Fossil

History for src/login.c
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

History for src/login.c

2020-05-16
01:08
[f300a0e4] part of check-in [7dd07b2e] Integrate ARIA suggestions from Peter Laursen. (check-in: [7dd07b2e] user: drh branch: trunk, size: 70747)
2020-05-07
11:20
[b0ccada6] part of check-in [1422b022] Minor fix for [3d80481216]: Remove a duplicate "size" attribute, and insert a space before the backslash indicating line continuation, or the src/translate.c preprocessing utility will glue the lines together without any space in between. (check-in: [1422b022] user: florian branch: trunk, size: 70323)
2020-04-24
02:17
[fe5beba1] part of check-in [d048d86d] Add a new setting to disallow anonymous subscriptions. Anonymous subscriptions are enabled by default. (check-in: [d048d86d] user: drh branch: restricted-self-registration, size: 70332)
01:47
[013f7345] part of check-in [3d804812] When there are repeated errors on a subscription or self-registration entry form, do not force the user to reenter the captcha if they have already entered it correctly once. (check-in: [3d804812] user: drh branch: restricted-self-registration, size: 70280)
00:49
[66cc9e83] part of check-in [3b7970e0] Add the ability to deny capabilities to self-registered accounts until the email verification comes through. (check-in: [3b7970e0] user: drh branch: restricted-self-registration, size: 70050)
2020-04-23
23:00
[02adde93] part of check-in [fb38b925] Merge the /subscribe fix from trunk. (check-in: [fb38b925] user: drh branch: restricted-self-registration, size: 69641)
22:17
[abfd7f87] part of check-in [15e15298] Fix bugs in the /subscribe page that could allow an attacker to subscribe and verify without actually having a working email address. (check-in: [15e15298] user: drh branch: trunk, size: 68692)
18:36
[aac19c71] part of check-in [7916dbaa] Begin adding the ability to restrict self-registration to people with a particular email address pattern. This check-in provides the setting to specify the authorized email addresses, but an attacker can still lie about his email address and sneak in that way. Still a work-in-progress. (check-in: [7916dbaa] user: drh branch: restricted-self-registration, size: 69455)
2020-04-05
23:45
[134ef55c] part of check-in [06afb702] Match the COMMAND and WEBPAGE names with _cmd and _page functions; forumpost/045bffda68 (check-in: [06afb702] user: ashepilko branch: api-cleanup, size: 68506)
2020-04-01
12:57
[7d96c075] part of check-in [b13b651d] For self-registered accounts, increase the minimum userID length to 6 and check both the EVENT and USER tables for conflicting userIDs. (check-in: [b13b651d] user: drh branch: trunk, size: 68506)
2020-03-31
21:13
[e49791c8] part of check-in [7d18c40b] Eliminate IP prefix tracking as part of the login cookie. (check-in: [7d18c40b] user: drh branch: trunk, size: 68079)
2020-03-27
15:37
[3d5f87e9] part of check-in [ce4bece9] Do not use the IP address as part of the login cookie if the server is set to redirect all HTTP requests over to HTTPS. (check-in: [ce4bece9] user: drh branch: trunk, size: 69746)
2020-03-26
13:53
[6c4f63a8] part of check-in [32a8d110] Validate the email address in the subscription editing form. (check-in: [32a8d110] user: drh branch: trunk, size: 69652)
2020-03-14
14:25
[dd7cf75d] part of check-in [5a7d4494] Add the "Speakit" button to the /register page. (check-in: [5a7d4494] user: drh branch: trunk, size: 69645)
13:36
[7d77318f] part of check-in [a584491a] Put the "speak the text" buttons for captcha audio closer to the boxes in which the person must enter the text. (check-in: [a584491a] user: drh branch: trunk, size: 69579)
03:59
[4576b6a6] part of check-in [3b10bdd6] Add "Speak the text" buttons on captchas. (check-in: [3b10bdd6] user: drh branch: audio-captcha, size: 69471)
2020-03-12
18:03
[6292c1ef] part of check-in [7454cce8] Added comments and documentation for the removal of d cap. (check-in: [7454cce8] user: wyoung branch: eradicate-d-cap, size: 69434)
16:56
[f937531b] part of check-in [55a76439] An extension of [3941824d] to remove all mention of 'd' capability from the code, not just ifdef or comment it out. Also removes it from the docs and from the default capability set for Developer, dei -> ei. (check-in: [55a76439] user: wyoung branch: eradicate-d-cap, size: 69382)
10:50
[e9eb3600] part of check-in [3941824d] Omit the 'd' capability (the ability to delete wiki and tickets). This capability does not do anything. Apparently, it is a hold-over from the old CVSTrac code. (check-in: [3941824d] user: drh branch: trunk, size: 69523)
2020-02-19
21:41
[68ab16c4] part of check-in [6d0be557] Recognize the Pale Moon user agent string. (check-in: [6d0be557] user: mistachkin branch: trunk, size: 69507)
2019-09-19
14:14
[cb683f25] part of check-in [eb804dc6] In the db_get(N,D) function, if N is setting, then always leave D as NULL so that we use the published default value for that setting. (check-in: [eb804dc6] user: drh branch: trunk, size: 69440)
2019-09-05
02:29
[078133fb] part of check-in [a6ffdaf2] Fixed a bug introduced in [bcdc4c55] which breaks capabilities for all Admin and Setup users. (check-in: [a6ffdaf2] user: wyoung branch: trunk, size: 69442)
2019-09-04
19:56
[4a670742] part of check-in [bcdc4c55] Setup and Admin users should not automatically have have the Private capability. This reverses the principal change from check-in [b241130222]. (check-in: [bcdc4c55] user: mistachkin branch: trunk, size: 69438)
2019-08-31
16:42
[cea7d4a9] part of check-in [aa376391] Merge in latest from trunk. (check-in: [aa376391] user: andybradford branch: db-begin-txn-updates, size: 69478)
2019-08-23
05:22
[889d6724] part of check-in [739cd872] Fixed a few messages from the login-group command that referred to an apparent older name for the "join" sub-command, "add". This lead to a confusing symptom: "fossil login-group add foo" -> {unknown command "add" - should be "add" or "leave"}. (check-in: [739cd872] user: wyoung branch: trunk, size: 69484)
2019-07-25
23:56
[96ad6032] part of check-in [9ca4eb2b] Neither Setup nor Admin users get Write-Unversioned permission by default. And only Setup users are able to include Write-Unversioned permission when editing a user. (check-in: [9ca4eb2b] user: drh branch: trunk, size: 69482)
2019-07-23
18:20
[e2f7958e] part of check-in [cd11f921] Fix over-length lines in the logic.c source file. No logical changes. (check-in: [cd11f921] user: drh branch: trunk, size: 69495)
18:14
[0829b887] part of check-in [c921545b] Fix a typo in an internal function name. "logic" should be "login". (check-in: [c921545b] user: drh branch: trunk, size: 69480)
2019-06-10
04:48
[1570fe6d] part of check-in [60d25189] Disable the mouse-motion anti-robot requirement for devices that self-identify as a tablet or mobile device, and hence might never send mouse-motion events. (check-in: [60d25189] user: drh branch: tablet-antirobot-fix, size: 69903)
2019-06-06
21:13
[cf87900a] part of check-in [a8ff3c50] Another attempt to fix the login redirect processing. (check-in: [a8ff3c50] user: drh branch: trunk, size: 69480)
19:30
[bf378112] part of check-in [8d3d39fb] Attempt to fix the "login_needed()" function so that it correctly encodes the "g=" query parameter. (check-in: [8d3d39fb] user: drh branch: trunk, size: 69480)
2019-05-29
00:57
[c4ac693b] part of check-in [535714e3] In the "fossil login-group" command, make sure to leave one group before joining another. (check-in: [535714e3] user: drh branch: trunk, size: 69477)
2019-05-28
20:53
[b69b1669] part of check-in [fcec3edb] Make the new "login-group" command a secondary command in the help system so that one needs to include the "--all" option to see it. (check-in: [fcec3edb] user: drh branch: trunk, size: 69352)
20:51
[aa9c5669] part of check-in [c3ba504d] Add the login-group command for managing login groups from the command-line. (check-in: [c3ba504d] user: drh branch: trunk, size: 69351)
2019-03-23
21:47
[73e026de] part of check-in [643123d5] Fix password change reported on Fossil Forum bug by ending the form tag properly. (check-in: [643123d5] user: andybradford branch: trunk, size: 66577)
2019-03-19
14:09
[b56b7d89] part of check-in [6cc53548] Replace most calls to db_begin_transaction() with db_begin_write() to avoid having a reader locking during a COMMIT. (check-in: [6cc53548] user: andybradford branch: db-begin-txn-updates, size: 66557)
2019-01-21
17:33
[98cad4d4] part of check-in [f372e189] Provide the option to force all web page requests to go over HTTPS. (check-in: [f372e189] user: drh branch: https-all-pages-option, size: 66563)
2018-08-31
22:03
[0fda31b6] part of check-in [27769be9] Login and subscription forms work better on mobile. (check-in: [27769be9] user: drh branch: trunk, size: 67966)
21:07
[fd0d44c8] part of check-in [75c89def] Render captchas in a smaller font that works better on mobile. (check-in: [75c89def] user: drh branch: trunk, size: 68100)
11:59
[703041e2] part of check-in [d6cd1477] Fix the "Public Pages" setting so that the initial part of the path that identifies a particular repository is ignored. (check-in: [d6cd1477] user: drh branch: trunk, size: 68058)
