dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Copyright (c) 2007 D. Richard Hipp dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** This program is free software; you can redistribute it and/or dbda8d6ce9 2007-07-21 drh: ** modify it under the terms of the GNU General Public dbda8d6ce9 2007-07-21 drh: ** License as published by the Free Software Foundation; either dbda8d6ce9 2007-07-21 drh: ** version 2 of the License, or (at your option) any later version. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** This program is distributed in the hope that it will be useful, dbda8d6ce9 2007-07-21 drh: ** but WITHOUT ANY WARRANTY; without even the implied warranty of dbda8d6ce9 2007-07-21 drh: ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU dbda8d6ce9 2007-07-21 drh: ** General Public License for more details. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** You should have received a copy of the GNU General Public dbda8d6ce9 2007-07-21 drh: ** License along with this library; if not, write to the dbda8d6ce9 2007-07-21 drh: ** Free Software Foundation, Inc., 59 Temple Place - Suite 330, dbda8d6ce9 2007-07-21 drh: ** Boston, MA 02111-1307, USA. dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Author contact information: dbda8d6ce9 2007-07-21 drh: ** drh@hwaci.com dbda8d6ce9 2007-07-21 drh: ** http://www.hwaci.com/drh/ dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ******************************************************************************* dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Implementation of the Setup page dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: #include <assert.h> dbda8d6ce9 2007-07-21 drh: #include "config.h" dbda8d6ce9 2007-07-21 drh: #include "setup.h" dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Output a single entry for a menu generated using an HTML table. dbda8d6ce9 2007-07-21 drh: ** If zLink is not NULL or an empty string, then it is the page that dbda8d6ce9 2007-07-21 drh: ** the menu entry will hyperlink to. If zLink is NULL or "", then dbda8d6ce9 2007-07-21 drh: ** the menu entry has no hyperlink - it is disabled. dbda8d6ce9 2007-07-21 drh: */ 0edee97370 2007-10-03 drh: void setup_menu_entry( dbda8d6ce9 2007-07-21 drh: const char *zTitle, dbda8d6ce9 2007-07-21 drh: const char *zLink, dbda8d6ce9 2007-07-21 drh: const char *zDesc dbda8d6ce9 2007-07-21 drh: ){ 5f3ddcc1b8 2007-11-25 drh: @ <tr><td valign="top" align="right"> dbda8d6ce9 2007-07-21 drh: if( zLink && zLink[0] ){ dbda8d6ce9 2007-07-21 drh: @ <a href="%s(zLink)">%h(zTitle)</a> dbda8d6ce9 2007-07-21 drh: }else{ dbda8d6ce9 2007-07-21 drh: @ %h(zTitle) dbda8d6ce9 2007-07-21 drh: } 5f3ddcc1b8 2007-11-25 drh: @ </td><td valign="top">%h(zDesc)</td></tr> dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: /setup dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_page(void){ dbda8d6ce9 2007-07-21 drh: login_check_credentials(); dbda8d6ce9 2007-07-21 drh: if( !g.okSetup ){ dbda8d6ce9 2007-07-21 drh: login_needed(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: 766bec08ce 2009-01-25 drh: style_header("Server Administration"); 5f3ddcc1b8 2007-11-25 drh: @ <table border="0" cellspacing="20"> 0edee97370 2007-10-03 drh: setup_menu_entry("Users", "setup_ulist", dbda8d6ce9 2007-07-21 drh: "Grant privileges to individual users."); 0edee97370 2007-10-03 drh: setup_menu_entry("Access", "setup_access", dbda8d6ce9 2007-07-21 drh: "Control access settings."); 0edee97370 2007-10-03 drh: setup_menu_entry("Configuration", "setup_config", c4ec179bbc 2007-07-22 drh: "Configure the WWW components of the repository"); 