Fossil

Check-in [00b778bd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added new config option with the rather unwieldy name 'anon-login-enable-captcha-filler'
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 00b778bd585d92646741bca9755cbe6fa7cf4567
User & Date: stephan 2009-12-07 22:42:42
Context
2009-12-08
10:10
rolled back my last commit for stripping P tags around UL/OL, which had broken logic. check-in: 083cad82 user: stephan tags: trunk
2009-12-07
22:42
Added new config option with the rather unwieldy name 'anon-login-enable-captcha-filler' check-in: 00b778bd user: stephan tags: trunk
22:29
added second half of fix in #6f0df6c741 check-in: 239139a9 user: stephan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/db.c.

1430
1431
1432
1433
1434
1435
1436






1437
1438
1439
1440
1441
1442
1443
....
1475
1476
1477
1478
1479
1480
1481

1482
1483
1484
1485
1486
1487
1488
**
** The "setting" command with no arguments lists all properties and their
** values.  With just a property name it shows the value of that property.
** With a value argument it changes the property for the current repository.
**
** The "unset" command clears a property setting.
**






**    autosync         If enabled, automatically pull prior to
**                     commit or update and automatically push
**                     after commit or tag or branch creation.
**
**    diff-command     External command to run when performing a diff.
**                     If undefined, the internal text diff will be used.
**
................................................................................
**    web-browser      A shell command used to launch your preferred
**                     web browser when given a URL as an argument.
**                     Defaults to "start" on windows, "open" on Mac,
**                     and "firefox" on Unix.
*/
void setting_cmd(void){
  static const char *azName[] = {

    "autosync",
    "diff-command",
    "dont-push",
    "editor",
    "gdiff-command",
    "http-port",
    "localauth",







>
>
>
>
>
>







 







>







1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
....
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
**
** The "setting" command with no arguments lists all properties and their
** values.  With just a property name it shows the value of that property.
** With a value argument it changes the property for the current repository.
**
** The "unset" command clears a property setting.
**
**
**    anon-login-enable-captcha-filler
**                     If enabled, the Login page will provide a button
**                     which uses JavaScript to fill out the captcha for
**                     the user. (Most bots cannot use JavaScript.)
**
**    autosync         If enabled, automatically pull prior to
**                     commit or update and automatically push
**                     after commit or tag or branch creation.
**
**    diff-command     External command to run when performing a diff.
**                     If undefined, the internal text diff will be used.
**
................................................................................
**    web-browser      A shell command used to launch your preferred
**                     web browser when given a URL as an argument.
**                     Defaults to "start" on windows, "open" on Mac,
**                     and "firefox" on Unix.
*/
void setting_cmd(void){
  static const char *azName[] = {
    "anon-login-enable-captcha-filler",
    "autosync",
    "diff-command",
    "dont-push",
    "editor",
    "gdiff-command",
    "http-port",
    "localauth",

Changes to src/login.c.

223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
...
248
249
250
251
252
253
254


255
256
257
258
259
260
261
262




263
264
265
266
267
268
269
    @   <td><input type="text" id="u" name="u" value="anonymous" size=30></td>
  }else{
    @   <td><input type="text" id="u" name="u" value="" size=30></td>
  }
  @ </tr>
  @ <tr>
  @  <td align="right">Password:</td>
  @   <td><input type="password" name="p" value="" size=30></td>
  @ </tr>
  if( g.zLogin==0 ){
    zAnonPw = db_text(0, "SELECT pw FROM user"
                         " WHERE login='anonymous'"
                         "   AND cap!=''");
  }
  @ <tr>
................................................................................
  }
  @ your user-id and password at the left and press the
  @ "Login" button.  Your user name will be stored in a browser cookie.
  @ You must configure your web browser to accept cookies in order for
  @ the login to take.</p>
  if( zAnonPw ){
    unsigned int uSeed = captcha_seed();


    char *zCaptcha = captcha_render(captcha_decode(uSeed));