10:47
[028cfec5] part of check-in [6898b3e7] Enhancements to the /sitemap page. New configuration options to add optional entries to the /sitemap page. (check-in: [6898b3e7] user: drh branch: trunk, size: 68004)
2018-08-30
21:19
[422e4f50] part of check-in [cfbbc537] Change the name of the "email.c" source file into "alerts.c". Make corresponding changes to various interfaces. (check-in: [cfbbc537] user: drh branch: refactor-alerts, size: 67943)
2018-08-26
02:20
[f9079718] part of check-in [3f12d406] Update JSON code to account for new capabilities. Also, the 'setup' and 'admin' capabilities should imply 'debug'. (check-in: [3f12d406] user: mistachkin branch: trunk, size: 67943)
2018-08-17
12:32
[9f878979] part of check-in [397d23c1] Improvements to privilege processing and the "Security Audit" page /secaudit0. (check-in: [397d23c1] user: drh branch: trunk, size: 67932)
2018-08-16
01:43
[a386d665] part of check-in [a4419c6c] Add comments to the /register page implementation. No logic changes. (check-in: [a4419c6c] user: drh branch: trunk, size: 67996)
2018-08-15
18:14
[e0d21004] part of check-in [4c43f2cd] Improvements to self-register (the /register page) so that it works correctly for users how are already subscribers and enter the subscriber email. (check-in: [4c43f2cd] user: drh branch: trunk, size: 67807)
2018-08-11
23:51
[254281ea] part of check-in [52b9caa5] Coding style tweak. (check-in: [52b9caa5] user: mistachkin branch: login-with-email, size: 66902)
23:47
[9e475741] part of check-in [7ce44fab] Update JSON code to account for new capabilities. Also, the 'setup' and 'admin' capabilities should imply 'debug'. (check-in: [7ce44fab] user: mistachkin branch: updNewCaps, size: 66298)
16:59
[1fccd3f6] part of check-in [33522ff4] Fix to checkin [8c91be8b], which was intended to allow the user to log in with the email found in the contact info field of the user table. That checkin is fine as far as it goes, but it only works if the caller doesn't subsequently try to use the passed user name for anything else, since it isn't actually a user name. This checkin causes the low-level login checking function to re-point the user name pointer at the actual login name discovered while scanning for matching email addresses. (check-in: [33522ff4] user: wyoung branch: login-with-email, size: 66896)
2018-08-10
23:28
[b16221ff] part of check-in [ad419331] Try to put the human name of the person who posted on the From: line of email notifications for new forum posts. (check-in: [ad419331] user: drh branch: trunk, size: 66287)
16:44
[00c7fd0a] part of check-in [8c91be8b] Allow login using either the username or the first email address found in the USER.INFO column. Note that it might be useful to create an index on user(find_emailaddr(info)) to make this efficient in the case where there are many rows in the user table. (check-in: [8c91be8b] user: drh branch: trunk, size: 66284)
2018-08-08
20:01
[be5cc7d6] part of check-in [2e308280] Enhance the /register page so that it also does email subscriptions if that is enabled for self-registered users. (check-in: [2e308280] user: drh branch: trunk, size: 65753)
2018-08-07
21:44
[c35d0739] part of check-in [014bb2d7] Fix harmless compiler warning. (check-in: [014bb2d7] user: mistachkin branch: trunk, size: 62922)
2018-07-31
01:03
[4e7cdb5c] part of check-in [009ca1f7] If the user is not logged in, prompt them to do so before continuing to the forum entry pages. (check-in: [009ca1f7] user: drh branch: forum-v2, size: 62918)
2018-07-30
23:29
[4fac229b] part of check-in [14335899] Improved login screen with a "Create A New Account" button. (check-in: [14335899] user: drh branch: forum-v2, size: 62854)
2018-07-25
13:21
[301e9699] part of check-in [94262a8c] Merge enhancements from trunk. (check-in: [94262a8c] user: drh branch: forum-v2, size: 62013)
13:20
[f470e301] part of check-in [fd319832] Add the 'D' Debug user capability. This is designed to show additional information and controls on webpages for debugging purposes. Also take steps to avoid trying to generate a webpage error message after the webpage has already gone out. (check-in: [fd319832] user: drh branch: trunk, size: 61341)
2018-07-24
13:30
[c6ab4621] part of check-in [d8b20a55] Revamp the /register page for added security. Require entry of a display name and email address. Validate the email address format and check for duplicate email addresses. (check-in: [d8b20a55] user: drh branch: forum-v2, size: 61900)
2018-07-14
19:57
[4484479a] part of check-in [09e6fc3d] Fixes to login checking for the skin editor. (check-in: [09e6fc3d] user: drh branch: trunk, size: 61228)
2018-06-26
01:24
[1ae037e7] part of check-in [65f57546] Initial implementation of the /announce webpage. (check-in: [65f57546] user: drh branch: trunk, size: 61215)
2018-06-21
22:37
[68d89a3a] part of check-in [84d0d853] Continuing refinement of the web pages for handling email subscriptions. (check-in: [84d0d853] user: drh branch: email-alerts, size: 60831)
17:07
[7a234965] part of check-in [4d13d948] Merge codecheck1 enhancements from trunk. (check-in: [4d13d948] user: drh branch: email-alerts, size: 60686)
16:40
[7e335c51] part of check-in [bb9233a6] Strengthen the codecheck1.c utility program to help find cases where query parameters are used in unsafe ways. No unsafe usage of query parameters was detected in the current code. (check-in: [bb9233a6] user: drh branch: trunk, size: 60429)
12:34
[f1af892e] part of check-in [e91143e8] Non-working code for the /subscribe and /alerts web pages. This is an incremental check-in. (check-in: [e91143e8] user: drh branch: email-alerts, size: 60686)
2018-06-20
22:53
[b3c64d1a] part of check-in [00bed59b] Do not show the "Change user:" form on the /logout page. It adds little value but much confusion. (check-in: [00bed59b] user: drh branch: trunk, size: 60429)
19:04
[13cf84d3] part of check-in [25eafed1] Add a new capability that allows signup for email notification. Change the name of the older "EMail" privilege to "View-PII" to avoid confusion. (check-in: [25eafed1] user: drh branch: trunk, size: 60383)
2018-06-15
20:48
[07e0d759] part of check-in [f8927901] Rough and untested implementation for forum display and reply. Add two new capabilities for posting to the forum not subject to moderation, and for the ability to edit posts from others. (check-in: [f8927901] user: drh branch: forum-brainstorm-1, size: 60266)
2018-06-14
19:17
[fb6a730b] part of check-in [1e363739] This code demonstrates ideas on how to implement a Forum feature in Fossil. This is just ideas - it is not even a working prototype. This change was originally stashed, but then I thought it better to check it in on a branch for the historical record. (check-in: [1e363739] user: drh branch: forum-brainstorm-1, size: 60206)
2018-02-28
13:46
[02f58804] part of check-in [61941baf] Modify an error message to avoid using an unquoted apostrophe. (check-in: [61941baf] user: mistachkin branch: trunk, size: 59926)
2018-02-16
19:57
[fef9c25b] part of check-in [01984ee0] Fix a typos and improve the wording on the failure-to-upgrade-to-HTTPS error screen. (check-in: [01984ee0] user: drh branch: trunk, size: 59925)
16:16
[186ab629] part of check-in [61733824] An HTTPS upgrade redirect loop now is broken and gives a warning. The "-nossl" is no longer the default on "fossil server". Warning messages are provided when trying to log in via an insecure connection. (check-in: [61733824] user: drh branch: trunk, size: 59948)
2018-01-03
18:56
[8f07f965] part of check-in [96dcb7e7] Accept both "127.0.0.1" and "::ffff:127.0.0.1" as valid loopback IP addresses. (check-in: [96dcb7e7] user: drh branch: trunk, size: 58819)
2017-12-06
11:14
[06b0402f] part of check-in [c6785fab] Move all inline javascript associated with the login screen into a separate script file. (check-in: [c6785fab] user: drh branch: trunk, size: 58834)
2017-11-30
17:58
[c0d8d19c] part of check-in [e7767de2] Refactor the symlink processing logic so that most of the file access routines take a new parameter indicating the conditions under which symlinks should and should not be followed. This should fix a few bugs related to symlink processing. Lots of testing required before merging to trunk. (check-in: [e7767de2] user: drh branch: symlink-refactor, size: 59047)
2017-05-12
17:22
[e79e6492] part of check-in [8e27a5a0] Change a few %s format letters into %h. (check-in: [8e27a5a0] user: drh branch: trunk, size: 59029)
2017-03-22
16:15
[c0932766] part of check-in [cc65959b] Fix harmless compiler warnings in the shell (check-in: [cc65959b] user: jan.nijtmans branch: trunk, size: 59029)
2017-03-15
00:31
[3e9df006] part of check-in [fd928b6e] added missing return type in login_basic_authentication() definition. (check-in: [fd928b6e] user: stephan branch: trunk, size: 59032)
00:19
[efc4f56c] part of check-in [2e76b99f] Simplify the Basic Authentication implementation, removing the need for the strtok_r() library function. (check-in: [2e76b99f] user: drh branch: trunk, size: 59028)
2017-03-14
14:38
[bf175ba3] part of check-in [6f523169] Fix build on mingw-w64 (which DOES have strtok_r) (check-in: [6f523169] user: jan.nijtmans branch: trunk, size: 60096)
