178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
-
+
|
@ <td data-sortkey='%f(rATime)' style='white-space:nowrap'>%s(zAge?zAge:"")
@ </tr>
fossil_free(zAge);
}
@ </tbody></table>
db_finalize(&s);
style_table_sorter();
style_footer();
style_body_and_footer("setupuser");
}
/*
** WEBPAGE: setup_ulist_notes
**
** A documentation page showing notes about user configuration. This
** information used to be a side-bar on the user list page, but has been
|
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
-
+
|
@ <span class="usertype">nobody</span>.
@ </p></li>
@
@ <li><p>The permission flags are as follows:</p>
capabilities_table(CAPCLASS_ALL);
@ </li>
@ </ol>
style_footer();
style_body_and_footer("setupuser");
}
/*
** WEBPAGE: setup_ucap_list
**
** A documentation page showing the meaning of the various user capabilities
** code letters.
|
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
-
+
|
capabilities_table(CAPCLASS_TKT);
@ <h1>Capabilities associated with wiki</h1>
capabilities_table(CAPCLASS_WIKI);
@ <h1>Administrative capabilities</h1>
capabilities_table(CAPCLASS_SUPER);
@ <h1>Miscellaneous capabilities</h1>
capabilities_table(CAPCLASS_OTHER);
style_footer();
style_body_and_footer("setupuser");
}
/*
** Return true if zPw is a valid password string. A valid
** password string is:
**
** (1) A zero-length string, or
|
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
|
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
|
-
+
-
+
|
if( strlen(zLogin)==0 ){
const char *zRef = cgi_referer("setup_ulist");
style_header("User Creation Error");
@ <span class="loginError">Empty login not allowed.</span>
@
@ <p><a href="setup_uedit?id=%d(uid)&referer=%T(zRef)">
@ [Bummer]</a></p>
style_footer();
style_body_and_footer("setupuser");
return;
}
if( isValidPwString(zPw) ){
zPw = sha1_shared_secret(zPw, zLogin, 0);
}else{
zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid);
}
zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid);
if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d",zLogin,uid) ){
const char *zRef = cgi_referer("setup_ulist");
style_header("User Creation Error");
@ <span class="loginError">Login "%h(zLogin)" is already used by
@ a different user.</span>
@
@ <p><a href="setup_uedit?id=%d(uid)&referer=%T(zRef)">
@ [Bummer]</a></p>
style_footer();
style_body_and_footer("setupuser");
return;
}
login_verify_csrf_secret();
db_unprotect(PROTECT_USER);
db_multi_exec(
"REPLACE INTO user(uid,login,info,pw,cap,mtime) "
"VALUES(nullif(%d,0),%Q,%Q,%Q,%Q,now())",
|
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
|
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
|
-
+
|
const char *zRef = cgi_referer("setup_ulist");
style_header("User Change Error");
admin_log( "Error updating user '%q': %s'.", zLogin, zErr );
@ <span class="loginError">%h(zErr)</span>
@
@ <p><a href="setup_uedit?id=%d(uid)&referer=%T(zRef)">
@ [Bummer]</a></p>
style_footer();
style_body_and_footer("setupuser");
return;
}
}
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
|
872
873
874
875
876
877
878
879
880
|
872
873
874
875
876
877
878
879
880
|
-
+
|
@ <span class="usertype">developer</span>
@ user. Similarly, the <span class="usertype">reader</span> user is a
@ template for users who are allowed more access than
@ <span class="usertype">anonymous</span>,
@ but less than a <span class="usertype">developer</span>.
@ </p></li>
@ </ul>
style_footer();
style_body_and_footer("setupuser");
}
|