92e85dc68e 2009-05-27 erik: setup_menu_entry("Behavior", "setup_behavior", 92e85dc68e 2009-05-27 erik: "Configure the SCM behavior of the repository"); ebb2765954 2007-12-04 drh: setup_menu_entry("Timeline", "setup_timeline", ebb2765954 2007-12-04 drh: "Timeline display preferences"); 0edee97370 2007-10-03 drh: setup_menu_entry("Tickets", "tktsetup", 0edee97370 2007-10-03 drh: "Configure the trouble-ticketing system for this repository"); 555911dff5 2007-11-21 drh: setup_menu_entry("CSS", "setup_editcss", 8ffd32c2b7 2007-10-28 drh: "Edit the Cascading Style Sheet used by all pages of this repository"); 555911dff5 2007-11-21 drh: setup_menu_entry("Header", "setup_header", 555911dff5 2007-11-21 drh: "Edit HTML text inserted at the top of every page"); 34af72801d 2007-11-23 drh: setup_menu_entry("Footer", "setup_footer", 34af72801d 2007-11-23 drh: "Edit HTML text inserted at the bottom of every page"); 43481115ed 2009-09-21 drh: setup_menu_entry("Logo", "setup_logo", 43481115ed 2009-09-21 drh: "Change the logo image for the server"); a48474bc75 2008-05-29 drh: setup_menu_entry("Shunned", "shun", a48474bc75 2008-05-29 drh: "Show artifacts that are shunned by this repository"); 766bec08ce 2009-01-25 drh: setup_menu_entry("Log", "rcvfromlist", 766bec08ce 2009-01-25 drh: "A record of received artifacts and their sources"); 80dc46d635 2008-03-06 drh: setup_menu_entry("Stats", "stat", 80dc46d635 2008-03-06 drh: "Display repository statistics"); 5f3ddcc1b8 2007-11-25 drh: @ </table> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: setup_ulist dbda8d6ce9 2007-07-21 drh: ** dbda8d6ce9 2007-07-21 drh: ** Show a list of users. Clicking on any user jumps to the edit dbda8d6ce9 2007-07-21 drh: ** screen for that user. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_ulist(void){ dbda8d6ce9 2007-07-21 drh: Stmt s; 916b6e4b3b 2007-07-21 drh: 5cd9597428 2007-09-24 jnc: login_check_credentials(); f8831f447a 2008-07-19 drh: if( !g.okAdmin ){ dbda8d6ce9 2007-07-21 drh: login_needed(); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: style_submenu_element("Add", "Add User", "setup_uedit"); 66f4caa379 2007-07-23 drh: style_header("User List"); 39fa010b7f 2007-08-24 drh: @ <table border="0" cellpadding="0" cellspacing="25"> 39fa010b7f 2007-08-24 drh: @ <tr><td valign="top"> 39fa010b7f 2007-08-24 drh: @ <b>Users:</b> 39fa010b7f 2007-08-24 drh: @ <table border="1" cellpadding="10"><tr><td> 916b6e4b3b 2007-07-21 drh: @ <table cellspacing=0 cellpadding=0 border=0> 916b6e4b3b 2007-07-21 drh: @ <tr> c7c81df138 2008-05-16 drh: @ <th align="right">User ID</th><td width="20"> </td> c7c81df138 2008-05-16 drh: @ <th>Capabilities</th><td width="15"> </td> c4ec179bbc 2007-07-22 drh: @ <th>Contact Info</th> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login"); dbda8d6ce9 2007-07-21 drh: while( db_step(&s)==SQLITE_ROW ){ f8831f447a 2008-07-19 drh: const char *zCap = db_column_text(&s, 2); f8831f447a 2008-07-19 drh: if( strstr(zCap, "s") ) zCap = "s"; 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"> f8831f447a 2008-07-19 drh: if( g.okAdmin && (zCap[0]!