01:55
[b274c3e7] part of check-in [93d52a01] Merge in small fixes to the test suite and plan to continue improving the suite in the trunk. Also kludge login.c on MinGW which has no strtok_r() available in its libc by supplying a public domain one. There certainly is a better way to deal with this, but this unbreaks the build on Windows broken by [315cf2436]. (check-in: [93d52a01] user: rberteig branch: trunk, size: 60094)
2017-03-13
01:12
[554b91c1] part of check-in [4fa4c021] Add the capability for Fossil to directly interpret the Authentication: HTTP header for Basic Authentication, if enabled on the /setup_access page. Disabled by default. (check-in: [4fa4c021] user: drh branch: basic-authentication-2, size: 59119)
2017-01-28
19:48
[d2ef19fe] part of check-in [8b562b90] Changing the password requires a 'real' login. (check-in: [8b562b90] user: mistachkin branch: trunk, size: 57191)
2016-10-14
06:15
[5b386cb8] part of check-in [d70f5278] Enhance the functionality of the Login Group feature to allow administrators to enable Login Group self-registration. (check-in: [d70f5278] user: andybradford branch: login-group-enhancements, size: 58952)
2016-08-19
00:13
[597ae479] part of check-in [d858f3da] Use the new SQLITE_DBCONFIG_MAINDBNAME feature of SQLite to eliminate the need for the db_name() hack. (check-in: [d858f3da] user: drh branch: omit-db_name, size: 56790)
2016-08-18
03:04
[10e0e9b7] part of check-in [ae36cd66] Defer copying the capabilities for the logged in user until after the special 'auto-hyperlink' processing is completed; otherwise, the anonymous permissions may not gain the 'h' permission. (check-in: [ae36cd66] user: mistachkin branch: anonPermHyperlink, size: 56814)
01:40
[60568dac] part of check-in [1f8a667f] Correct checking for the new 'y' permission (write unversioned files). (check-in: [1f8a667f] user: mistachkin branch: trunk, size: 56333)
2016-08-17
11:53
[0cece71b] part of check-in [0480400c] The admin and setup users automatically get the write-unversioned ('y') permission. (check-in: [0480400c] user: drh branch: unversioned-files, size: 56312)
2016-08-16
19:36
[5458c3b2] part of check-in [5d703ba2] Add the new "y" permission letter that gives authority to push unversioned files. (check-in: [5d703ba2] user: drh branch: unversioned-files, size: 56299)
2016-05-31
01:16
[13788b9e] part of check-in [abcd5df2] Improved handling of exclude_robots(). Add the "isrobot" query parameter for testing. (check-in: [abcd5df2] user: drh branch: trunk, size: 56229)
2016-05-30
21:10
[4bea2255] part of check-in [1e2d76ec] Add a new robot detection string. (check-in: [1e2d76ec] user: drh branch: trunk, size: 56144)
2016-02-01
03:56
[9010b621] part of check-in [62f8ac1f] Having the 'setup' or 'admin' permission should imply having the 'delete' and 'private' permissions as well (i.e. since they can change their own permissions anyhow). (check-in: [62f8ac1f] user: mistachkin branch: adminPerms, size: 55822)
2016-01-31
21:03
[4f4d333a] part of check-in [3c47e0c6] Minor corrections to comments for login_verify_csrf_secret(). (check-in: [3c47e0c6] user: mistachkin branch: trunk, size: 55755)
2015-09-24
02:03
[48e28e14] part of check-in [9271b4bb] Do not allow a login to occur if the USER.INFO field contains the text "expires YYYY-MM-DD" where YYYY-MM-DD is not in the future. (check-in: [9271b4bb] user: drh branch: trunk, size: 55680)
2015-05-18
15:01
[4747a3c1] part of check-in [270b80db] Fix (minor) memory leak in login_gen_user_cookie_value(). Consistantly use "x" as unknown project code, not "unknown" somtimes. (check-in: [270b80db] user: jan.nijtmans branch: trunk, size: 55550)
2015-04-27
13:19
[0a6cf870] part of check-in [7ab03289] Provide help text for all commands and webpages. (check-in: [7ab03289] user: drh branch: trunk, size: 55538)
2015-02-16
02:25
[2abcbfe5] part of check-in [73ec21e9] Fix typo on the Login page. Do not use the pointer cursor on report tables, except in clickable places. (check-in: [73ec21e9] user: drh branch: trunk, size: 55457)
2015-02-14
14:55
[db73eac1] part of check-in [bcebe55e] Added the referred_from_login() function and use it to enhance the /zip and /tarball pages so that they show a download button to click if the referrer page was /login. (check-in: [bcebe55e] user: drh branch: login-enhancements, size: 55457)
14:05
[d3fbff4f] part of check-in [72cddddb] Change default headers to show menu-bar items that would be available to user "anonymous" even if the current user is not logged in. (check-in: [72cddddb] user: drh branch: login-enhancements, size: 55097)
12:24
[49939325] part of check-in [2f50d427] When the user is "nobody", make the g.anon permission vector for "anonymous" available in addition to g.perm. Hyperlinks to pages that would be available to anonymous are shown rather than suppressed. When permission is denied and control jumps to login_needed() a new flag shows whether or not logging in as "anonymous" would help. Work in progress. (check-in: [2f50d427] user: drh branch: login-enhancements, size: 54605)
2015-02-11
11:09
[c2a3f8bb] part of check-in [1fee0377] Use the "%S" formatting option for human-readable SHA1 hashes and "%!S" for SHA1 hashes in URLs. The length of these hashes are compile-time configurable using FOSSIL_SHA1_PREFIX_LEN and FOSSIL_SHA1_URLPREFIX_LEN, respectively. Defaults: 10 and 16. (check-in: [1fee0377] user: drh branch: trunk, size: 54224)
2015-01-21
18:55
[df63c9e0] part of check-in [4bc5b6cf] Enhance the ad-unit processing to allow for tall right-side column ads as an alternative to banner ads. (check-in: [4bc5b6cf] user: drh branch: ad-unit-enhancement, size: 54240)
2015-01-15
09:28
[42c4ed73] part of check-in [080ab8cb] Remove spacings at end-of-line. No change in any functionality. (check-in: [080ab8cb] user: jan.nijtmans branch: trunk, size: 54205)
2014-11-13
16:09
[5873cbba] part of check-in [b85eb7db] Add a setup option that automatically redirects from HTTP to HTTPS on the login page, to prevent passwords from being sent in the clear over the internet. Off by default, for the sake of installations that do not support HTTPS. Also off for the "fossil ui" and "fossil server" commands. (check-in: [b85eb7db] user: drh branch: auto-https-redirect, size: 54209)
2014-11-11
12:15
[a64276d6] part of check-in [26b7b16a] Merge from trunk (check-in: [26b7b16a] user: ashish branch: ashish-ipv6, size: 53511)
2014-11-04
16:22
[bc2ba82b] part of check-in [96d1add9] Merge trunk (docker experiment continuing, but not yet in working state!) (check-in: [96d1add9] user: jan.nijtmans branch: docker, size: 53596)
13:28
[c208a41a] part of check-in [c96b12dd] Make sure login_cookie_name() always returns a non-NULL answer, even if it does not know the answer. (check-in: [c96b12dd] user: drh branch: trunk, size: 53493)
2014-10-20
15:01
[d62495a9] part of check-in [0a7e326f] Add a custom static analysis program that verifies the arguments to printf-style varargs routines used in Fossil. Adjust the source code to be more robust for printf format errors and to fix a few minor problems found by the static checker. (check-in: [0a7e326f] user: drh branch: compile-time-print-checking, size: 53467)
2014-10-14
13:10
[239f74a4] part of check-in [2271ea42] strglob() -> sqlite3_strglob() (check-in: [2271ea42] user: jan.nijtmans branch: trunk, size: 53432)
2014-10-03
11:44
[93b6c4c5] part of check-in [aaa7aeda] With this (dirty) hack, non-anonymous users can login in a docker-packed fossil image as well. (check-in: [aaa7aeda] user: jan.nijtmans branch: docker, size: 53568)
11:20
[415b67b8] part of check-in [dc87b664] Merge trunk. Further experimenting. With this I can log in as anonymous but not yet as admin. (check-in: [dc87b664] user: jan.nijtmans branch: docker, size: 53465)
09:10
[95257d0e] part of check-in [df6a3dbf] Make sure that login_check_credentials() doesn't crash if the cookie-name cannot be determined (e.g. when the project-code is not set yet). This is a mistake: there always should be a cookie-name. (check-in: [df6a3dbf] user: jan.nijtmans branch: mistake, size: 53448)
2014-08-07
10:02
[8a807713] part of check-in [4e18dba6] "char const" -> "const char" and various other coding style improvements. No functional change. (check-in: [4e18dba6] user: jan.nijtmans branch: trunk, size: 53377)
2014-07-20
13:20
[34c26924] part of check-in [c4fca467] Merge from trunk (check-in: [c4fca467] user: ashish branch: ashish-ipv6, size: 53423)
2014-04-29
00:31
[2f101c5d] part of check-in [a9235f4c] Set the mtime column of the USER table on a self-registration. (check-in: [a9235f4c] user: drh branch: trunk, size: 53379)
2014-04-23
16:47
[3b47e21f] part of check-in [1b4b8a95] Improvements to user management: (1) Provide a textarea for entering contact information. (2) Disable superfluous entry boxes for special users. (3) Give an error when creating a duplicate login name. (check-in: [1b4b8a95] user: drh branch: trunk, size: 53352)
2014-04-22
06:56
[c7dc8d71] part of check-in [2c95802c] Use SQLITE_UTF8 in stead of SQLITE_ANY everywhere, because SQLITE_ANY is deprecated in later SQLite and fossil uses UTF-8 everywhere anyway. (check-in: [2c95802c] user: jan.nijtmans branch: trunk, size: 53189)
