dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Copyright (c) 2007 D. Richard Hipp dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** This program is free software; you can redistribute it and/or dbda8d6ce9 2007-07-21 drh: ** modify it under the terms of the GNU General Public dbda8d6ce9 2007-07-21 drh: ** License as published by the Free Software Foundation; either dbda8d6ce9 2007-07-21 drh: ** version 2 of the License, or (at your option) any later version. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** This program is distributed in the hope that it will be useful, dbda8d6ce9 2007-07-21 drh: ** but WITHOUT ANY WARRANTY; without even the implied warranty of dbda8d6ce9 2007-07-21 drh: ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU dbda8d6ce9 2007-07-21 drh: ** General Public License for more details. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** You should have received a copy of the GNU General Public dbda8d6ce9 2007-07-21 drh: ** License along with this library; if not, write to the dbda8d6ce9 2007-07-21 drh: ** Free Software Foundation, Inc., 59 Temple Place - Suite 330, dbda8d6ce9 2007-07-21 drh: ** Boston, MA 02111-1307, USA. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Author contact information: dbda8d6ce9 2007-07-21 drh: ** drh@hwaci.com dbda8d6ce9 2007-07-21 drh: ** http://www.hwaci.com/drh/ dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ******************************************************************************* dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Implementation of the Setup page dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: #include <assert.h> dbda8d6ce9 2007-07-21 drh: #include "config.h" dbda8d6ce9 2007-07-21 drh: #include "setup.h" dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Output a single entry for a menu generated using an HTML table. dbda8d6ce9 2007-07-21 drh: ** If zLink is not NULL or an empty string, then it is the page that dbda8d6ce9 2007-07-21 drh: ** the menu entry will hyperlink to. If zLink is NULL or "", then dbda8d6ce9 2007-07-21 drh: ** the menu entry has no hyperlink - it is disabled. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: static void menu_entry( dbda8d6ce9 2007-07-21 drh: const char *zTitle, dbda8d6ce9 2007-07-21 drh: const char *zLink, dbda8d6ce9 2007-07-21 drh: const char *zDesc dbda8d6ce9 2007-07-21 drh: ){ dbda8d6ce9 2007-07-21 drh: @ <dt> dbda8d6ce9 2007-07-21 drh: if( zLink && zLink[0] ){ dbda8d6ce9 2007-07-21 drh: @ <a href="%s(zLink)">%h(zTitle)</a> dbda8d6ce9 2007-07-21 drh: }else{ dbda8d6ce9 2007-07-21 drh: @ %h(zTitle) dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: @ </dt> dbda8d6ce9 2007-07-21 drh: @ <dd>%h(zDesc)</dd> dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: /setup dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_page(void){ dbda8d6ce9 2007-07-21 drh: login_check_credentials(); dbda8d6ce9 2007-07-21 drh: if( !g.okSetup ){ dbda8d6ce9 2007-07-21 drh: login_needed(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: 66f4caa379 2007-07-23 drh: style_header("Setup"); dbda8d6ce9 2007-07-21 drh: @ <dl id="setup"> dbda8d6ce9 2007-07-21 drh: menu_entry("Users", "setup_ulist", dbda8d6ce9 2007-07-21 drh: "Grant privileges to individual users."); dbda8d6ce9 2007-07-21 drh: menu_entry("Access", "setup_access", dbda8d6ce9 2007-07-21 drh: "Control access settings."); c4ec179bbc 2007-07-22 drh: menu_entry("Configuration", "setup_config", c4ec179bbc 2007-07-22 drh: "Configure the WWW components of the repository"); dbda8d6ce9 2007-07-21 drh: @ </dl> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: setup_ulist dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Show a list of users. Clicking on any user jumps to the edit dbda8d6ce9 2007-07-21 drh: ** screen for that user. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_ulist(void){ dbda8d6ce9 2007-07-21 drh: Stmt s; 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: login_check_credentials(); 916b6e4b3b 2007-07-21 drh: if( !g.okWrite || g.isAnon ){ dbda8d6ce9 2007-07-21 drh: login_needed(); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: style_submenu_element("Add", "Add User", "setup_uedit"); 66f4caa379 2007-07-23 drh: style_header("User List"); c4ec179bbc 2007-07-22 drh: @ <table align="left" hspace="10" border="1" cellpadding="10"><tr><td> 916b6e4b3b 2007-07-21 drh: @ <table cellspacing=0 cellpadding=0 border=0> 916b6e4b3b 2007-07-21 drh: @ <tr> c4ec179bbc 2007-07-22 drh: @ <th align="right">User ID</th> 916b6e4b3b 2007-07-21 drh: @ <th> Capabilities </th> c4ec179bbc 2007-07-22 drh: @ <th>Contact Info</th> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login"); dbda8d6ce9 2007-07-21 drh: while( db_step(&s)==SQLITE_ROW ){ 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"> 916b6e4b3b 2007-07-21 drh: if( g.okAdmin ){ 916b6e4b3b 2007-07-21 drh: @ <a href="setup_uedit?id=%d(db_column_int(&s,0))"> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ <nobr>%h(db_column_text(&s,1))</nobr> 916b6e4b3b 2007-07-21 drh: if( g.okAdmin ){ 916b6e4b3b 2007-07-21 drh: @ </a> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </td> 916b6e4b3b 2007-07-21 drh: @ <td align="center">%s(db_column_text(&s,2))</td> c4ec179bbc 2007-07-22 drh: @ <td align="left">%s(db_column_text(&s,3))</td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: } c4ec179bbc 2007-07-22 drh: @ </table></td></tr></table> 5ebcedc33e 2007-07-31 dan: @ <p style="clear:both"> 916b6e4b3b 2007-07-21 drh: @ <b>Notes:</b> 916b6e4b3b 2007-07-21 drh: @ <ol> 916b6e4b3b 2007-07-21 drh: @ <li><p>The permission flags are as follows:</p> 916b6e4b3b 2007-07-21 drh: @ <table> 916b6e4b3b 2007-07-21 drh: @ <tr><td>a</td><td width="10"></td> 916b6e4b3b 2007-07-21 drh: @ <td>Admin: Create or delete users and ticket report formats</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>d</td><td></td> 916b6e4b3b 2007-07-21 drh: @ <td>Delete: Erase anonymous wiki, tickets, and attachments</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>i</td><td></td> 916b6e4b3b 2007-07-21 drh: @ <td>Check-in: Add new code to the repository</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>j</td><td></td><td>Read-Wiki: View wiki pages</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>k</td><td></td><td>Wiki: Create or modify wiki pages</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>n</td><td></td><td>New: Create new tickets</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>o</td><td></td> 916b6e4b3b 2007-07-21 drh: @ <td>Check-out: Read code out of the repository</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>p</td><td></td><td>Password: Change password</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>q</td><td></td><td>Query: Create or edit report formats</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>r</td><td></td><td>Read: View tickets and change histories</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>s</td><td></td><td>Setup: Change CVSTrac options</td></tr> 916b6e4b3b 2007-07-21 drh: @ <tr><td>w</td><td></td><td>Write: Edit tickets</td></tr> dbda8d6ce9 2007-07-21 drh: @ </table> 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ If a user named "<b>anonymous</b>" exists, then anyone can access 916b6e4b3b 2007-07-21 drh: @ the server without having to log in. The permissions on the 916b6e4b3b 2007-07-21 drh: @ anonymous user determine the access rights for anyone who is not 916b6e4b3b 2007-07-21 drh: @ logged in. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ </ol> dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* 916b6e4b3b 2007-07-21 drh: ** WEBPAGE: /setup_uedit dbda8d6ce9 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: void user_edit(void){ 916b6e4b3b 2007-07-21 drh: const char *zId, *zLogin, *zInfo, *zCap; 916b6e4b3b 2007-07-21 drh: char *oaa, *oas, *oar, *oaw, *oan, *oai, *oaj, *oao, *oap ; 66f4caa379 2007-07-23 drh: char *oak, *oad, *oaq, *oac, *oaf, *oam; 916b6e4b3b 2007-07-21 drh: int doWrite; dbda8d6ce9 2007-07-21 drh: int uid; 916b6e4b3b 2007-07-21 drh: int higherUser = 0; /* True if user being edited is SETUP and the */ 916b6e4b3b 2007-07-21 drh: /* user doing the editing is ADMIN. Disallow editing */ 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Must have ADMIN privleges to access this page 916b6e4b3b 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: login_check_credentials(); 916b6e4b3b 2007-07-21 drh: if( !g.okAdmin ){ login_needed(); return; } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Check to see if an ADMIN user is trying to edit a SETUP account. 916b6e4b3b 2007-07-21 drh: ** Don't allow that. 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: zId = PD("id", "0"); 916b6e4b3b 2007-07-21 drh: uid = atoi(zId); 916b6e4b3b 2007-07-21 drh: if( zId && !g.okSetup && uid>0 ){ 916b6e4b3b 2007-07-21 drh: char *zOldCaps; 916b6e4b3b 2007-07-21 drh: zOldCaps = db_text(0, "SELECT caps FROM user WHERE uid=%d",uid); 916b6e4b3b 2007-07-21 drh: higherUser = zOldCaps && strchr(zOldCaps,'s'); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: if( P("can") ){ 916b6e4b3b 2007-07-21 drh: cgi_redirect("setup_ulist"); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* If we have all the necessary information, write the new or 916b6e4b3b 2007-07-21 drh: ** modified user record. After writing the user record, redirect 916b6e4b3b 2007-07-21 drh: ** to the page that displays a list of users. 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: doWrite = cgi_all("login","info","pw") && !higherUser; 916b6e4b3b 2007-07-21 drh: if( doWrite ){ 916b6e4b3b 2007-07-21 drh: const char *zPw; 916b6e4b3b 2007-07-21 drh: const char *zLogin; 916b6e4b3b 2007-07-21 drh: char zCap[20]; 916b6e4b3b 2007-07-21 drh: int i = 0; 916b6e4b3b 2007-07-21 drh: int aa = P("aa")!=0; 916b6e4b3b 2007-07-21 drh: int ad = P("ad")!=0; 916b6e4b3b 2007-07-21 drh: int ai = P("ai")!=0; 916b6e4b3b 2007-07-21 drh: int aj = P("aj")!=0; 916b6e4b3b 2007-07-21 drh: int ak = P("ak")!=0; 916b6e4b3b 2007-07-21 drh: int an = P("an")!=0; 916b6e4b3b 2007-07-21 drh: int ao = P("ao")!=0; 916b6e4b3b 2007-07-21 drh: int ap = P("ap")!=0; 916b6e4b3b 2007-07-21 drh: int aq = P("aq")!=0; 916b6e4b3b 2007-07-21 drh: int ar = P("ar")!=0; 916b6e4b3b 2007-07-21 drh: int as = g.okSetup && P("as")!=0; 916b6e4b3b 2007-07-21 drh: int aw = P("aw")!=0; 66f4caa379 2007-07-23 drh: int ac = P("ac")!=0; 66f4caa379 2007-07-23 drh: int af = P("af")!=0; 66f4caa379 2007-07-23 drh: int am = P("am")!=0; 66f4caa379 2007-07-23 drh: #if 0 916b6e4b3b 2007-07-21 drh: if( as ) aa = 1; 916b6e4b3b 2007-07-21 drh: if( aa ) ai = aw = ap = 1; 916b6e4b3b 2007-07-21 drh: if( aw ) an = ar = 1; 916b6e4b3b 2007-07-21 drh: if( ai ) ao = 1; 916b6e4b3b 2007-07-21 drh: if( ak ) aj = 1; 66f4caa379 2007-07-23 drh: #endif 916b6e4b3b 2007-07-21 drh: if( aa ){ zCap[i++] = 'a'; } 66f4caa379 2007-07-23 drh: if( ac ){ zCap[i++] = 'c'; } 916b6e4b3b 2007-07-21 drh: if( ad ){ zCap[i++] = 'd'; } 66f4caa379 2007-07-23 drh: if( af ){ zCap[i++] = 'f'; } 916b6e4b3b 2007-07-21 drh: if( ai ){ zCap[i++] = 'i'; } 916b6e4b3b 2007-07-21 drh: if( aj ){ zCap[i++] = 'j'; } 916b6e4b3b 2007-07-21 drh: if( ak ){ zCap[i++] = 'k'; } 66f4caa379 2007-07-23 