    @ <input type="hidden" name="cs" value="%u(uSeed)">
    @ <p>Visitors may enter <b>anonymous</b> as the user-ID with
    @ the 8-character hexadecimal password shown below:</p>
    @ <center><table border="1" cellpadding="10"><tr><td><pre>
    @ %s(zCaptcha)
    @ </pre></td></tr></table></center>




    free(zCaptcha);
  }
  if( g.zLogin ){
    @ <br clear="both"><hr>
    @ <p>To log off the system (and delete your login cookie)
    @  press the following button:<br>
    @ <input type="submit" name="out" value="Logout"></p>







|







 







>
>
|

|




|
>
>
>
>







223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
...
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
    @   <td><input type="text" id="u" name="u" value="anonymous" size=30></td>
  }else{
    @   <td><input type="text" id="u" name="u" value="" size=30></td>
  }
  @ </tr>
  @ <tr>
  @  <td align="right">Password:</td>
  @   <td><input type="password" id="p" name="p" value="" size=30></td>
  @ </tr>
  if( g.zLogin==0 ){
    zAnonPw = db_text(0, "SELECT pw FROM user"
                         " WHERE login='anonymous'"
                         "   AND cap!=''");
  }
  @ <tr>
................................................................................
  }
  @ your user-id and password at the left and press the
  @ "Login" button.  Your user name will be stored in a browser cookie.
  @ You must configure your web browser to accept cookies in order for
  @ the login to take.</p>
  if( zAnonPw ){
    unsigned int uSeed = captcha_seed();
    char const * zDecoded = captcha_decode(uSeed);
    int iAllowPasswordFill = db_get_boolean( "anon-login-enable-captcha-filler", 0 );
    char *zCaptcha = captcha_render(zDecoded);

    @ <input type="hidden" name="cs" value="%u(uSeed)"/>
    @ <p>Visitors may enter <b>anonymous</b> as the user-ID with
    @ the 8-character hexadecimal password shown below:</p>
    @ <center><table border="1" cellpadding="10"><tr><td><pre>
    @ %s(zCaptcha)
    @ </pre></td></tr></table>
    if( iAllowPasswordFill ) {
        @ <input type="button" value="Fill out captcha" onclick="document.getElementById('u').value='anonymous'; document.getElementById('p').value='%s(zDecoded)';"/>
    }
    @ </center>
    free(zCaptcha);
  }
  if( g.zLogin ){
    @ <br clear="both"><hr>
    @ <p>To log off the system (and delete your login cookie)
    @  press the following button:<br>
    @ <input type="submit" name="out" value="Logout"></p>

Changes to src/setup.c.

267
268
269
270
271
272
273

274
275
276
277
278
279
280
...
335
336
337
338
339
340
341






342
343
344
345
346
347
348
...
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476


477
478


479
480
481
482
483
484
485
...
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630

  /* If we have all the necessary information, write the new or
  ** modified user record.  After writing the user record, redirect
  ** to the page that displays a list of users.
  */
  doWrite = cgi_all("login","info","pw") && !higherUser;
  if( doWrite ){

    char zCap[50];
    int i = 0;
    int aa = P("aa")!=0;
    int ad = P("ad")!=0;
    int ae = P("ae")!=0;
    int ai = P("ai")!=0;
    int aj = P("aj")!=0;
................................................................................
    }
    login_verify_csrf_secret();
    db_multi_exec(
       "REPLACE INTO user(uid,login,info,pw,cap) "
       "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')",
      uid, P("login"), P("info"), zPw, zCap
    );