2014-03-08
16:14
[cb003ce9] part of check-in [840b7622] Clean up and standardize the handling of user "nobody" and the g.zLogin global variable. (check-in: [840b7622] user: drh branch: trunk, size: 53187)
2014-02-27
08:19
[10199611] part of check-in [63462826] Cherry-pick [d5d7e640d0]: When on a Fossil web-page without being logged-in, pressing "Login" and doing a successful login will bring you back to the same web-page again. (check-in: [63462826] user: jan.nijtmans branch: branch-1.28, size: 52909)
2014-02-13
11:05
[c25ebdde] part of check-in [bce1128c] Remove obsolete XHTML legacy. (check-in: [bce1128c] user: jan.nijtmans branch: trunk, size: 52861)
2014-01-29
13:35
[53b825a8] part of check-in [d5d7e640] When on a Fossil web-page without being logged-in, pressing "Login" and doing a successful login will bring you back to the same web-page again. (check-in: [d5d7e640] user: jan.nijtmans branch: trunk, size: 52884)
2014-01-28
08:20
[47fdf8d8] part of check-in [45f35169] More removals of unnecessary end-of-line spaces. No change in code. (check-in: [45f35169] user: jan.nijtmans branch: trunk, size: 52688)
2014-01-04
23:00
[5874fbc3] part of check-in [70a374d9] Fix use of sqlite3_strglob: 0 means there is a match (check-in: [70a374d9] user: jan.nijtmans branch: sqlite-min-to-3.7.17, size: 52768)
20:51
[a1228931] part of check-in [c8c56468] Increase minimum SQLite requirement to 3.7.17, and make efficient use of the function sqlite3_strglob. This eliminates unnecessand sqlite (check-in: [c8c56468] user: jan.nijtmans branch: sqlite-min-to-3.7.17, size: 52753)
2013-12-25
07:16
[747f8845] part of check-in [a30d1f58] Merge from trunk (check-in: [a30d1f58] user: ashish branch: ashish-ipv6, size: 52757)
2013-12-16
08:52
[e9d37479] part of check-in [07a8e5d0] Recognize IE11's new UA string. (check-in: [07a8e5d0] user: joel branch: trunk, size: 52713)
2013-12-11
23:20
[83ba71fa] part of check-in [19de4b5b] Remove usage of the 'win32-longpath' VFS as it is unlikely to work correctly with the various MSVCRT functions currently required by Fossil. (check-in: [19de4b5b] user: mistachkin branch: trunk, size: 52635)
2013-12-10
13:23
[89ed5d6e] part of check-in [eb3899ce] Add new command line option "-vfs" which overrides the FOSSIL_VFS environment variable, and which works for all future DB connections. Fix .vfsname output when win32-longpath is chosen explicitly (already in SQLite trunk). (check-in: [eb3899ce] user: jan.nijtmans branch: trunk, size: 52425)
2013-12-04
09:36
[0ed02796] part of check-in [b3e32c8e] Styling: translate some tabs to spaces (check-in: [b3e32c8e] user: jan.nijtmans branch: trunk, size: 52987)
2013-12-03
13:49
[8a18d3c0] part of check-in [f8eefabe] Use "win32-longpath" as default (when available, overridable with FOSSIL_VFS environment variable) when accessing peer repositories. (check-in: [f8eefabe] user: jan.nijtmans branch: trunk, size: 52917)
2013-11-10
03:49
[66e6eb4e] part of check-in [8a7a45e0] Logic correction. Should check if the local db is open before trying to use it, not before checking if the variable is null. (check-in: [8a7a45e0] user: andybradford branch: pending-review, size: 52383)
00:02
[aaa16bcc] part of check-in [2fe1d804] Change fossil ui behavior to look for default-user first if set, otherwise look for user with Setup capability. (check-in: [2fe1d804] user: andybradford branch: pending-review, size: 52380)
2013-10-10
02:52
[13bcd7e8] part of check-in [9c3021b0] Merge from 'trunk' (check-in: [9c3021b0] user: ashish branch: ashish-ipv6, size: 52194)
2013-08-30
14:07
[f9891dde] part of check-in [ef8b9da0] Merge in latest features and fixes from trunk. (check-in: [ef8b9da0] user: andybradford branch: ssh-test-http, size: 52150)
2013-08-25
02:11
[780da40a] part of check-in [f8a2aa0c] Spiders and robots are presented with a captcha if they request the annotation page. (check-in: [f8a2aa0c] user: drh branch: trunk, size: 52105)
2013-08-17
23:05
[66a54b30] part of check-in [f0bb3c9b] Change SSH transport to use a single SSH connection if client/server willing. Add client header so server can detect when to use new mode. Also improve backwards compatibility for older SSH clients by responding to probes. (check-in: [f0bb3c9b] user: andybradford branch: ssh-test-http, size: 52157)
2013-08-12
12:37
[aca02222] part of check-in [e065d5b7] New g.isHuman global variable is set if we believe an HTTP request is coming a real human being, rather than a spider or bot. (check-in: [e065d5b7] user: drh branch: trunk, size: 52112)
2013-08-06
14:33
[3655fc9a] part of check-in [b1ffbfa4] When resetting capabilities, make sure that "anonymous" and "nobody" can be reapplied afterwards. (check-in: [b1ffbfa4] user: drh branch: trunk, size: 51882)
2013-04-21
08:08
[a7a4e41d] part of check-in [940b0b33] Merge with trunk - Remove reverse-proxying support which is already provided by --baseurl option. (check-in: [940b0b33] user: ashish branch: ashish-ipv6, size: 51907)
2013-04-09
13:26
[1e932b06] part of check-in [96f3e839] New spider-control logic: Optionally delay enabling hyperlinks or requiring mouse movement before enabling hyperlinks, controlled by the Setup/Access screen and the auto-hyperlink-delay and auto-hyperlink-mouseover settings. (check-in: [96f3e839] user: drh branch: trunk, size: 51859)
2013-03-14
21:14
[9f80610c] part of check-in [2bb8a7a8] Do not accept the SHA1 password hash as a legitimate password on the login screen. (check-in: [2bb8a7a8] user: drh branch: trunk, size: 51522)
2013-01-04
18:43
[0653afe8] part of check-in [ac103f64] auto-captcha should default to "off". (check-in: [ac103f64] user: drh branch: trunk, size: 51501)
2012-12-27
03:06
[9e8ee2a3] part of check-in [747e1e50] Do not interpret MSIE version 6 and earlier as "human" for the purposes of automatically enabling hyperlinks. (check-in: [747e1e50] user: drh branch: trunk, size: 51501)
2012-12-07
12:50
[123ae61b] part of check-in [54085d52] Get self-registration working again after adding javascript-activated forms. (check-in: [54085d52] user: drh branch: trunk, size: 51500)
2012-11-27
00:23
[92742314] part of check-in [77cd6e0d] Assume that the NetSurf browser is operated by a human. (check-in: [77cd6e0d] user: drh branch: trunk, size: 51494)
2012-11-20
22:28
[400ac68a] part of check-in [a4603263] Centralize escaping of reserved HTML characters in the captcha output. (check-in: [a4603263] user: mistachkin branch: trunk, size: 51443)
22:13
[903ff0b1] part of check-in [dfa35794] Change the action= attribute of <form> elements using javascript, as an additional defense against spam-bots. (check-in: [dfa35794] user: drh branch: trunk, size: 51443)
2012-11-08
09:20
[1fbb39f5] part of check-in [1858d202] a few more minor html5 violations (check-in: [1858d202] user: jan.nijtmans branch: trunk, size: 51476)
2012-11-04
12:59
[13661fdd] part of check-in [45065c5c] Fix typos. (check-in: [45065c5c] user: dmitry branch: spelling, size: 51472)
2012-11-01
14:34
[6ee28c68] part of check-in [b7ccf110] Wiki moderation now appears to be working. (check-in: [b7ccf110] user: drh branch: moderation, size: 51474)
2012-10-31
19:48
[2c22efa9] part of check-in [fc0bffd9] Add the wiki-moderator and ticket-moderator permissions. Not yet used. (check-in: [fc0bffd9] user: drh branch: trunk, size: 51414)
2012-10-30
10:23
[a8033f18] part of check-in [1167d7b1] Fix a typo in a comment. (check-in: [1167d7b1] user: drh branch: trunk, size: 51194)
2012-09-18
03:21
[8b4e8b1c] part of check-in [e771171c] Add experimental support for copying the initial settings of a repository from another repository. (check-in: [e771171c] user: mistachkin branch: newTemplate, size: 51195)
2012-08-31
20:46
[fa3f4f61] part of check-in [c19f34cb] Revert change [208d67675c]. The policy is to keep the Fossil source code ASCII even if Fossil itself is able to handle non-ASCII source files. Furthermore, the [208d67675c] change broken things. Also backout change [34fcb9634e] since it complicates the C code with unnecessary backslash characters in order to changes single-quotes to double-quotes in the generated HTML and Javascript, which is pointless. (check-in: [c19f34cb] user: drh branch: trunk, size: 51223)
2012-08-30
14:30
[a019c5b5] part of check-in [7c0f4eca] typos (check-in: [7c0f4eca] user: jan.nijtmans branch: trunk, size: 51222)
2012-08-29
13:57
[10651b92] part of check-in [9f6abc59] Allow UTF-8 characters in sources. translate.exe will translate it to ASCII (check-in: [9f6abc59] user: jan.nijtmans branch: msvc-broken, size: 51223)
2012-07-20
15:06
[46952b89] part of check-in [dfce20e4] Replaced $(x) with gebi(x), as per ML discussion. (check-in: [dfce20e4] user: stephan branch: trunk, size: 51224)
2012-07-19
21:44
[9593f272] part of check-in [97d651b8] Create a javascript function $(id) which is an alias for document.getElementById(id). Use the $(id) function everywhere that document.getElementById(id) was used. (check-in: [97d651b8] user: drh branch: trunk, size: 51215)
2012-06-29
15:59