='s' || g.okSetup) ){ 916b6e4b3b 2007-07-21 drh: @ <a href="setup_uedit?id=%d(db_column_int(&s,0))"> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ <nobr>%h(db_column_text(&s,1))</nobr> 916b6e4b3b 2007-07-21 drh: if( g.okAdmin ){ 916b6e4b3b 2007-07-21 drh: @ </a> 916b6e4b3b 2007-07-21 drh: } c7c81df138 2008-05-16 drh: @ </td><td> </td> f8831f447a 2008-07-19 drh: @ <td align="center">%s(zCap)</td> c7c81df138 2008-05-16 drh: @ <td> </td> c4ec179bbc 2007-07-22 drh: @ <td align="left">%s(db_column_text(&s,3))</td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: } c4ec179bbc 2007-07-22 drh: @ </table></td></tr></table> 39fa010b7f 2007-08-24 drh: @ <td valign="top"> 916b6e4b3b 2007-07-21 drh: @ <b>Notes:</b> 916b6e4b3b 2007-07-21 drh: @ <ol> 916b6e4b3b 2007-07-21 drh: @ <li><p>The permission flags are as follows:</p> 916b6e4b3b 2007-07-21 drh: @ <table> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>a</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Admin:</i> Create and delete users</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>c</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Append-Tkt:</i> Append to tickets</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>d</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Delete:</i> Delete wiki and tickets</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>e</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Email:</i> View sensitive data such as EMail addresses</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>f</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>New-Wiki:</i> Create new wiki pages</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>g</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Clone:</i> Clone the repository</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>h</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Hyperlinks:</i> Show hyperlinks to detailed 3eac8bc0f9 2008-11-22 drh: @ repository history</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>i</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Check-In:</i> Commit new versions in the repository</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>j</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Read-Wiki:</i> View wiki pages</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>k</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Write-Wiki:</i> Edit wiki pages</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>m</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Append-Wiki:</i> Append to wiki pages</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>n</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>New-Tkt:</i> Create new tickets</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>o</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Check-Out:</i> Check out versions</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>p</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Password:</i> Change your own password</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>r</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Read-Tkt:</i> View tickets</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>s</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Setup/Super-user:</i> Setup and configure this website</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>t</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Tkt-Report:</i> Create new bug summary reports</td></tr> 355ee47555 2009-03-31 drh: @ <tr><td valign="top"><b>u</b></td> 623a9129c8 2009-07-06 drh: @ <td><i>Reader:</i> Inherit privileges of 355ee47555 2009-03-31 drh: @ user <tt>reader</tt></td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>v</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Developer:</i> Inherit privileges of 3eac8bc0f9 2008-11-22 drh: @ user <tt>developer</tt></td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>w</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Write-Tkt:</i> Edit tickets</td></tr> 3eac8bc0f9 2008-11-22 drh: @ <tr><td valign="top"><b>z</b></td> 3eac8bc0f9 2008-11-22 drh: @ <td><i>Zip download:</i> Download a baseline via the 3eac8bc0f9 2008-11-22 drh: @ <tt>/zip</tt> URL even without check<b>o</b>ut 3eac8bc0f9 2008-11-22 drh: @ and <b>h</b>istory permissions</td></tr> dbda8d6ce9 2007-07-21 drh: @ </table> f85bc24e4d 2008-08-15 cle: @ </li> 1f1d96529c 2008-08-03 drh: @ 1f1d96529c 2008-08-03 drh: @ <li><p> 1f1d96529c 2008-08-03 drh: @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. 