Fossil

Check-in [84e755e2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Only record the first 16 bits of the IP address as part of the login cookie. This allows users with shifting IP addresses to stay logged in. Hopefully, this will address ticket [305143bd876f6].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | release
Files: files | file ages | folders
SHA1:84e755e2139ca9cc2396c2cfa950f2ccffae1a61
User & Date: drh 2011-03-16 11:19:14
Original Comment: Only record the first 16 bits of the IP address as part of the login cookie. This allows users with shifting IP addresses to stay logged in. Hopefully, this will address ticket [305143bd876f6].
References
2011-03-19
21:00 New ticket [4fe7de44] Adding a mask for login cookie.... artifact: 232698f8 user: anonymous
Context
2011-03-17
15:33
When generating a tarball, remove the complete ".tar.gz" suffix from the filename to create the top-level directory name, not just the ".gz" part. check-in: 9ca5bbf8 user: drh tags: trunk
2011-03-16
11:19
Only record the first 16 bits of the IP address as part of the login cookie. This allows users with shifting IP addresses to stay logged in. Hopefully, this will address ticket [305143bd876f6]. check-in: 84e755e2 user: drh tags: trunk, release
04:12
"ls" alias to "list" subcommand of "fossil branch" command. check-in: 302213ed user: bharder tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/login.c.

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
...
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
...
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
 
      zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid);
      cgi_set_cookie(zCookieName, zCookie, 0, expires);
      record_login_attempt(zUsername, zIpAddr, 1);
      db_multi_exec(
        "UPDATE user SET cookie=%Q, ipaddr=%Q, "
        "  cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
        zCookie, zIpAddr, expires, uid
      );
      redirect_to_g();
    }
  }
  style_header("Login/Logout");
  @ %s(zErrMsg)
  @ <form action="login" method="post">
................................................................................
      ** corresponding entry in the user table. */
      uid = db_int(0, 
            "SELECT uid FROM user"
            " WHERE uid=%d"
            "   AND cookie=%Q"
            "   AND ipaddr=%Q"
            "   AND cexpire>julianday('now')",
            atoi(zCookie), zCookie, zRemoteAddr
         );
    }else if( memcmp(zCookie,"anon/",5)==0 ){
      /* Cookies of the form "anon/TIME/HASH".  The TIME must not be
      ** too old and the sha1 hash of TIME+IPADDR+SECRET must match HASH.
      ** SECRET is the "captcha-secret" value in the repository.
      */
      double rTime;
................................................................................

        zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid);
        cgi_set_cookie(zCookieName, zCookie, 0, expires);
        record_login_attempt(zUsername, zIpAddr, 1);
        db_multi_exec(
            "UPDATE user SET cookie=%Q, ipaddr=%Q, "
            "  cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
            zCookie, zIpAddr, expires, uid
            );
        redirect_to_g();

      }
    }
  }








|







 







|







 







|







253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
...
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
...
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
 
      zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid);
      cgi_set_cookie(zCookieName, zCookie, 0, expires);
      record_login_attempt(zUsername, zIpAddr, 1);
      db_multi_exec(
        "UPDATE user SET cookie=%Q, ipaddr=%Q, "
        "  cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
        zCookie, ipPrefix(zIpAddr), expires, uid
      );
      redirect_to_g();
    }
  }
  style_header("Login/Logout");
  @ %s(zErrMsg)
  @ <form action="login" method="post">
................................................................................
      ** corresponding entry in the user table. */
      uid = db_int(0, 
            "SELECT uid FROM user"
            " WHERE uid=%d"
            "   AND cookie=%Q"
            "   AND ipaddr=%Q"
            "   AND cexpire>julianday('now')",
            atoi(zCookie), zCookie, ipPrefix(zRemoteAddr)
         );
    }else if( memcmp(zCookie,"anon/",5)==0 ){
      /* Cookies of the form "anon/TIME/HASH".  The TIME must not be
      ** too old and the sha1 hash of TIME+IPADDR+SECRET must match HASH.
      ** SECRET is the "captcha-secret" value in the repository.
      */
      double rTime;
................................................................................

        zCookie = db_text(0, "SELECT '%d/' || hex(randomblob(25))", uid);
        cgi_set_cookie(zCookieName, zCookie, 0, expires);
        record_login_attempt(zUsername, zIpAddr, 1);
        db_multi_exec(
            "UPDATE user SET cookie=%Q, ipaddr=%Q, "
            "  cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
            zCookie, ipPrefix(zIpAddr), expires, uid
            );
        redirect_to_g();

      }
    }
  }