[7d00e325] part of check-in [0328d681] Update to the latest SQLite4 that requires converting preprocessor macro prefixes from "SQLITE_" to "SQLITE4_". (check-in: [0328d681] user: drh branch: sqlite4, size: 51288)
2012-06-27
12:30
[9a041c2a] part of check-in [68239127] Begin a branch that is modified to use sqlite4 instead of sqlite3 as the storage engine. This check-in compiles (on unix) but does not work. (check-in: [68239127] user: drh branch: sqlite4, size: 51271)
2012-06-11
17:33
[803aa9f4] part of check-in [7a57ab64] merge trunk again... (previous merge was not from latest trunk from fossil-scm.org) (check-in: [7a57ab64] user: mgagnon branch: mgagnon_fix, size: 51343)
17:23
[23af7e9f] part of check-in [c109e66d] Merge in Trunk... (check-in: [c109e66d] user: mgagnon branch: mgagnon_fix, size: 50688)
2012-04-28
18:55
[a59fff19] part of check-in [cb5db759] Change the name of the auto-enable-hyperlinks setting to auto-hyperlink and make it available via the "fossil setting" command. Note: when upgrading through this change, if you formerly had auto-hyperlink turned off, you will have to turn it off again since the name has changed. It defaults to on. (check-in: [cb5db759] user: drh branch: trunk, size: 51301)
08:03
[8fad5e7e] part of check-in [d9c8a7dd] Refinements to the new hyperlink logic and spider defense. (check-in: [d9c8a7dd] user: drh branch: spider-defense, size: 51309)
07:15
[3902a2c5] part of check-in [8ae52fc4] Changes anchor tags (<a>) so that the href= attribute can be set by javascript rather than by HTML. This is to make it harder for spiders to follow the hyperlinks to every diff and annotation in the project history. It all seems to work, but it needs further testing and review before going live. (check-in: [8ae52fc4] user: drh branch: spider-defense, size: 51419)
2012-04-27
13:41
[9e729d9b] part of check-in [79ef9618] Provide the "public-pages" glob pattern that can allow anonymous users to access embedded documentation on sites where the source code should not be accessible to anonymous users. (check-in: [79ef9618] user: drh branch: trunk, size: 51285)
2012-04-17
20:37
[0628735b] part of check-in [cd4e0880] If a user tries to add an attachment which is a valid control artifact, compress the attachment and append ".gz" to its names, to prevent it from being interpreted as a real control artifact. Also fix an unrelated comment typo. (check-in: [cd4e0880] user: drh branch: trunk, size: 50647)
2012-03-31
17:13
[734a1143] part of check-in [dc97099a] fix for cookie mismatch for self-registered users (reported via mailing list). (check-in: [dc97099a] user: stephan branch: trunk, size: 50646)
13:22
[f907c1c2] part of check-in [49546c5a] Remove ambiguity in LOGIN_IGNORE_U and LOGIN_IGNORE_V flags by combining them into a single flag. (check-in: [49546c5a] user: drh branch: trunk, size: 51310)
2012-03-29
14:54
[c539de53] part of check-in [a496d8e8] Add vim modline everywhere (check-in: [a496d8e8] user: mgagnon branch: mgagnon_fix, size: 51395)
2012-03-19
05:24
[54db2bf3] part of check-in [e94c7cc4] Modify file_simplify_name to accept a parameter used to determine if the trailing slash, if any, should be retained. Make use of this when converting the local root to its canonical form. (check-in: [e94c7cc4] user: mistachkin branch: winFiles, size: 51353)
2012-03-15
17:54
[09754462] part of check-in [73038baa] Allow simultaneous logins to the same user account as long as the IP address is compatible. (check-in: [73038baa] user: drh branch: trunk, size: 51347)
2012-01-15
18:06
[f8571913] part of check-in [b3130baa] Merge latest changes from trunk (check-in: [b3130baa] user: ashish branch: ashish-ipv6, size: 51204)
2011-11-26
15:09
[0b323492] part of check-in [4fdb63d6] Further refinement of the robot/human discriminator. (check-in: [4fdb63d6] user: drh branch: trunk, size: 51145)
2011-11-25
21:44
[4c3759c5] part of check-in [9e680d63] Still more refinements to the human/robot discriminator. (check-in: [9e680d63] user: drh branch: trunk, size: 50922)
16:11
[34c99cf5] part of check-in [83284480] Enhancements to the UserAgent bot recognizer. We discovered earlier today on the Fossil server itself that it is very important not to misclassify bots as human since a spider that downloads every possible historical annotation and tarball and zip archive and diff can really load up a server and soak up a lot of bandwidth. (check-in: [83284480] user: drh branch: trunk, size: 50773)
09:36
[1653fb00] part of check-in [fe075f5d] Disallow the word "rawl" (as in crawler) in the user agent. (check-in: [fe075f5d] user: drh branch: trunk, size: 50272)
2011-11-13
09:11
[3e0e7fb6] part of check-in [c30eaa88] Merge with trunk (check-in: [c30eaa88] user: ashish branch: ashish-ipv6, size: 50262)
2011-11-05
03:45
[d7d97020] part of check-in [24e298ed] Fix some more compiler warnings seen with MSVC. (check-in: [24e298ed] user: mistachkin branch: trunk, size: 50203)
2011-11-04
20:37
[2810db50] part of check-in [525816e6] Added configure option --enable-json to enable json features. They are disabled by default. (check-in: [525816e6] user: json-demo branch: json, size: 50210)
2011-11-01
02:41
[9188d9a1] part of check-in [a72a8a80] s/guest/nobody/g in login_clear_login_data() query. (check-in: [a72a8a80] user: stephan branch: json, size: 50113)
2011-10-27
16:12
[75a6ae37] part of check-in [81d71d7b] merged in trunk [06e0cb70054d3c3], resolved conflict in login.c. (check-in: [81d71d7b] user: stephan branch: json, size: 50112)
2011-10-26
15:41
[0918f8e9] part of check-in [06e0cb70] Improvements to the User-Agent bot recognizer. Add the test-ishuman command for testing the bot recognizer. (check-in: [06e0cb70] user: drh branch: trunk, size: 46208)
14:58
[0c5fa224] part of check-in [98cc5206] Add configuration options under /Admin/Access to enable the automatic hyperlink enabling for nobody based on User-Agent. (check-in: [98cc5206] user: drh branch: trunk, size: 45783)
14:00
[f72fc70c] part of check-in [e059e5a2] Automatically enable hyperlinks for user agents that appear to be human. (check-in: [e059e5a2] user: drh branch: trunk, size: 45731)
03:29
[12082463] part of check-in [313ba5c6] Add an Admin/Access setting to govern the number of octets of the IP address to include in the login cookie. (check-in: [313ba5c6] user: drh branch: trunk, size: 44992)
2011-10-22
16:00
[de069082] part of check-in [acc253f4] Merged/resolved trunk [4092208afca3ff]. Accommodated changes in text_diff() signature. (check-in: [acc253f4] user: stephan branch: json, size: 48714)
2011-10-21
15:25
[f9de606e] part of check-in [080acb91] Fixed a minor mem leak. Got /json/user/save mostly working. (check-in: [080acb91] user: stephan branch: json, size: 48598)
2011-10-20
14:01
[ae341785] part of check-in [2f4a101c] Bug fix: Make sure the constant_time_cmp() SQL function is registered when rendering the login page. (check-in: [2f4a101c] user: drh branch: trunk, size: 44810)
2011-10-16
12:56
[2eb83ed0] part of check-in [1349e5ed] Merge latest changes from trunk (check-in: [1349e5ed] user: ashish branch: ashish-ipv6, size: 44753)
12:53
[bfcc1fd1] part of check-in [92c59f12] Add initial IPv6 support code (check-in: [92c59f12] user: ashish branch: ashish-ipv6, size: 44745)
10:04
[fff4232a] part of check-in [a40ac8fd] merged/resolved trunk [ee723ed98ddb0a]. (check-in: [a40ac8fd] user: stephan branch: json, size: 48545)
2011-10-14
00:06
[0849ed1d] part of check-in [fff43ebb] Add /*sort*/ marks to some SQL queries to disable warnings about sorting without an index. (check-in: [fff43ebb] user: drh branch: trunk, size: 44694)
2011-10-04
23:40
[6a1de45d] part of check-in [4fbf77d4] merged and conflict-resolved trunk [c0274f996266aef]. (check-in: [4fbf77d4] user: stephan branch: json, size: 48537)
14:34
[b03985a5] part of check-in [d244c484] Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. (check-in: [d244c484] user: dmitry branch: dmitry-security, size: 44686)
2011-09-29
21:06
[32b59a30] part of check-in [3782276d] Fix to the previous fix: install function to the correct database. (check-in: [3782276d] user: dmitry branch: dmitry-security, size: 44675)
21:04
[dcb8d4ed] part of check-in [6f29649e] Fix login groups. (check-in: [6f29649e] user: dmitry branch: dmitry-security, size: 44673)
17:21
[f1930572] part of check-in [7f110475] Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. (check-in: [7f110475] user: dmitry branch: dmitry-security, size: 44562)
2011-09-18
08:11
[f1e1e317] part of check-in [cebf9919] Implemented anonymous user login over JSON. Requires 2 requests (captcha-fetch and then login). (check-in: [cebf9919] user: stephan branch: json, size: 47564)
05:45
[24ed636f] part of check-in [b3653265] More cleanups to the cson_cgi removal refactoring. Added common "indent" parameter to control indentation of JSON (uses cson_output_opt.indentation semantics). (check-in: [b3653265] user: stephan branch: json, size: 46904)
2011-09-17
14:24
[ee7228d5] part of check-in [affdf56c] logout now fails if the auth token is not available to it (as a sanity check and potentially stop someone from logging out someone else). (check-in: [affdf56c] user: stephan branch: json, size: 46794)
2011-09-15
12:03
