Fossil

Check-in [fe019f94]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Change the name of the "anon-login-enable-captcha-filler" setting to "auto-captcha". Move the GUI setting of this setting over to the "Setup/Behavior" page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fe019f946b5853d9975b5e643f7b4505e4c0a268
User & Date: drh 2009-12-18 22:01:57
Context
2009-12-18
22:08
The previous "anon-captcha" check-in missed one spot. This check-in attempts to correct the problem. check-in: bb8193cf user: drh tags: trunk
22:01
Change the name of the "anon-login-enable-captcha-filler" setting to "auto-captcha". Move the GUI setting of this setting over to the "Setup/Behavior" page. check-in: fe019f94 user: drh tags: trunk
21:38
Change the name of the strnlen_() function in printf.c to StrNLen32(). check-in: 9a8fdf72 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/db.c.

1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445




1446
1447
1448
1449
1450
1451
1452
1453



1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489

1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
** The "setting" command with no arguments lists all properties and their
** values.  With just a property name it shows the value of that property.
** With a value argument it changes the property for the current repository.
**
** The "unset" command clears a property setting.
**
**
**    anon-login-enable-captcha-filler
**                     If enabled, the Login page will provide a button
**                     which uses JavaScript to fill out the captcha for
**                     the user. (Most bots cannot use JavaScript.)
**
**    autosync         If enabled, automatically pull prior to
**                     commit or update and automatically push
**                     after commit or tag or branch creation.




**
**    diff-command     External command to run when performing a diff.
**                     If undefined, the internal text diff will be used.
**
**    dont-push        Prevent this repository from pushing from client to
**                     server.  Useful when setting up a private branch.
**
**    editor           Text editor command used for check-in comments.



**
**    http-port        The TCP/IP port number to use by the "server"
**                     and "ui" commands.  Default: 8080
**
**    gdiff-command    External command to run when performing a graphical
**                     diff. If undefined, text diff will be used.
**
**    localauth        If enabled, require that HTTP connections from
**                     127.0.0.1 be authenticated by password.  If
**                     false, all HTTP requests from localhost have
**                     unrestricted access to the repository.
**
**    clearsign        When enabled (the default), fossil will attempt to
**                     sign all commits with gpg.  When disabled, commits will
**                     be unsigned.
**
**    pgp-command      Command used to clear-sign manifests at check-in.
**                     The default is "gpg --clearsign -o ".
**
**    mtime-changes    Use file modification times (mtimes) to detect when
**                     files have been modified.  
**
**    proxy            URL of the HTTP proxy.  If undefined or "off" then
**                     the "http_proxy" environment variable is consulted.
**                     If the http_proxy environment variable is undefined
**                     then a direct HTTP connection is used.
**
**    web-browser      A shell command used to launch your preferred
**                     web browser when given a URL as an argument.
**                     Defaults to "start" on windows, "open" on Mac,
**                     and "firefox" on Unix.
*/
void setting_cmd(void){
  static const char *azName[] = {
    "anon-login-enable-captcha-filler",
    "autosync",

    "diff-command",
    "dont-push",
    "editor",
    "gdiff-command",
    "http-port",
    "localauth",
    "clearsign",
    "pgp-command",
    "mtime-changes",
    "proxy",
    "web-browser",
  };
  int i;
  int globalFlag = find_option("global","g",0)!=0;
  int unsetFlag = g.argv[1][0]=='u';
  db_open_config(1);







<
|

|




>
>
>
>








>
>
>




<
<
<





|
<
|




<
<
<












|

>






|

<







1431
1432
1433
1434
1435
1436
1437

1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463



1464
1465
1466
1467
1468
1469

1470
1471
1472
1473
1474



1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497

1498
1499
1500
1501
1502
1503
1504
** The "setting" command with no arguments lists all properties and their
** values.  With just a property name it shows the value of that property.
** With a value argument it changes the property for the current repository.
**
** The "unset" command clears a property setting.
**
**

