if( i<nUsedQP ){
        memmove(aParamQP+i, aParamQP+i+1, sizeof(*aParamQP)*(nUsedQP-i));
      }
      return;
    }
  }
}

/*
** Return the number of query parameters.  Cookies and environment variables
** do not count.  Also, do not count the special QP "name".
*/
int cgi_qp_count(void){
  int cnt = 0;
  int i;
  for(i=0; i<nUsedQP; i++){
    if( aParamQP[i].isQP && fossil_strcmp(aParamQP[i].zName,"name")!=0 ) cnt++;
  }
  return cnt;
}

/*
** Add an environment varaible value to the parameter set.  The zName
** portion is fixed but a copy is be made of zValue.
*/
void cgi_setenv(const char *zName, const char *zValue){
  cgi_set_parameter_nocopy(zName, fossil_strdup(zValue), 0);

      fossil_exit(0);
    }
  }
  fossil_free(zDecode);
  return uid;
}

/*
** SETTING: robot-limiter                 boolean default=off
** If enabled, HTTP requests with one or more query parameters and
** without a REFERER string and without a valid login cookie are
** assumed to be hostile robots and are redirected to the honeypot.
** See also the robot-allow and robot-restrict settings which can
** be used to override the value of this setting for specific pages.
*/
/*
** SETTING: robot-allow                   width=40 block-text
** The VALUE of this setting is a list of GLOB patterns which match
** pages for which the robot-limiter is overwritten to false.  If this
** setting is missing or an empty string, then it is assumed to match
** nothing.
*/
/*
** SETTING: robot-restrict                width=40 block-text
** The VALUE of this setting is a list of GLOB patterns which match
** pages for which the robot-limiter setting should be enforced.
** In other words, if the robot-limiter is true and this setting either
** does not exist or is empty or matches the current page, then a
** redirect to the honeypot is issues.  If this setting exists
** but does not match the current page, then the robot-limiter setting
** is overridden to false.
*/

/*
** Check to see if the current HTTP request is a complex request that
** is coming from a robot and if access should restricted for such robots.
** For the purposes of this module, a "complex request" is an HTTP
** request with one or more query parameters.
**
** If this routine determines that robots should be restricted, then
** this routine publishes a redirect to the honeypot and exits without
** returning to the caller.
**
** This routine believes that this is a complex request is coming from
** a robot if all of the following are true:
**
**    *   The user is "nobody".
**    *   The REFERER field of the HTTP header is missing or empty.
**    *   There are one or more query parameters other than "name".
**
** Robot restrictions are governed by settings.
**
**    robot-limiter     The restrictions implemented by this routine only
**                      apply if this setting exists and is true.
**
**    robot-allow       If this setting exists and the page of the request
**                      matches the comma-separate GLOB list that is the
**                      value of this setting, then no robot restrictions
**                      are applied.
**
**    robot-restrict    If this setting exists then robot restrictions only
**                      apply to pages that match the comma-separated
**                      GLOB list that is the value of this setting.
*/
void login_restrict_robot_access(void){
  const char *zReferer;
  const char *zGlob;
  Glob *pGlob;
  int go = 1;
  if( g.zLogin!=0 ) return;
  zReferer = P("HTTP_REFERER");
  if( zReferer && zReferer[0]!=0 ) return;
  if( !db_get_boolean("robot-limiter",0) ) return;
  if( cgi_qp_count()<1 ) return;
  zGlob = db_get("robot-allow",0);
  if( zGlob && zGlob[0] ){
    pGlob = glob_create(zGlob);
    go = glob_match(pGlob, g.zPath);
    glob_free(pGlob);
    if( go ) return;
  }
  zGlob = db_get("robot-restrict",0);
  if( zGlob && zGlob[0] ){
    pGlob = glob_create(zGlob);
    go = glob_match(pGlob, g.zPath);
    glob_free(pGlob);
    if( !go ) return;
  }