[950704eb] part of check-in [5b44a419] initial mass-change merge of main repo with my fork. (check-in: [5b44a419] user: stephan branch: json, size: 46399)
2011-09-14
17:45
[3c123c22] part of check-in [34b4dec0] Refactored g.okXXX perms flags to g.perm.XXX. (check-in: [34b4dec0] user: stephan branch: stephan-hack, size: 43671)
2011-06-02
14:56
[925509eb] part of check-in [74ecc4d6] Make sure the built-in "now()" function is available to peer-repository connections for single-signon operations. Ticket [3233c3dad99d57ad]. (check-in: [74ecc4d6] user: drh branch: trunk, size: 43822)
2011-05-27
12:03
[44271e3c] part of check-in [32ad9a15] Do not use strcmp() for comparison since the sort order can vary by locale. Use fossil_strcmp() instead. Ticket [3f0216560679fd41]. (check-in: [32ad9a15] user: drh branch: trunk, size: 43586)
2011-05-09
12:44
[81fbb3af] part of check-in [3bd2de4c] Fix an issue with inherited capabilities in the subrepo mechanism. (check-in: [3bd2de4c] user: drh branch: trunk, size: 43551)
2011-04-26
18:36
[05305899] part of check-in [42911838] Update the "configure" command so that the "import", "export", and "merge" subcommands use the new config format. (check-in: [42911838] user: drh branch: config-sync, size: 43225)
2011-04-15
20:42
[ab467d2b] part of check-in [7b700dfa] Make an entry in the access log when a login transfers from one member of a login group to another. (check-in: [7b700dfa] user: drh branch: trunk, size: 43205)
2011-04-14
11:50
[9106a372] part of check-in [e720f111] The --localauth option should look at the original IP address, not the abbreviated IP address. Ticket [b99a342a31039df19]. (check-in: [e720f111] user: drh branch: trunk, size: 43146)
2011-04-12
23:37
[4c6836c6] part of check-in [9df4dcb5] Fix a bug in single sign-on. Add comments to the login source code. (check-in: [9df4dcb5] user: drh branch: login-groups, size: 43058)
22:44
[b02ceac6] part of check-in [e9754eae] Update web logins so that they span all members of a login group. (check-in: [e9754eae] user: drh branch: login-groups, size: 41777)
2011-04-08
17:08
[e0438c92] part of check-in [eec32b99] Begin adding code to implement "login groups" which will (we hope) ultimately lead to a single sign-on capability. (check-in: [eec32b99] user: drh branch: login-groups, size: 37581)
2011-03-28
22:29
[7188ae99] part of check-in [e8b15ad6] A new approach to sub-repos in which a specific user for the subrepo is specified in the CONFIG table entry. (check-in: [e8b15ad6] user: drh branch: sub-repos, size: 28937)
21:46
[3bc780b9] part of check-in [4b545a8a] Fixes to the capability reduction on subrepositories. (check-in: [4b545a8a] user: drh branch: sub-repos, size: 29405)
21:27
[470d56ba] part of check-in [c477b247] Update the sub-repository capability so that it is able to restrict permissions on the sub-repository to a subset of the login permissions. (check-in: [c477b247] user: drh branch: sub-repos, size: 29548)
2011-03-22
17:00
[75d636cc] part of check-in [be0e8041] Add the https-login setting which forces a switch to HTTPS for any non-anonymous login. (check-in: [be0e8041] user: drh branch: trunk, size: 27666)
2011-03-16
11:19
[db876d93] part of check-in [84e755e2] Only record the first 16 bits of the IP address as part of the login cookie. This allows users with shifting IP addresses to stay logged in. Hopefully, this will address ticket [305143bd876f6]. (check-in: [84e755e2] user: drh branch: trunk, size: 27310)
02:38
[e3fed782] part of check-in [c7de5f7b] Make sure the accesslog table exists before attempting to use it. Ticket [7b55fd2958d8d] (check-in: [c7de5f7b] user: drh branch: trunk, size: 27280)
2011-02-27
03:12
[8ce0492e] part of check-in [6da5d4ad] Progress on getting private sync to work. Cloning with --private works. Sync also works, but it currently loses the private marker. (check-in: [6da5d4ad] user: drh branch: private-sync, size: 27119)
2011-02-26
21:49
[8e2001c5] part of check-in [4a17f851] First cut at code to enable syncing private branches. Code compiles but is otherwise untested. The "x" privilege is required on the server in order to sync privately. (check-in: [4a17f851] user: drh branch: private-sync, size: 27118)
2011-02-22
20:30
[435d4ff8] part of check-in [f7a3c6de] Do not do automatic login for "fossil server" and "fossil http" and "fossil cgi" unless the --localauth option is used. Continue to do automatic login for 127.0.0.1 connections for "fossil ui", though. Ticket [573727d6d93badc] (check-in: [f7a3c6de] user: drh branch: trunk, size: 27047)
2011-01-19
15:43
[875d2062] part of check-in [e3b3c5cf] Improvements to the access log. The display is still primitive. (check-in: [e3b3c5cf] user: drh branch: trunk, size: 27026)
02:35
[4ea38c84] part of check-in [6fdf5298] Optionally record successful and failed login attempts in the ACCESSLOG table. This defaults to off. (check-in: [6fdf5298] user: drh branch: trunk, size: 27025)
2011-01-13
19:45
[4d8632fa] part of check-in [372c7257] Declare all variables before any code, in the register_page() function. Ticket [59a156204ae6419d] (check-in: [372c7257] user: drh branch: trunk, size: 26134)
2011-01-05
00:03
[b31088a9] part of check-in [3789c44b] Purge all instances of strcasecmp() and stricmp() from the code. Use fossil_stricmp() instead. (check-in: [3789c44b] user: drh branch: trunk, size: 26016)
2011-01-04
18:05
[5ce34018] part of check-in [9039a6ab] Merge the self-registration changes into the trunk. (check-in: [9039a6ab] user: drh branch: trunk, size: 26012)
17:13
[d3baa90a] part of check-in [13deb432] Implemented all suggested changes to the self-register related code. (check-in: [13deb432] user: lrem branch: self-register, size: 26072)
2010-12-23
02:22
[24107b88] part of check-in [31c52c7b] Add new function fossil_strcmp() that works like strcmp() except that it handles NULL arguments correctly. Use fossil_strcmp() in place of strcmp() in many places in the code. (check-in: [31c52c7b] user: drh branch: trunk, size: 21368)
2010-12-22
23:57
[cdbe13cb] part of check-in [fedf27e4] First cut at code to allow anonymous users to self-register. (check-in: [fedf27e4] user: drh branch: self-register, size: 25617)
2010-12-19
02:09
[88f740b9] part of check-in [bbbb35a3] Clear compiler warnings on OpenBSD. No functional code changes. (check-in: [bbbb35a3] user: drh branch: trunk, size: 21428)
2010-12-09
13:56
[e8b15777] part of check-in [0b6c414c] Use the built-in SQLite caseless string comparison functions instead of the C-library strcasecmp(). Accept mime-type application/x-fossil-uncompressed and avoid decompression when seen. (check-in: [0b6c414c] user: drh branch: trunk, size: 21364)
2010-11-09
10:44
[18bd25fb] part of check-in [134f5b37] For cloning and syncing, give all users the privileges of both "nobody" and "anonymous" without requiring a login message. Ticket [1318677c15af04480b]. (check-in: [134f5b37] user: drh branch: trunk, size: 21360)
2010-11-06
13:52
[0a9e2364] part of check-in [9dd6c431] Change the anonymous login cookie name to include a hash of the base URL. Ticket [3edef69bf3e995ed2] (check-in: [9dd6c431] user: drh branch: trunk, size: 21363)
2010-10-15
17:13
[b6b93c26] part of check-in [8f41b2fa] Replace all malloc() calls with fossil_malloc(). The fossil_malloc() routine panics rather than return a NULL pointer. (check-in: [8f41b2fa] user: drh branch: trunk, size: 21439)
2010-10-14
19:14
[28165e56] part of check-in [2fac8091] Remove all use of ctypes.h in order to avoid compiler warnings and other problems associated with changing locales. (check-in: [2fac8091] user: drh branch: trunk, size: 21432)
2010-09-13
22:14
[676c739a] part of check-in [4cc0ebef] Avoid the use of tabs. Make sure lines do not exceed 80 characters. (check-in: [4cc0ebef] user: drh branch: wolfgangFormat2CSS, size: 21425)
2010-09-11
16:14
[f19683d4] part of check-in [286d4bca] 'edit css' styled and made it pass HTML-Validator, optimized handling of additional styles in style.c (check-in: [286d4bca] user: wolfgang branch: wolfgangFormat2CSS, size: 21430)
2010-09-10
20:19
[3541a169] part of check-in [d1305d0a] fixed many HTML-validator errors and moved more formats to CSS - tested on firefox and IE (check-in: [d1305d0a] user: wolfgang branch: wolfgangFormat2CSS, size: 21358)
2010-09-08
20:25
[75f44465] part of check-in [0e394b8f] css for hyperlinks disabled (check-in: [0e394b8f] user: wolfgang branch: wolfgangFormat2CSS, size: 21332)
2010-09-06
19:10
[46e6d1eb] part of check-in [8f6e98aa] hyperlinks disabled skinned (check-in: [8f6e98aa] user: Ratte branch: stv-skinning, size: 21337)
2010-08-31
03:58
[85e37bf2] part of check-in [d2ba02e1] fix cross-compile breakage (check-in: [d2ba02e1] user: ron branch: trunk, size: 21327)
2010-08-28
09:20
[e3293668] part of check-in [c00f79d0] Added the msvc sdk compiler (check-in: [c00f79d0] user: renez branch: windowscompilers, size: 21326)
06:59
[b06cf4d3] part of check-in [f66f414f]
This is the first check-in on the windowscompilers branch and it adds the Digital Mars C compiler
The user should have dmc installed in c:\DM with zlib in c:\DM\extra\lib and c:\DM\extra\include.
typing c:\DM\bin\make -f win\Makefile.dmc builds fossil.exe in dmcobj
The following files were edited or added:

