Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make it harder to misconfigure the user accounts in a way that might give people greater access than intended. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
bbb8ae7ebf745fa28b7a280e70bc60e2 |
| User & Date: | drh 2009-09-15 18:44:51.000 |
References
|
2009-09-17
| ||
| 11:35 | • New ticket [e8ac83275f] Errors on the server side do not get well-propagated to the client side.. artifact: 2796ca6873 user: anonymous | |
| 11:29 | • New ticket [5adca29b9e] Text area for wiki, et. al. is fixed width and too narrow.. artifact: 4cfc1cc71a user: anonymous | |
| 10:26 | • New ticket [ab82a0bd21] Enhance [] linking syntax in the wiki to permit #LABEL for internal links.. artifact: 8ea89f07fb user: anonymous | |
Context
|
2009-09-16
| ||
| 14:50 | Make sure that bringing up the "/xfer" URL in a web-browser does something sensible (it redirects to the homepage.) Ticket [1d7bbe30aad51]. check-in: 39a144eb5c user: drh tags: trunk | |
|
2009-09-15
| ||
| 18:44 | Make it harder to misconfigure the user accounts in a way that might give people greater access than intended. check-in: bbb8ae7ebf user: drh tags: trunk | |
| 12:04 | Add a screen to prompt the user for the name of a new wiki page. check-in: aa57354736 user: drh tags: trunk | |
Changes
Changes to src/db.c.
| ︙ | ︙ | |||
930 931 932 933 934 935 936 |
db_multi_exec(
"INSERT INTO user(login, pw, cap, info)"
"VALUES(%Q,lower(hex(randomblob(3))),'s','')", zUser
);
if( !setupUserOnly ){
db_multi_exec(
"INSERT INTO user(login,pw,cap,info)"
| | | 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 |
db_multi_exec(
"INSERT INTO user(login, pw, cap, info)"
"VALUES(%Q,lower(hex(randomblob(3))),'s','')", zUser
);
if( !setupUserOnly ){
db_multi_exec(
"INSERT INTO user(login,pw,cap,info)"
" VALUES('anonymous',hex(randomblob(8)),'ghmncz','Anon');"
"INSERT INTO user(login,pw,cap,info)"
" VALUES('nobody','','jor','Nobody');"
"INSERT INTO user(login,pw,cap,info)"
" VALUES('developer','','dei','Dev');"
"INSERT INTO user(login,pw,cap,info)"
" VALUES('reader','','kptw','Reader');"
);
|
| ︙ | ︙ |
Changes to src/login.c.
| ︙ | ︙ | |||
177 178 179 180 181 182 183 |
free(zNow);
cgi_set_cookie(zCookieName, zCookie, 0, 6*3600);
redirect_to_g();
}
if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
uid = db_int(0,
"SELECT uid FROM user"
| | > > > > | | 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
free(zNow);
cgi_set_cookie(zCookieName, zCookie, 0, 6*3600);
redirect_to_g();
}
if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
uid = db_int(0,
"SELECT uid FROM user"
" WHERE login=%Q"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND pw=%Q",
zUsername, zPasswd
);
if( uid<=0 ){
sleep(1);
zErrMsg =
@ <p><font color="red">
@ You entered an unknown user or an incorrect password.
@ </font></p>
;
}else{
|
| ︙ | ︙ |
Changes to src/xfer.c.
| ︙ | ︙ | |||
385 386 387 388 389 390 391 392 393 394 395 396 397 398 |
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc = -1;
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%B"
" AND length(pw)>0",
pLogin
);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
| > | 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 |
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc = -1;
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%B"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND length(pw)>0",
pLogin
);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
|
| ︙ | ︙ |