drh: if( am ){ zCap[i++] = 'm'; } 916b6e4b3b 2007-07-21 drh: if( an ){ zCap[i++] = 'n'; } 916b6e4b3b 2007-07-21 drh: if( ao ){ zCap[i++] = 'o'; } 916b6e4b3b 2007-07-21 drh: if( ap ){ zCap[i++] = 'p'; } 916b6e4b3b 2007-07-21 drh: if( aq ){ zCap[i++] = 'q'; } 916b6e4b3b 2007-07-21 drh: if( ar ){ zCap[i++] = 'r'; } 916b6e4b3b 2007-07-21 drh: if( as ){ zCap[i++] = 's'; } 916b6e4b3b 2007-07-21 drh: if( aw ){ zCap[i++] = 'w'; } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: zCap[i] = 0; 916b6e4b3b 2007-07-21 drh: zPw = P("pw"); 916b6e4b3b 2007-07-21 drh: if( zPw==0 || zPw[0]==0 ){ 916b6e4b3b 2007-07-21 drh: zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: zLogin = P("login"); 916b6e4b3b 2007-07-21 drh: if( uid>0 && 916b6e4b3b 2007-07-21 drh: db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) 916b6e4b3b 2007-07-21 drh: ){ 66f4caa379 2007-07-23 drh: style_header("User Creation Error"); 916b6e4b3b 2007-07-21 drh: @ <font color="red">Login "%h(zLogin)" is already used by a different 916b6e4b3b 2007-07-21 drh: @ user.</font> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <p><a href="setup_uedit?id=%d(uid))>[Bummer]</a></p> 916b6e4b3b 2007-07-21 drh: style_footer(); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: db_multi_exec( 916b6e4b3b 2007-07-21 drh: "REPLACE INTO user(uid,login,info,pw,cap) " 916b6e4b3b 2007-07-21 drh: "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')", 916b6e4b3b 2007-07-21 drh: uid, P("login"), P("info"), zPw, zCap 916b6e4b3b 2007-07-21 drh: ); dbda8d6ce9 2007-07-21 drh: cgi_redirect("setup_ulist"); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Load the existing information about the user, if any 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: zLogin = ""; 916b6e4b3b 2007-07-21 drh: zInfo = ""; 916b6e4b3b 2007-07-21 drh: zCap = ""; 66f4caa379 2007-07-23 drh: oaa = oac = oad = oaf = oai = oaj = oak = oam = 66f4caa379 2007-07-23 drh: oan = oao = oap = oaq = oar = oas = oaw = ""; 916b6e4b3b 2007-07-21 drh: if( uid ){ 916b6e4b3b 2007-07-21 drh: zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'a') ) oaa = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'c') ) oac = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'd') ) oad = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'f') ) oaf = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'i') ) oai = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'j') ) oaj = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'k') ) oak = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'm') ) oam = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'n') ) oan = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'o') ) oao = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'p') ) oap = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'q') ) oaq = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'r') ) oar = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 's') ) oas = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'w') ) oaw = " checked"; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Begin generating the page 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: style_submenu_element("Cancel", "Cancel", "setup_ulist"); 916b6e4b3b 2007-07-21 drh: if( uid ){ 66f4caa379 2007-07-23 drh: style_header(mprintf("Edit User %h", zLogin)); 916b6e4b3b 2007-07-21 drh: }else{ 66f4caa379 2007-07-23 drh: style_header("Add A New User"); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ <table align="left" hspace="20" vspace="10"><tr><td> 916b6e4b3b 2007-07-21 drh: @ <form action="%s(g.zPath)" method="POST"> 916b6e4b3b 2007-07-21 drh: @ <table> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>User ID:</nobr></td> 916b6e4b3b 2007-07-21 