrict", "rbrestrict", "", 0);

  @ <hr>
  @ <p><input type="submit"  name="submit" value="Apply Changes"></p>
  @ </div></form>
  db_end_transaction(0);
  style_finish_page();