3eac8bc0f9 2008-11-22 drh: @ </p></li> 3eac8bc0f9 2008-11-22 drh: @ 3eac8bc0f9 2008-11-22 drh: @ <li><p> 22c1ac41d4 2007-08-23 drh: @ Any human can login as <b>anonymous</b> since the password is 22c1ac41d4 2007-08-23 drh: @ clearly displayed on the login page for them to type. The purpose 22c1ac41d4 2007-08-23 drh: @ of requiring anonymous to log in is to prevent access by spiders. 3eac8bc0f9 2008-11-22 drh: @ Every logged-in user inherits the combined privileges of 3eac8bc0f9 2008-11-22 drh: @ <b>anonymous</b> and 3eac8bc0f9 2008-11-22 drh: @ <b>nobody</b>. 3eac8bc0f9 2008-11-22 drh: @ </p></li> 3eac8bc0f9 2008-11-22 drh: @ 3eac8bc0f9 2008-11-22 drh: @ <li><p> 3eac8bc0f9 2008-11-22 drh: @ Users with privilege <b>v</b> inherit the combined privileges of 3eac8bc0f9 2008-11-22 drh: @ <b>developer</b>, <b>anonymous</b>, and <b>nobody</b>. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ </ol> 39fa010b7f 2007-08-24 drh: @ </td></tr></table> dbda8d6ce9 2007-07-21 drh: style_footer(); 39fa010b7f 2007-08-24 drh: } 39fa010b7f 2007-08-24 drh: 39fa010b7f 2007-08-24 drh: /* 1f1d96529c 2008-08-03 drh: ** Return true if zPw is a valid password string. A valid 1f1d96529c 2008-08-03 drh: ** password string is: 1f1d96529c 2008-08-03 drh: ** 1f1d96529c 2008-08-03 drh: ** (1) A zero-length string, or 1f1d96529c 2008-08-03 drh: ** (2) a string that contains a character other than '*'. 1f1d96529c 2008-08-03 drh: */ 1f1d96529c 2008-08-03 drh: static int isValidPwString(const char *zPw){ 1f1d96529c 2008-08-03 drh: if( zPw==0 ) return 0; 1f1d96529c 2008-08-03 drh: if( zPw[0]==0 ) return 1; 1f1d96529c 2008-08-03 drh: while( zPw[0]=='*' ){ zPw++; } 1f1d96529c 2008-08-03 drh: return zPw[0]!=0; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* 916b6e4b3b 2007-07-21 drh: ** WEBPAGE: /setup_uedit 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: void user_edit(void){ 1f1d96529c 2008-08-03 drh: const char *zId, *zLogin, *zInfo, *zCap, *zPw; 929d28e358 2007-11-05 drh: char *oaa, *oas, *oar, *oaw, *oan, *oai, *oaj, *oao, *oap; d3e711fd2f 2008-07-15 drh: char *oak, *oad, *oac, *oaf, *oam, *oah, *oag, *oae; 355ee47555 2009-03-31 drh: char *oat, *oau, *oav, *oaz; 77bdac3b19 2008-11-22 drh: const char *inherit[128]; 916b6e4b3b 2007-07-21 drh: int doWrite; dbda8d6ce9 2007-07-21 drh: int uid; 916b6e4b3b 2007-07-21 drh: int higherUser = 0; /* True if user being edited is SETUP and the */ 916b6e4b3b 2007-07-21 drh: /* user doing the editing is ADMIN. Disallow editing */ 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Must have ADMIN privleges to access this page 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: login_check_credentials(); 916b6e4b3b 2007-07-21 drh: if( !g.okAdmin ){ login_needed(); return; } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Check to see if an ADMIN user is trying to edit a SETUP account. 916b6e4b3b 2007-07-21 drh: ** Don't allow that. 