**    auto-captcha     If enabled, the Login page will provide a button
**                     which uses JavaScript to fill out the captcha for
**                     the "anonymous" user. (Most bots cannot use JavaScript.)
**
**    autosync         If enabled, automatically pull prior to
**                     commit or update and automatically push
**                     after commit or tag or branch creation.
**
**    clearsign        When enabled (the default), fossil will attempt to
**                     sign all commits with gpg.  When disabled, commits will
**                     be unsigned.
**
**    diff-command     External command to run when performing a diff.
**                     If undefined, the internal text diff will be used.
**
**    dont-push        Prevent this repository from pushing from client to
**                     server.  Useful when setting up a private branch.
**
**    editor           Text editor command used for check-in comments.
**
**    gdiff-command    External command to run when performing a graphical
**                     diff. If undefined, text diff will be used.
**
**    http-port        The TCP/IP port number to use by the "server"
**                     and "ui" commands.  Default: 8080
**



**    localauth        If enabled, require that HTTP connections from
**                     127.0.0.1 be authenticated by password.  If
**                     false, all HTTP requests from localhost have
**                     unrestricted access to the repository.
**
**    mtime-changes    Use file modification times (mtimes) to detect when

**                     files have been modified.  
**
**    pgp-command      Command used to clear-sign manifests at check-in.
**                     The default is "gpg --clearsign -o ".
**



**    proxy            URL of the HTTP proxy.  If undefined or "off" then
**                     the "http_proxy" environment variable is consulted.
**                     If the http_proxy environment variable is undefined
**                     then a direct HTTP connection is used.
**
**    web-browser      A shell command used to launch your preferred
**                     web browser when given a URL as an argument.
**                     Defaults to "start" on windows, "open" on Mac,
**                     and "firefox" on Unix.
*/
void setting_cmd(void){
  static const char *azName[] = {
    "auto-captcha",
    "autosync",
    "clearsign",
    "diff-command",
    "dont-push",
    "editor",
    "gdiff-command",
    "http-port",
    "localauth",
    "mtime-changes",
    "pgp-command",

    "proxy",
    "web-browser",
  };
  int i;
  int globalFlag = find_option("global","g",0)!=0;
  int unsetFlag = g.argv[1][0]=='u';
  db_open_config(1);

Changes to src/login.c.

248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

266

267
268
269
270
271
272
273
  }
  @ your user-id and password at the left and press the
  @ "Login" button.  Your user name will be stored in a browser cookie.
  @ You must configure your web browser to accept cookies in order for
  @ the login to take.</p>
  if( zAnonPw ){
    unsigned int uSeed = captcha_seed();
    char const * zDecoded = captcha_decode(uSeed);
    int iAllowPasswordFill = db_get_boolean( "anon-login-enable-captcha-filler", 0 );
    char *zCaptcha = captcha_render(zDecoded);

    @ <input type="hidden" name="cs" value="%u(uSeed)"/>
    @ <p>Visitors may enter <b>anonymous</b> as the user-ID with
    @ the 8-character hexadecimal password shown below:</p>
    @ <center><table border="1" cellpadding="10"><tr><td><pre>
    @ %s(zCaptcha)
    @ </pre></td></tr></table>
    if( iAllowPasswordFill ) {

        @ <input type="button" value="Fill out captcha" onclick="document.getElementById('u').value='anonymous'; document.getElementById('p').value='%s(zDecoded)';"/>

    }
    @ </center>
    free(zCaptcha);
  }
  if( g.zLogin ){
    @ <br clear="both"><hr>
    @ <p>To log off the system (and delete your login cookie)







|
|








|
>
|
>







248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
  }
  @ your user-id and password at the left and press the
  @ "Login" button.  Your user name will be stored in a browser cookie.
  @ You must configure your web browser to accept cookies in order for
  @ the login to take.</p>
  if( zAnonPw ){
    unsigned int uSeed = captcha_seed();
    char const *zDecoded = captcha_decode(uSeed);
    int bAutoCaptcha = db_get_boolean("auto-captcha", 0);
    char *zCaptcha = captcha_render(zDecoded);

    @ <input type="hidden" name="cs" value="%u(uSeed)"/>
    @ <p>Visitors may enter <b>anonymous</b> as the user-ID with
    @ the 8-character hexadecimal password shown below:</p>
    @ <center><table border="1" cellpadding="10"><tr><td><pre>
    @ %s(zCaptcha)
    @ </pre></td></tr></table>
    if( bAutoCaptcha ) {
        @ <input type="button" value="Fill out captcha"
        @  onclick="document.getElementById('u').value='anonymous';
        @           document.getElementById('p').value='%s(zDecoded)';"/>
    }
    @ </center>
    free(zCaptcha);
  }
  if( g.zLogin ){
    @ <br clear="both"><hr>
    @ <p>To log off the system (and delete your login cookie)

Changes to src/setup.c.