Checks if one of the windows compilers is used. If so we define _WIN32. Defining _WIN32 is normally done by
#include <windows.h>
However most of the time we don't use windows.h.

Adding an other windows compiler is done by adding
"|| defined(__COMPILER_IDENTIFIER__)"
and maybe some special things in the files below. Like

     

These have all __MINGW32__ replaced by _WIN32. And in some places special processing for either MINGW32 or DMC

In popen2 the _open_osfHandle call first parameter is cast to a long. DMC refused to compile without the cast.

DMC complained that it didn't knew of time_t in rss.h. time.h came after rss.h. Switching the two solved it!

added tcl code to generate Makefile.dmc. tclsh src/makemake.tcl dmc prints to stdout the makefile. As a convienience to the end-user I added the win/Makefile.dmc to the repository. There are few changeable variables in there for adjusting path, CFLAGS LIBS etc.

These are needed because DMC and MSVC doesn't provided them. dirent.h is copied verbatim from the net. unistd.h I found on the net too, but added some defines.

The problem with windows it doesn't have AWK standard installed. version.c creates VERSION.h. It is a very simple C-program and doesn't do a lot of checking.

(check-in: [f66f414f] user: renez branch: windowscompilers, size: 21305)
2010-05-22
13:24
[9d55cf8f] part of check-in [5fbd593a] Add the auto-captcha setting back to the command-line setting command. Default auto-captcha to on. (check-in: [5fbd593a] user: drh branch: trunk, size: 21265)
2010-05-16
19:08
[5a4fe1ea] part of check-in [c06edd23] Change from GPL to the Simplified BSD License. (check-in: [c06edd23] user: drh branch: clear-title, size: 21265)
2010-03-29
00:07
[dde59ed4] part of check-in [a5a1ff1b] Add the capability (disabled by default) to accept REMOTE_USER as an authenticated user. Ticket [49929a3557a] (check-in: [a5a1ff1b] user: drh branch: trunk, size: 21606)
2010-03-18
16:27
[648e5df1] part of check-in [a1b7f8e1] Make sure that "Setup" and "Admin" privileges imply 'Append-Tkt' privilege. (check-in: [a1b7f8e1] user: drh branch: trunk, size: 21205)
2010-03-16
21:33
[c2a93b5e] part of check-in [c3d7df65] Work toward adding support for attachments. Keep this on an experimental branch until it is actually working. (check-in: [c3d7df65] user: drh branch: experimental, size: 21191)
2010-01-22
03:09
[363e88a6] part of check-in [9eb7f4fb] Make sure Admin users have ZIP permission. Ticket [2741e01c0b]. (check-in: [9eb7f4fb] user: drh branch: trunk, size: 21056)
2010-01-10
20:56
[b6b0e4f7] part of check-in [4b58a7b8] Change the hash algorithm for passwords so that USER.PW field stores a SHA1 hash of the project-code, user login, and user password, rather than just a hash of the user password. That way, the if two users select the same password, or if the one user selects the same password for multiple projects, the password hashes are still different. (check-in: [4b58a7b8] user: drh branch: experimental, size: 21047)
2010-01-09
22:03
[f1883fa9] part of check-in [cfe33dcf] Store passwords in USER.PW as either cleartext (as is done in legacy) or as the SHA1 hash of the password. When changing a password or adding a new user, always use the SHA1 hash password. (check-in: [cfe33dcf] user: drh branch: experimental, size: 20834)
2009-12-29
20:52
[5c914026] part of check-in [5d16ca43] Fix a bug in the IP address truncator. Ticket [a09798ba9e]. (check-in: [5d16ca43] user: drh branch: trunk, size: 20688)
00:11
[c5e94568] part of check-in [86cbb69a] Only record the first 16 bits of the 32-bit IP address as part of the anonymous login cookie. (check-in: [86cbb69a] user: drh branch: trunk, size: 20688)
2009-12-18
22:01
[dc865531] part of check-in [fe019f94] Change the name of the "anon-login-enable-captcha-filler" setting to "auto-captcha". Move the GUI setting of this setting over to the "Setup/Behavior" page. (check-in: [fe019f94] user: drh branch: trunk, size: 20157)
2009-12-07
22:42
[646f690c] part of check-in [00b778bd] Added new config option with the rather unwieldy name 'anon-login-enable-captcha-filler' (check-in: [00b778bd] user: stephan branch: trunk, size: 20161)
2009-09-23
16:54
[3b52c138] part of check-in [ca08c1d1] place the cursor in the username text box on the login screen. (check-in: [ca08c1d1] user: rwilson branch: trunk, size: 19818)
2009-09-15
18:44
[24e3ed3b] part of check-in [bbb8ae7e] Make it harder to misconfigure the user accounts in a way that might give people greater access than intended. (check-in: [bbb8ae7e] user: drh branch: trunk, size: 19746)
2009-09-11
23:04
[17731872] part of check-in [60212796] Make sure that "nobody" and "anonymous" privileges by users who attempt to sync with higher privileges. (check-in: [60212796] user: drh branch: trunk, size: 19679)
2009-08-16
21:34
[97ffb409] part of check-in [07f6780c] Remove unsupported and incomplete webpage functionality: The admin_sql page and the "my" page. (check-in: [07f6780c] user: drh branch: trunk, size: 19180)
2009-08-12
17:35
[4d8ed546] part of check-in [c15ec20d] Rephrasing the text of the Login page. (check-in: [c15ec20d] user: drh branch: trunk, size: 18864)
2009-08-10
02:29
[5c89b898] part of check-in [b4a29fac] Add an ascii-art captcha for anonymous login. (check-in: [b4a29fac] user: drh branch: trunk, size: 18846)
2009-03-31
16:47
[f3badebb] part of check-in [355ee475] Add the new "reader" role, analogous to "developer". (check-in: [355ee475] user: drh branch: trunk, size: 16185)
2009-01-13
18:06
[cfdc7a0c] part of check-in [3da8a12f] Do not do the login-bypass if the HTTPS env var is ON. This might indicate that a remote HTTPS connection is being converted to HTTP locally using stunnel (or the equivalent). (check-in: [3da8a12f] user: drh branch: trunk, size: 15815)
2008-11-26
22:24
[fe758dc0] part of check-in [adefb6c8] Provide a "Revert to Default" button for editing CSS. Grammar fix on login page. (check-in: [adefb6c8] user: eric branch: trunk, size: 15745)
2008-10-26
21:30
[e06e3ddf] part of check-in [0600b278] Remove the unused inherit-anon configuration attribute. Fix the automatic redirect that follows a login operation. Fix "config push user" on the server side. (check-in: [0600b278] user: drh branch: trunk, size: 15743)
2008-10-18
13:03
[1a6cb226] part of check-in [9e80dc66] Use sqlite3_snprintf() instead of snprintf() since the latter is not available on all platforms. (check-in: [9e80dc66] user: drh branch: trunk, size: 15446)
12:55
[debcf9a3] part of check-in [0be54823] Add defenses against cross-site request forgery attacks. (check-in: [0be54823] user: drh branch: trunk, size: 15438)
2008-08-21
19:57
[d0f9596e] part of check-in [018b6050] Include 'z' in login_has_capability() (check-in: [018b6050] user: eric branch: trunk, size: 14325)
2008-08-12
03:27
[bef38b39] part of check-in [fa6e9930] New Zip permission. This permission allow someone to download a zipped artifact via the wiki's /zip URL. It can given the user nobody to allow automatic package builder to download the sources they know from fossil-scm.org or other servers without any intervening login necessary.