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: zId = PD("id", "0"); 916b6e4b3b 2007-07-21 drh: uid = atoi(zId); 916b6e4b3b 2007-07-21 drh: if( zId && !g.okSetup && uid>0 ){ 916b6e4b3b 2007-07-21 drh: char *zOldCaps; f8831f447a 2008-07-19 drh: zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid); 916b6e4b3b 2007-07-21 drh: higherUser = zOldCaps && strchr(zOldCaps,'s'); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: if( P("can") ){ 916b6e4b3b 2007-07-21 drh: cgi_redirect("setup_ulist"); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* If we have all the necessary information, write the new or 916b6e4b3b 2007-07-21 drh: ** modified user record. After writing the user record, redirect 916b6e4b3b 2007-07-21 drh: ** to the page that displays a list of users. 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: doWrite = cgi_all("login","info","pw") && !higherUser; 916b6e4b3b 2007-07-21 drh: if( doWrite ){ 49380d500a 2008-05-28 drh: char zCap[50]; 916b6e4b3b 2007-07-21 drh: int i = 0; 916b6e4b3b 2007-07-21 drh: int aa = P("aa")!=0; 916b6e4b3b 2007-07-21 drh: int ad = P("ad")!=0; 929d28e358 2007-11-05 drh: int ae = P("ae")!=0; 916b6e4b3b 2007-07-21 drh: int ai = P("ai")!=0; 916b6e4b3b 2007-07-21 drh: int aj = P("aj")!=0; 916b6e4b3b 2007-07-21 drh: int ak = P("ak")!=0; 916b6e4b3b 2007-07-21 drh: int an = P("an")!=0; 916b6e4b3b 2007-07-21 drh: int ao = P("ao")!=0; 916b6e4b3b 2007-07-21 drh: int ap = P("ap")!=0; 916b6e4b3b 2007-07-21 drh: int ar = P("ar")!=0; 916b6e4b3b 2007-07-21 drh: int as = g.okSetup && P("as")!=0; 916b6e4b3b 2007-07-21 drh: int aw = P("aw")!=0; 66f4caa379 2007-07-23 drh: int ac = P("ac")!=0; 66f4caa379 2007-07-23 drh: int af = P("af")!=0; 66f4caa379 2007-07-23 drh: int am = P("am")!=0; fd36718ad9 2007-07-31 drh: int ah = P("ah")!=0; 22c1ac41d4 2007-08-23 drh: int ag = P("ag")!=0; 49380d500a 2008-05-28 drh: int at = P("at")!=0; 355ee47555 2009-03-31 drh: int au = P("au")!=0; 1f1d96529c 2008-08-03 drh: int av = P("av")!=0; fa6e993017 2008-08-12 cle: int az = P("az")!=0; 916b6e4b3b 2007-07-21 drh: if( aa ){ zCap[i++] = 'a'; } 66f4caa379 2007-07-23 drh: if( ac ){ zCap[i++] = 'c'; } 916b6e4b3b 2007-07-21 drh: if( ad ){ zCap[i++] = 'd'; } 929d28e358 2007-11-05 drh: if( ae ){ zCap[i++] = 'e'; } 66f4caa379 2007-07-23 drh: if( af ){ zCap[i++] = 'f'; } fd36718ad9 2007-07-31 drh: if( ah ){ zCap[i++] = 'h'; } 22c1ac41d4 2007-08-23 drh: if( ag ){ zCap[i++] = 'g'; } 916b6e4b3b 2007-07-21 drh: if( ai ){ zCap[i++] = 'i'; } 916b6e4b3b 2007-07-21 drh: if( aj ){ zCap[i++] = 'j'; } 916b6e4b3b 2007-07-21 drh: if( ak ){ zCap[i++] = 'k'; } 66f4caa379 2007-07-23 drh: if( am ){ zCap[i++] = 'm'; } 916b6e4b3b 2007-07-21 drh: if( an ){ zCap[i++] = 'n'; } 916b6e4b3b 2007-07-21 drh: if( ao ){ zCap[i++] = 'o'; } 916b6e4b3b 2007-07-21 drh: if( ap ){ zCap[i++] = 'p'; } 916b6e4b3b 2007-07-21 drh: if( ar ){ zCap[i++] = 'r'; } 916b6e4b3b 2007-07-21 drh: if( as ){ zCap[i++] = 's'; } 49380d500a 2008-05-28 drh: if( at ){ zCap[i++] = 't'; } 355ee47555 2009-03-31 drh: if( au ){ zCap[i++] = 'u'; } 1f1d96529c 2008-08-03 drh: if( av ){ zCap[i++] = 'v'; } 916b6e4b3b 2007-07-21 drh: if( aw ){ zCap[i++] = 'w'; } fa6e993017 2008-08-12 cle: if( az ){ zCap[i++] = 'z'; } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: zCap[i] = 0; 916b6e4b3b 2007-07-21 drh: zPw = P("pw"); 1f1d96529c 2008-08-03 drh: if( !isValidPwString(zPw) ){ 916b6e4b3b 2007-07-21 drh: zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: zLogin = P("login"); 916b6e4b3b 2007-07-21 drh: if( uid>0 && 916b6e4b3b 2007-07-21 drh: db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) 916b6e4b3b 2007-07-21 drh: ){ 66f4caa379 2007-07-23 drh: style_header("User Creation Error"); 916b6e4b3b 2007-07-21 drh: @ <font color="red">Login "%h(zLogin)" is already used by a different 916b6e4b3b 2007-07-21 drh: @ user.