| ︙ | | | ︙ | |
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
if( g.argc>=6 ){
blob_init(&passwd, g.argv[5], -1);
}else{
prompt_for_password("password: ", &passwd, 1);
}
zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
db_multi_exec(
"INSERT INTO user(login,pw,cap,info)"
"VALUES(%B,%Q,%B,%B)",
&login, zPw, &caps, &contact
);
free(zPw);
}else if( n>=2 && strncmp(g.argv[2],"default",n)==0 ){
user_select();
if( g.argc==3 ){
printf("%s\n", g.zLogin);
|
|
|
|
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
if( g.argc>=6 ){
blob_init(&passwd, g.argv[5], -1);
}else{
prompt_for_password("password: ", &passwd, 1);
}
zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
db_multi_exec(
"INSERT INTO user(login,pw,cap,info,mtime)"
"VALUES(%B,%Q,%B,%B,now())",
&login, zPw, &caps, &contact
);
free(zPw);
}else if( n>=2 && strncmp(g.argv[2],"default",n)==0 ){
user_select();
if( g.argc==3 ){
printf("%s\n", g.zLogin);
|
| ︙ | | | ︙ | |
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
zPrompt = mprintf("New password for %s: ", g.argv[3]);
prompt_for_password(zPrompt, &pw, 1);
}
if( blob_size(&pw)==0 ){
printf("password unchanged\n");
}else{
char *zSecret = sha1_shared_secret(blob_str(&pw), g.argv[3], 0);
db_multi_exec("UPDATE user SET pw=%Q WHERE uid=%d", zSecret, uid);
free(zSecret);
}
}else if( n>=2 && strncmp(g.argv[2],"capabilities",2)==0 ){
int uid;
if( g.argc!=4 && g.argc!=5 ){
usage("user capabilities USERNAME ?PERMISSIONS?");
}
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", g.argv[3]);
if( uid==0 ){
fossil_fatal("no such user: %s", g.argv[3]);
}
if( g.argc==5 ){
db_multi_exec(
"UPDATE user SET cap=%Q WHERE uid=%d", g.argv[4],
uid
);
}
printf("%s\n", db_text(0, "SELECT cap FROM user WHERE uid=%d", uid));
}else{
fossil_panic("user subcommand should be one of: "
"capabilities default list new password");
}
|
|
>
|
|
|
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
zPrompt = mprintf("New password for %s: ", g.argv[3]);
prompt_for_password(zPrompt, &pw, 1);
}
if( blob_size(&pw)==0 ){
printf("password unchanged\n");
}else{
char *zSecret = sha1_shared_secret(blob_str(&pw), g.argv[3], 0);
db_multi_exec("UPDATE user SET pw=%Q, mtime=now() WHERE uid=%d",
zSecret, uid);
free(zSecret);
}
}else if( n>=2 && strncmp(g.argv[2],"capabilities",2)==0 ){
int uid;
if( g.argc!=4 && g.argc!=5 ){
usage("user capabilities USERNAME ?PERMISSIONS?");
}
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", g.argv[3]);
if( uid==0 ){
fossil_fatal("no such user: %s", g.argv[3]);
}
if( g.argc==5 ){
db_multi_exec(
"UPDATE user SET cap=%Q, mtime=now() WHERE uid=%d",
g.argv[4], uid
);
}
printf("%s\n", db_text(0, "SELECT cap FROM user WHERE uid=%d", uid));
}else{
fossil_panic("user subcommand should be one of: "
"capabilities default list new password");
}
|
| ︙ | | | ︙ | |
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
|
g.zLogin = mprintf("%s", db_column_text(&s, 1));
}
db_finalize(&s);
}
if( g.userUid==0 ){
db_multi_exec(
"INSERT INTO user(login, pw, cap, info)"
"VALUES('anonymous', '', 'cfghjkmnoqw', '')"
);
g.userUid = db_last_insert_rowid();
g.zLogin = "anonymous";
}
}
|
|
|
|
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
g.zLogin = mprintf("%s", db_column_text(&s, 1));
}
db_finalize(&s);
}
if( g.userUid==0 ){
db_multi_exec(
"INSERT INTO user(login, pw, cap, info, mtime)"
"VALUES('anonymous', '', 'cfghjkmnoqw', '', now())"
);
g.userUid = db_last_insert_rowid();
g.zLogin = "anonymous";
}
}
|
| ︙ | | | ︙ | |
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
|
*/
void user_hash_passwords_cmd(void){
if( g.argc!=3 ) usage("REPOSITORY");
db_open_repository(g.argv[2]);
sqlite3_create_function(g.db, "shared_secret", 2, SQLITE_UTF8, 0,
sha1_shared_secret_sql_function, 0, 0);
db_multi_exec(
"UPDATE user SET pw=shared_secret(pw,login)"
" WHERE length(pw)>0 AND length(pw)!=40"
);
}
/*
** WEBPAGE: access_log
**
|
|
|
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
|
*/
void user_hash_passwords_cmd(void){
if( g.argc!=3 ) usage("REPOSITORY");
db_open_repository(g.argv[2]);
sqlite3_create_function(g.db, "shared_secret", 2, SQLITE_UTF8, 0,
sha1_shared_secret_sql_function, 0, 0);
db_multi_exec(
"UPDATE user SET pw=shared_secret(pw,login), mtime=now()"
" WHERE length(pw)>0 AND length(pw)!=40"
);
}
/*
** WEBPAGE: access_log
**
|
| ︙ | | | ︙ | |