267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
...
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
...
812
813
814
815
816
817
818








819
820
821
822
823
824
825

  /* If we have all the necessary information, write the new or
  ** modified user record.  After writing the user record, redirect
  ** to the page that displays a list of users.
  */
  doWrite = cgi_all("login","info","pw") && !higherUser;
  if( doWrite ){
    char const * anonLoginCheckedbox = PD("anonymousEnableAutofill",0);
    char zCap[50];
    int i = 0;
    int aa = P("aa")!=0;
    int ad = P("ad")!=0;
    int ae = P("ae")!=0;
    int ai = P("ai")!=0;
    int aj = P("aj")!=0;
................................................................................
    }
    login_verify_csrf_secret();
    db_multi_exec(
       "REPLACE INTO user(uid,login,info,pw,cap) "
       "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')",
      uid, P("login"), P("info"), zPw, zCap
    );
    if( anonLoginCheckedbox && (*anonLoginCheckedbox) ){
      db_set( "anon-login-enable-captcha-filler", "on", 0 );
    }
    else{
      db_set( "anon-login-enable-captcha-filler", "off", 0 );
    }
    cgi_redirect("setup_ulist");
    return;
  }

  /* Load the existing information about the user, if any
  */
  zLogin = "";
................................................................................
  login_insert_csrf_secret();

  @ <hr>
  onoff_attribute("Automatically synchronize with repository",
                  "autosync", "autosync", 1);
  @ <p>Automatically keeps your work in sync with a centralized server.</p>









  @ <hr>
  onoff_attribute("Sign all commits with GPG",
                  "clearsign", "clearsign", 1);
  @ <p>When enabled (the default), fossil will attempt to
  @     sign all commits with GPG.  When disabled, commits will
  @    be unsigned.</p>  
  







<







 







<
<
<
<
<
<







 







>
>
>
>
>
>
>
>







267
268
269
270
271
272
273

274
275
276
277
278
279
280
...
335
336
337
338
339
340
341






342
343
344
345
346
347
348
...
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826

  /* If we have all the necessary information, write the new or
  ** modified user record.  After writing the user record, redirect
  ** to the page that displays a list of users.
  */
  doWrite = cgi_all("login","info","pw") && !higherUser;
  if( doWrite ){

    char zCap[50];
    int i = 0;
    int aa = P("aa")!=0;
    int ad = P("ad")!=0;
    int ae = P("ae")!=0;
    int ai = P("ai")!=0;
    int aj = P("aj")!=0;
................................................................................
    }
    login_verify_csrf_secret();
    db_multi_exec(
       "REPLACE INTO user(uid,login,info,pw,cap) "
       "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')",
      uid, P("login"), P("info"), zPw, zCap
    );






    cgi_redirect("setup_ulist");
    return;
  }

  /* Load the existing information about the user, if any
  */
  zLogin = "";
................................................................................
  login_insert_csrf_secret();

  @ <hr>
  onoff_attribute("Automatically synchronize with repository",
                  "autosync", "autosync", 1);
  @ <p>Automatically keeps your work in sync with a centralized server.</p>

  @ <hr>
  onoff_attribute("Show javascript button to fill in CAPTCHA",
                  "auto-captcha", "auto-captcha", 0);
  @ <p>When enabled, a button appears on the login screen for user
  @ "anonymous" that will automatically fill in the CAPTCHA password.
  @ This is less secure that forcing the user to do it manually, but is
  @ usually secure enough.</p>

  @ <hr>
  onoff_attribute("Sign all commits with GPG",
                  "clearsign", "clearsign", 1);
  @ <p>When enabled (the default), fossil will attempt to
  @     sign all commits with GPG.  When disabled, commits will
  @    be unsigned.</p>