As the /zip page do not expose anything, a spider should have a hard time to crawl thru the project using this URL. So IMO it does not open a break-in hole for spiders. (check-in: [fa6e9930] user: cle branch: trunk, size: 14303)

2008-08-03
16:47
[0807191c] part of check-in [1f1d9652] Users unconditionally inherit capabilities of "anonymous". New capability "v" means to inherit capabilities of user "developer". Login is prohibited if the password is empty. (check-in: [1f1d9652] user: drh branch: trunk, size: 14232)
2008-08-02
18:32
[86fb4c3f] part of check-in [b46d6092] Fix bug from eb24a021d6 which left nobody with too many permissions (check-in: [b46d6092] user: eric branch: trunk, size: 13552)
2008-07-26
17:08
[c686a3ea] part of check-in [eb24a021] Make all users inherit the capabilities of "nobody" as well as (optionally) of "anonymous". (check-in: [eb24a021] user: eric branch: trunk, size: 13542)
2008-07-15
16:42
[0aeb2757] part of check-in [d3e711fd] Work toward getting bug-tracking working well. (check-in: [d3e711fd] user: drh branch: trunk, size: 13214)
2008-05-28
18:48
[43d8acf6] part of check-in [49380d50] Continuing work on the ticketing system. (check-in: [49380d50] user: drh branch: trunk, size: 13340)
2008-05-05
23:15
[659c4f23] part of check-in [d57de287] The "h" capability is now used to enable hyperlinks to non-wiki pages. When "h" is missing, many pages give a hyperlink to the login page and automatically fill in "anonymous" as the user name. The login page jumps back to the target page after a successful login. (check-in: [d57de287] user: drh branch: trunk, size: 13182)
20:18
[b58f50fb] part of check-in [2b0d4519] Work toward making the "h" permission mean "hyperlink". Without "h", many pages will display, but there are few hyperlinks. A message invites users to login as anonymous. (check-in: [2b0d4519] user: drh branch: trunk, size: 13017)
2008-02-03
22:12
[619dd243] part of check-in [44811a65] login_page() now honors the 'g' (goto) parameter after a successful password update (check-in: [44811a65] user: stephan branch: trunk, size: 12311)
2007-11-21
13:52
[0851edc1] part of check-in [d2b44699] Append the pathname to the login cookie name so that separate cookies are used for each server. (check-in: [d2b44699] user: drh branch: trunk, size: 12313)
2007-11-05
02:42
[457f0114] part of check-in [929d28e3] Added the "e" capability for viewing ticket submitter email addresses. Additional tinkering toward the design of tickets. This check-in is only thinly tested. (check-in: [929d28e3] user: drh branch: trunk, size: 12030)
2007-10-10
23:10
[f15d2f57] part of check-in [61ce5e36] Get rid of the "locking" capability on wiki pages. Assume that anybody who can write or append to a wiki page can do so to any wiki page. Add the /wikiappend page for appending comments to the end of wiki. (check-in: [61ce5e36] user: drh branch: trunk, size: 10755)
21:15
[9dc96811] part of check-in [50a58adb] Many changes and bug fixes in the wiki processing. Moving toward a workable wiki system. The "Home" menu option now takes you to the wiki page whose name is the same as the Project Name. There is a "wcontent" page, but no link to it yet. Many other changes. (check-in: [50a58adb] user: drh branch: trunk, size: 10740)
2007-10-06
13:13
[4002a249] part of check-in [bf428e68] Now able to enter and edit and display wiki pages. Still many problems to be resolved. (check-in: [bf428e68] user: drh branch: trunk, size: 10753)
2007-09-26
02:00
[afd46b3a] part of check-in [097479f9] Better defaults for new databases and clones. Use *CURRENT* to identify the current checkout for TTY timelines. (check-in: [097479f9] user: drh branch: trunk, size: 10708)
2007-09-21
21:53
[d1ac2227] part of check-in [83c876b4] Win32 port: compiles, all tests pass but many functions fail due to path separators. Incomplete. Path fixes to come next (check-in: [83c876b4] user: jnc branch: trunk, size: 10729)
2007-08-23
19:52
[4e89d258] part of check-in [22c1ac41] Add separate "clone" permissions. Previously, one needed "History" premission in order to clone. But sometimes we want to grant clone without granting history. (check-in: [22c1ac41] user: drh branch: trunk, size: 10576)
2007-07-31
23:33
[8638b80c] part of check-in [fd36718a] Add the new "history" permission. Merge in changes that require permissions to view the timeline. (check-in: [fd36718a] user: drh branch: trunk, size: 10493)
22:59
[8a96b84f] part of check-in [9c952d24] Separate "nobody" and "anonymous" logins. (check-in: [9c952d24] user: drh branch: trunk, size: 10307)
16:34
[25b58d16] part of check-in [5ebcedc3] Require read permission (permission to read tickets and configuration histories) to view the global timeline. (check-in: [5ebcedc3] user: dan branch: trunk, size: 8904)
2007-07-30
17:43
[a6b6c1f3] part of check-in [947842fb] Fix a bug in login. (check-in: [947842fb] user: drh branch: trunk, size: 8854)
14:28
[769bfdbb] part of check-in [e621b6db] Use POST instead of GET for the /xfer method. Other bug fixes in the URL parser. (check-in: [e621b6db] user: drh branch: trunk, size: 8868)
2007-07-23
19:52
[c801bf1f] part of check-in [66f4caa3] Improvements to the WWW interface. (check-in: [66f4caa3] user: drh branch: trunk, size: 8754)
2007-07-21
19:32
[eed2c5de] part of check-in [916b6e4b] Improvements to web-based user management. (check-in: [916b6e4b] user: drh branch: trunk, size: 8469)
14:10
[ed7e7683] part of check-in [dbda8d6c] Initial check-in of m1 sources. (check-in: [dbda8d6c] user: drh branch: trunk, size: 8411) Added