</font> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <p><a href="setup_uedit?id=%d(uid))>[Bummer]</a></p> 916b6e4b3b 2007-07-21 drh: style_footer(); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 0be54823ba 2008-10-18 drh: login_verify_csrf_secret(); 916b6e4b3b 2007-07-21 drh: db_multi_exec( 916b6e4b3b 2007-07-21 drh: "REPLACE INTO user(uid,login,info,pw,cap) " 916b6e4b3b 2007-07-21 drh: "VALUES(nullif(%d,0),%Q,%Q,%Q,'%s')", 916b6e4b3b 2007-07-21 drh: uid, P("login"), P("info"), zPw, zCap 916b6e4b3b 2007-07-21 drh: ); dbda8d6ce9 2007-07-21 drh: cgi_redirect("setup_ulist"); 916b6e4b3b 2007-07-21 drh: return; 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Load the existing information about the user, if any 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: zLogin = ""; 916b6e4b3b 2007-07-21 drh: zInfo = ""; 916b6e4b3b 2007-07-21 drh: zCap = ""; 1f1d96529c 2008-08-03 drh: zPw = ""; 929d28e358 2007-11-05 drh: oaa = oac = oad = oae = oaf = oag = oah = oai = oaj = oak = oam = 355ee47555 2009-03-31 drh: oan = oao = oap = oar = oas = oat = oau = oav = oaw = oaz = ""; 916b6e4b3b 2007-07-21 drh: if( uid ){ 916b6e4b3b 2007-07-21 drh: zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); 1f1d96529c 2008-08-03 drh: zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'a') ) oaa = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'c') ) oac = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'd') ) oad = " checked"; 929d28e358 2007-11-05 drh: if( strchr(zCap, 'e') ) oae = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'f') ) oaf = " checked"; 22c1ac41d4 2007-08-23 drh: if( strchr(zCap, 'g') ) oag = " checked"; fd36718ad9 2007-07-31 drh: if( strchr(zCap, 'h') ) oah = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'i') ) oai = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'j') ) oaj = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'k') ) oak = " checked"; 66f4caa379 2007-07-23 drh: if( strchr(zCap, 'm') ) oam = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'n') ) oan = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'o') ) oao = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'p') ) oap = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'r') ) oar = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 's') ) oas = " checked"; 49380d500a 2008-05-28 drh: if( strchr(zCap, 't') ) oat = " checked"; 355ee47555 2009-03-31 drh: if( strchr(zCap, 'u') ) oau = " checked"; 1f1d96529c 2008-08-03 drh: if( strchr(zCap, 'v') ) oav = " checked"; 916b6e4b3b 2007-07-21 drh: if( strchr(zCap, 'w') ) oaw = " checked"; fa6e993017 2008-08-12 cle: if( strchr(zCap, 'z') ) oaz = " checked"; 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: 77bdac3b19 2008-11-22 drh: /* figure out inherited permissions */ 77bdac3b19 2008-11-22 drh: memset(inherit, 0, sizeof(inherit)); 77bdac3b19 2008-11-22 drh: if( strcmp(zLogin, "developer") ){ 77bdac3b19 2008-11-22 drh: char *z1, *z2; 21cecd209f 2008-11-22 drh: z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='developer'"); 21cecd209f 2008-11-22 drh: while( z1 && *z1 ){ 72e9eb6a0d 2008-11-27 drh: inherit[0x7f & *(z1++)] = "<font color=\"red\">•</font>"; 355ee47555 2009-03-31 drh: } 355ee47555 2009-03-31 drh: free(z2); 355ee47555 2009-03-31 drh: } 355ee47555 2009-03-31 drh: if( strcmp(zLogin, "reader") ){ 355ee47555 2009-03-31 drh: char *z1, *z2; 355ee47555 2009-03-31 drh: z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='reader'"); 355ee47555 2009-03-31 drh: while( z1 && *z1 ){ 355ee47555 2009-03-31 drh: inherit[0x7f & *(z1++)] = "<font color=\"black\">•</font>"; 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: free(z2); 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: if( strcmp(zLogin, "anonymous") ){ 77bdac3b19 