  /* If we reach this point, it means we have a situation where we
  ** want to restrict the activity of a robot.
  */
  cgi_redirectf("%R/honeypot");
}  

/*
** This routine examines the login cookie to see if it exists and
** is valid.  If the login cookie checks out, it then sets global
** variables appropriately.
**
**    g.userUid      Database USER.UID value.  Might be -1 for "nobody"
**    g.zLogin       Database USER.LOGIN value.  NULL for user "nobody"

      uid = -1;
      zCap = "";
    }
    login_create_csrf_secret("none");
  }

  login_set_uid(uid, zCap);

  /* Maybe restrict access to robots */
  login_restrict_robot_access();
}

/*
** Set the current logged in user to be uid.  zCap is precomputed
** (override) capabilities.  If zCap==0, then look up the capabilities
** in the USER table.
*/

** and the SSH_CONNECTION environment variable is set.  Use the --test
** option on interactive sessions to avoid that special processing when
** using this command interactively over SSH.  A better solution would be
** to use a different command for "ssh" sync, but we cannot do that without
** breaking legacy.
**
** Options:
**   --nobody            Pretend to be user "nobody"
**   --test              Do not do special "sync" processing when operating
**                       over an SSH link
**   --th-trace          Trace TH1 execution (for debugging purposes)
**   --usercap   CAP     User capability string (Default: "sxy")
**
*/
void cmd_test_http(void){
  const char *zIpAddr;    /* IP address of remote client */
  const char *zUserCap;
  int bTest = 0;

  Th_InitTraceLog();
  zUserCap = find_option("usercap",0,1);
  if( !find_option("nobody",0,0) ){
    if( zUserCap==0 ){
      g.useLocalauth = 1;
      zUserCap = "sxy";
    }

    login_set_capabilities(zUserCap, 0);
  }
  bTest = find_option("test",0,0)!=0;
  g.httpIn = stdin;
  g.httpOut = stdout;
  fossil_binary_mode(g.httpOut);
  fossil_binary_mode(g.httpIn);
  g.zExtRoot = find_option("extroot",0,1);
  find_server_repository(2, 0);
  g.zReqType = "HTTP";

  @ computer is too large.  Set the threshold for disallowing expensive
  @ computations here.  Set this to 0.0 to disable the load average limit.
  @ This limit is only enforced on Unix servers.  On Linux systems,
  @ access to the /proc virtual filesystem is required, which means this limit
  @ might not work inside a chroot() jail.
  @ (Property: "max-loadavg")</p>

  @ <hr>
  onoff_attribute("Prohibit robots from issuing complex requests",
                  "robot-limiter", "rlb", 0, 0);
  @ <p> A "complex request" is an HTTP request that has one or more query
  @ parameters. Some robots will spend hours juggling around query parameters
  @ or even forging fake query parameters in an effort to discover new
  @ behavior or to find an SQL injection opportunity or similar.  This can
  @ waste hours of CPU time and gigabytes of bandwidth on the server.  Hence,
  @ it is recommended to turn this feature on to stop such nefarious behavior.
  @ (Property: robot-limiter)
  @
  @ <p> When enabled, complex requests from user "nobody" without a Referer
  @ redirect to the honeypot.
  @
  @ <p> Additional settings below allow positive and negative overrides of
  @ this complex request limiter. 
  @ <p><b>Allow Robots To See These Pages</b> (Property: robot-allow)<br>
  textarea_attribute("", 4, 80,
      "robot-allow", "rballow", "", 0);
  @ <p><b>Restrict Robots From Seeing Only These Pages</b>
  @ (Property: robot-restrict)<br>
  textarea_attribute("", 4, 80,
      "robot-restrict", "rbrestrict", "", 0);

  @ <hr>
  @ <p><input type="submit"  name="submit" value="Apply Changes"></p>
  @ </div></form>
  db_end_transaction(0);
  style_finish_page();
}