    cgi_redirect("setup_ulist");
    return;
  }

  /* Load the existing information about the user, if any
  */
  zLogin = "";
................................................................................
  @   <td><input type="text" name="info" size=40 value="%h(zInfo)"></td>
  @ </tr>
  @ <tr>
  @   <td align="right" valign="top">Capabilities:</td>
  @   <td>
#define B(x) inherit[x]
  if( g.okSetup ){
    @    <input type="checkbox" name="as"%s(oas)>%s(B('s'))Setup</input><br>
  }
  @    <input type="checkbox" name="aa"%s(oaa)>%s(B('a'))Admin</input><br>
  @    <input type="checkbox" name="ad"%s(oad)>%s(B('d'))Delete</input><br>
  @    <input type="checkbox" name="ae"%s(oae)>%s(B('e'))Email</input><br>
  @    <input type="checkbox" name="ap"%s(oap)>%s(B('p'))Password</input><br>
  @    <input type="checkbox" name="ai"%s(oai)>%s(B('i'))Check-In</input><br>
  @    <input type="checkbox" name="ao"%s(oao)>%s(B('o'))Check-Out</input><br>
  @    <input type="checkbox" name="ah"%s(oah)>%s(B('h'))History</input><br>
  @    <input type="checkbox" name="au"%s(oau)>%s(B('u'))Reader</input><br>
  @    <input type="checkbox" name="av"%s(oav)>%s(B('v'))Developer</input><br>
  @    <input type="checkbox" name="ag"%s(oag)>%s(B('g'))Clone</input><br>
  @    <input type="checkbox" name="aj"%s(oaj)>%s(B('j'))Read Wiki</input><br>
  @    <input type="checkbox" name="af"%s(oaf)>%s(B('f'))New Wiki</input><br>
  @    <input type="checkbox" name="am"%s(oam)>%s(B('m'))Append Wiki</input><br>
  @    <input type="checkbox" name="ak"%s(oak)>%s(B('k'))Write Wiki</input><br>
  @    <input type="checkbox" name="ar"%s(oar)>%s(B('r'))Read Tkt</input><br>
  @    <input type="checkbox" name="an"%s(oan)>%s(B('n'))New Tkt</input><br>
  @    <input type="checkbox" name="ac"%s(oac)>%s(B('c'))Append Tkt</input><br>
  @    <input type="checkbox" name="aw"%s(oaw)>%s(B('w'))Write Tkt</input><br>
  @    <input type="checkbox" name="at"%s(oat)>%s(B('t'))Tkt Report</input><br>
  @    <input type="checkbox" name="az"%s(oaz)>%s(B('z'))Download Zip</input>
  @   </td>
  @ </tr>
  @ <tr>
  @   <td align="right">Password:</td>
  if( strcmp(zLogin, "anonymous")==0 ){


    /* User the password for "anonymous" as cleartext */
    @   <td><input type="text" name="pw" value="%h(zPw)"></td>


  }else if( zPw[0] ){
    /* Obscure the password for all other users */
    @   <td><input type="password" name="pw" value="**********"></td>
  }else{
    /* Show an empty password as an empty input field */
    @   <td><input type="password" name="pw" value=""></td>
  }
................................................................................
  @ <li><p>
  @ The "<b>developer</b>" user is intended as a template for trusted users
  @ with check-in privileges.  When adding new trusted users, simply
  @ select the <b>Developer</b> privilege to cause the new user to inherit
  @ all privileges of the "developer" user.  Similarly, the "<b>reader</b>"
  @ user is a template for users who are allowed more access than anonymous,
  @ but less than a developer.
  @ </li></p>
  @ </ul>
  @ </form>
  style_footer();
}


/*







>







 







>
>
>
>
>
>







 







|

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|





>
>

|
>
>







 







|







267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
...
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
...
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
...
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641

  /* If we have all the necessary information, write the new or
  ** modified user record.  After writing the user record, redirect
  ** to the page that displays a list of users.
  */
  doWrite = cgi_all("login","info","pw") && !higherUser;
  if( doWrite ){
    char const * anonLoginCheckedbox = PD("anonymousEnableAutofill",0);
    char zCap[50];
    int i = 0;
    int aa = P("aa")!=0;
    int ad = P("ad")!=0;
    int ae = P("ae")!=0;
    int ai = P("ai")!=0;
    int aj = P("aj")!=0;
................................................................................
    }
    login_verify_csrf_secret();
    db_multi_exec(
       "REPLACE INTO user(uid,login,info,pw,cap) "
       "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')",
      uid, P("login"), P("info"), zPw, zCap
    );
    if( anonLoginCheckedbox && (*anonLoginCheckedbox) ){
      db_set( "anon-login-enable-captcha-filler", "on", 0 );
    }
    else{
      db_set( "anon-login-enable-captcha-filler", "off", 0 );
    }
    cgi_redirect("setup_ulist");
    return;
  }