drh: if( uid ){ 916b6e4b3b 2007-07-21 drh: @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)"></td> 916b6e4b3b 2007-07-21 drh: }else{ 916b6e4b3b 2007-07-21 drh: @ <td>(new user)<input type="hidden" name="id" value=0></td> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>Login:</nobr></td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="text" name="login" value="%h(zLogin)"></td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>Contact Info:</nobr></td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="text" name="info" size=40 value="%h(zInfo)"></td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right" valign="top">Capabilities:</td> 916b6e4b3b 2007-07-21 drh: @ <td> 916b6e4b3b 2007-07-21 drh: if( g.okSetup ){ 916b6e4b3b 2007-07-21 drh: @ <input type="checkbox" name="as"%s(oas)>Setup</input><br> 916b6e4b3b 2007-07-21 drh: } 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="aa"%s(oaa)>Admin</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ad"%s(oad)>Delete</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ap"%s(oap)>Password</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="aq"%s(oaq)>Query</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ai"%s(oai)>Check-In</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ao"%s(oao)>Check-Out</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="aj"%s(oaj)>Read Wiki</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="af"%s(oaf)>New Wiki</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="am"%s(oam)>Append Wiki</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ak"%s(oak)>Write Wiki</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ar"%s(oar)>Read Tkt</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="an"%s(oan)>New Tkt</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="ac"%s(oac)>Append Tkt</input><br> 66f4caa379 2007-07-23 drh: @ <input type="checkbox" name="aw"%s(oaw)>Write Tkt</input> 916b6e4b3b 2007-07-21 drh: @ </td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right">Password:</td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="password" name="pw" value=""></td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: if( !higherUser ){ 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td> </td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="submit" name="submit" value="Apply Changes"> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </table></td></tr></table> 916b6e4b3b 2007-07-21 drh: @ <p><b>Notes:</b></p> 916b6e4b3b 2007-07-21 drh: @ <ol> 916b6e4b3b 2007-07-21 drh: if( higherUser ){ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ User %h(zId) has Setup privileges and you only have Admin privileges 916b6e4b3b 2007-07-21 drh: @ so you are not permitted to make changes to %h(zId). 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ The <b>Delete</b> privilege give the user the ability to erase 916b6e4b3b 2007-07-21 drh: @ wiki, tickets, and atttachments that have been added by anonymous 916b6e4b3b 2007-07-21 drh: @ users. This capability is intended for deletion of spam. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ The <b>Query</b> privilege allows the user to create or edit 916b6e4b3b 2007-07-21 drh: @ report formats by specifying appropriate SQL. Users can run 916b6e4b3b 2007-07-21 drh: @ existing reports without the Query privilege. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ An <b>Admin</b> user can add other users, create new ticket report 916b6e4b3b 2007-07-21 drh: @ formats, and change system defaults. But only the <b>Setup</b> user 916b6e4b3b 2007-07-21 drh: @ is able to change the repository to 916b6e4b3b 2007-07-21 drh: @ which this program is linked. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: if( zId==0 || strcmp(zId,"anonymous")==0 ){ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ No login is required for user "<b>anonymous</b>". The capabilities 916b6e4b3b 2007-07-21 drh: @ of this user are available to anyone without supplying a username or 916b6e4b3b 2007-07-21 drh: @ password. To disable anonymous access, make sure there is no user 916b6e4b3b 2007-07-21 drh: @ with an ID of <b>anonymous</b>. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ The password for the "<b>anonymous</b>" user is used for anonymous 916b6e4b3b 2007-07-21 drh: @ access. The recommended value for the anonymous password 916b6e4b3b 2007-07-21 drh: @ is "anonymous". 916b6e4b3b 2007-07-21 drh: @ </p></li> dbda8d6ce9 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </form> dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Generate a checkbox for an attribute. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: static void onoff_attribute( dbda8d6ce9 2007-07-21 drh: const char *zLabel, /* The text label on the checkbox */ dbda8d6ce9 2007-07-21 drh: const char *zVar, /* The corresponding row in the VAR table */ dbda8d6ce9 2007-07-21 drh: const char *zQParm, /* The query parameter */ dbda8d6ce9 2007-07-21 drh: int dfltVal /* Default value if VAR table entry does not exist */ dbda8d6ce9 2007-07-21 drh: ){ dbda8d6ce9 2007-07-21 drh: const char *zVal = db_get(zVar, 0); dbda8d6ce9 2007-07-21 drh: const char *zQ = P(zQParm); dbda8d6ce9 2007-07-21 drh: int iVal; dbda8d6ce9 2007-07-21 drh: if( zVal ){ dbda8d6ce9 2007-07-21 drh: iVal = atoi(zVal); dbda8d6ce9 2007-07-21 drh: }else{ dbda8d6ce9 2007-07-21 drh: iVal = dfltVal; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( zQ==0 && P("submit") ){ dbda8d6ce9 2007-07-21 drh: zQ = "off"; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( zQ ){ dbda8d6ce9 2007-07-21 drh: int iQ = strcmp(zQ,"on")==0 || atoi(zQ); dbda8d6ce9 2007-07-21 drh: if( iQ!=iVal ){ dbda8d6ce9 2007-07-21 drh: db_set(zVar, iQ ? "1" : "0"); dbda8d6ce9 2007-07-21 drh: iVal = iQ; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( iVal ){ dbda8d6ce9 2007-07-21 drh: @ <input type="checkbox" name="%s(zQParm)" checked>%s(zLabel)</input> dbda8d6ce9 2007-07-21 drh: }else{ dbda8d6ce9 2007-07-21 drh: @ <input type="checkbox" name="%s(zQParm)">%s(zLabel)</input> dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Generate an entry box for an attribute. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: static void entry_attribute( dbda8d6ce9 2007-07-21 drh: const char *zLabel, /* The text label on the entry box */ dbda8d6ce9 2007-07-21 drh: int width, /* Width of the entry box */ dbda8d6ce9 2007-07-21 drh: const char *zVar, /* The corresponding row in the VAR table */ dbda8d6ce9 2007-07-21 drh: const char *zQParm, /* The query parameter */ dbda8d6ce9 2007-07-21 drh: const char *zDflt /* Default value if VAR table entry does not exist */ dbda8d6ce9 2007-07-21 drh: ){ dbda8d6ce9 2007-07-21 drh: const char *zVal = db_get(zVar, zDflt); dbda8d6ce9 2007-07-21 drh: const char *zQ = P(zQParm); dbda8d6ce9 2007-07-21 drh: if( zQ && strcmp(zQ,zVal)!=0 ){ dbda8d6ce9 2007-07-21 drh: db_set(zVar, zQ); dbda8d6ce9 2007-07-21 drh: zVal = zQ; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)"> dbda8d6ce9 2007-07-21 drh: @ %s(zLabel) dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: setup_access dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_access(void){ dbda8d6ce9 2007-07-21 drh: login_check_credentials(); dbda8d6ce9 2007-07-21 drh: if( !g.okSetup ){ dbda8d6ce9 2007-07-21 drh: login_needed(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: 66f4caa379 2007-07-23 drh: style_header("Access Control Settings"); dbda8d6ce9 2007-07-21 drh: db_begin_transaction(); c4ec179bbc 2007-07-22 drh: @ <form action="%s(g.zBaseURL)/setup_access" method="POST"> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: onoff_attribute("Require password for local access", dbda8d6ce9 2007-07-21 drh: "authenticate-localhost", "localauth", 1); dbda8d6ce9 2007-07-21 drh: @ <p>When enabled, the password sign-in is required for dbda8d6ce9 2007-07-21 drh: @ web access coming from 127.0.0.1. When disabled, web access dbda8d6ce9 2007-07-21 drh: @ from 127.0.0.1 is allows without any login - the user id is selected dbda8d6ce9 2007-07-21 drh: @ from the ~/.fossil database. Password login is always required dbda8d6ce9 2007-07-21 drh: @ for incoming web connections on internet addresses other than dbda8d6ce9 2007-07-21 drh: @ 127.0.0.1.</p></li> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); dbda8d6ce9 2007-07-21 drh: @ <p>The number of hours for which a login is valid. This must be a dbda8d6ce9 2007-07-21 drh: @ positive number. The default is 8760 hours which is approximately equal dbda8d6ce9 2007-07-21 drh: @ to a year.</p> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: onoff_attribute("Allow anonymous signup", "anon-signup", "asu", 0); dbda8d6ce9 2007-07-21 drh: @ <p>Allow users to create their own accounts</p> c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: @ <hr> c4ec179bbc 2007-07-22 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> c4ec179bbc 2007-07-22 drh: @ </form> c4ec179bbc 2007-07-22 drh: db_end_transaction(0); c4ec179bbc 2007-07-22 drh: style_footer(); c4ec179bbc 2007-07-22 drh: } c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: /* c4ec179bbc 2007-07-22 drh: ** WEBPAGE: setup_config c4ec179bbc 2007-07-22 drh: */ c4ec179bbc 2007-07-22 drh: void setup_config(void){ c4ec179bbc 2007-07-22 drh: login_check_credentials(); c4ec179bbc 2007-07-22 drh: if( !g.okSetup ){ c4ec179bbc 2007-07-22 drh: login_needed(); c4ec179bbc 2007-07-22 drh: } c4ec179bbc 2007-07-22 drh: 66f4caa379 2007-07-23 drh: style_header("WWW Configuration"); 66f4caa379 2007-07-23 drh: db_begin_transaction(); c4ec179bbc 2007-07-22 drh: @ <form action="%s(g.zBaseURL)/setup_config" method="POST"> c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: @ <hr> c4ec179bbc 2007-07-22 drh: entry_attribute("Home page", 60, "homepage", "hp", ""); c4ec179bbc 2007-07-22 drh: @ <p>The name of a wiki file that is the homepage for the website. c4ec179bbc 2007-07-22 drh: @ The home page is the page that is displayed by the "Home" link c4ec179bbc 2007-07-22 drh: @ at the top of this screen.</p> c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: entry_attribute("Ticket subdirectory", 60, "ticket-subdir", "tsd", ""); c4ec179bbc 2007-07-22 drh: @ <p>A subdirectory in the file hierarchy that contains all trouble c4ec179bbc 2007-07-22 drh: @ tickets. Leave this blank to disable ticketing. Tickets text c4ec179bbc 2007-07-22 drh: @ files within this subdirectory containing a particular format c4ec179bbc 2007-07-22 drh: @ (documented separately) and with the ".tkt" suffix.</p> c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: entry_attribute("Wiki subdirectory", 60, "wiki-subdir", "wsd", ""); c4ec179bbc 2007-07-22 drh: @ <p>A subdirectory in the file hierarchy that contains wiki pages. c4ec179bbc 2007-07-22 drh: @ Leave this blank to disable wiki. Wiki pages are c4ec179bbc 2007-07-22 drh: @ files within this subdirectory whose name is he wiki page title c4ec179bbc 2007-07-22 drh: @ and with the suffix ".wiki".</p> c4ec179bbc 2007-07-22 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> dbda8d6ce9 2007-07-21 drh: @ </form> dbda8d6ce9 2007-07-21 drh: db_end_transaction(0); dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: }
File Annotation