  /* Load the existing information about the user, if any
  */
  zLogin = "";
................................................................................
  @   <td><input type="text" name="info" size=40 value="%h(zInfo)"></td>
  @ </tr>
  @ <tr>
  @   <td align="right" valign="top">Capabilities:</td>
  @   <td>
#define B(x) inherit[x]
  if( g.okSetup ){
    @    <input type="checkbox" name="as"%s(oas)/>%s(B('s'))Setup<br>
  }
  @    <input type="checkbox" name="aa"%s(oaa)/>%s(B('a'))Admin<br>
  @    <input type="checkbox" name="ad"%s(oad)/>%s(B('d'))Delete<br>
  @    <input type="checkbox" name="ae"%s(oae)/>%s(B('e'))Email<br>
  @    <input type="checkbox" name="ap"%s(oap)/>%s(B('p'))Password<br>
  @    <input type="checkbox" name="ai"%s(oai)/>%s(B('i'))Check-In<br>
  @    <input type="checkbox" name="ao"%s(oao)/>%s(B('o'))Check-Out<br>
  @    <input type="checkbox" name="ah"%s(oah)/>%s(B('h'))History<br>
  @    <input type="checkbox" name="au"%s(oau)/>%s(B('u'))Reader<br>
  @    <input type="checkbox" name="av"%s(oav)/>%s(B('v'))Developer<br>
  @    <input type="checkbox" name="ag"%s(oag)/>%s(B('g'))Clone<br>
  @    <input type="checkbox" name="aj"%s(oaj)/>%s(B('j'))Read Wiki<br>
  @    <input type="checkbox" name="af"%s(oaf)/>%s(B('f'))New Wiki<br>
  @    <input type="checkbox" name="am"%s(oam)/>%s(B('m'))Append Wiki<br>
  @    <input type="checkbox" name="ak"%s(oak)/>%s(B('k'))Write Wiki<br>
  @    <input type="checkbox" name="ar"%s(oar)/>%s(B('r'))Read Tkt<br>
  @    <input type="checkbox" name="an"%s(oan)/>%s(B('n'))New Tkt<br>
  @    <input type="checkbox" name="ac"%s(oac)/>%s(B('c'))Append Tkt<br>
  @    <input type="checkbox" name="aw"%s(oaw)/>%s(B('w'))Write Tkt<br>
  @    <input type="checkbox" name="at"%s(oat)/>%s(B('t'))Tkt Report<br>
  @    <input type="checkbox" name="az"%s(oaz)/>%s(B('z'))Download Zip
  @   </td>
  @ </tr>
  @ <tr>
  @   <td align="right">Password:</td>
  if( strcmp(zLogin, "anonymous")==0 ){
    int enabled = db_get_boolean( "anon-login-enable-captcha-filler", 0 );
    char const * checked = enabled ? "checked=\"checked\"" : "";
    /* User the password for "anonymous" as cleartext */
    @   <td><input type="text" name="pw" value="%h(zPw)"/>
    @   <br/>Enable password-filler button for anonymous login? <input type="checkbox" name="anonymousEnableAutofill" %s(checked)/><br/>
    @   </td>
  }else if( zPw[0] ){
    /* Obscure the password for all other users */
    @   <td><input type="password" name="pw" value="**********"></td>
  }else{
    /* Show an empty password as an empty input field */
    @   <td><input type="password" name="pw" value=""></td>
  }
................................................................................
  @ <li><p>
  @ The "<b>developer</b>" user is intended as a template for trusted users
  @ with check-in privileges.  When adding new trusted users, simply
  @ select the <b>Developer</b> privilege to cause the new user to inherit
  @ all privileges of the "developer" user.  Similarly, the "<b>reader</b>"
  @ user is a template for users who are allowed more access than anonymous,
  @ but less than a developer.
  @ </p></li>
  @ </ul>
  @ </form>
  style_footer();
}


/*