2008-11-22 drh: char *z1, *z2; 21cecd209f 2008-11-22 drh: z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='anonymous'"); 21cecd209f 2008-11-22 drh: while( z1 && *z1 ){ 72e9eb6a0d 2008-11-27 drh: inherit[0x7f & *(z1++)] = "<font color=\"blue\">•</font>"; 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: free(z2); 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: if( strcmp(zLogin, "nobody") ){ 77bdac3b19 2008-11-22 drh: char *z1, *z2; 21cecd209f 2008-11-22 drh: z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='nobody'"); 21cecd209f 2008-11-22 drh: while( z1 && *z1 ){ 72e9eb6a0d 2008-11-27 drh: inherit[0x7f & *(z1++)] = "<font color=\"green\">•</font>"; 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: free(z2); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: 916b6e4b3b 2007-07-21 drh: /* Begin generating the page 916b6e4b3b 2007-07-21 drh: */ 916b6e4b3b 2007-07-21 drh: style_submenu_element("Cancel", "Cancel", "setup_ulist"); 916b6e4b3b 2007-07-21 drh: if( uid ){ 66f4caa379 2007-07-23 drh: style_header(mprintf("Edit User %h", zLogin)); 916b6e4b3b 2007-07-21 drh: }else{ 66f4caa379 2007-07-23 drh: style_header("Add A New User"); 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ <table align="left" hspace="20" vspace="10"><tr><td> 916b6e4b3b 2007-07-21 drh: @ <form action="%s(g.zPath)" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 916b6e4b3b 2007-07-21 drh: @ <table> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>User ID:</nobr></td> 916b6e4b3b 2007-07-21 drh: if( uid ){ 916b6e4b3b 2007-07-21 drh: @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)"></td> 916b6e4b3b 2007-07-21 drh: }else{ 916b6e4b3b 2007-07-21 drh: @ <td>(new user)<input type="hidden" name="id" value=0></td> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>Login:</nobr></td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="text" name="login" value="%h(zLogin)"></td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right"><nobr>Contact Info:</nobr></td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="text" name="info" size=40 value="%h(zInfo)"></td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right" valign="top">Capabilities:</td> 916b6e4b3b 2007-07-21 drh: @ <td> 77bdac3b19 2008-11-22 drh: #define B(x) inherit[x] 916b6e4b3b 2007-07-21 drh: if( g.okSetup ){ 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="as"%s(oas)>%s(B('s'))Setup</input><br> 77bdac3b19 2008-11-22 drh: } 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="aa"%s(oaa)>%s(B('a'))Admin</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ad"%s(oad)>%s(B('d'))Delete</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ae"%s(oae)>%s(B('e'))Email</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ap"%s(oap)>%s(B('p'))Password</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ai"%s(oai)>%s(B('i'))Check-In</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ao"%s(oao)>%s(B('o'))Check-Out</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ah"%s(oah)>%s(B('h'))History</input><br> 355ee47555 2009-03-31 drh: @ <input type="checkbox" name="au"%s(oau)>%s(B('u'))Reader</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="av"%s(oav)>%s(B('v'))Developer</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ag"%s(oag)>%s(B('g'))Clone</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="aj"%s(oaj)>%s(B('j'))Read Wiki</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="af"%s(oaf)>%s(B('f'))New Wiki</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="am"%s(oam)>%s(B('m'))Append Wiki</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ak"%s(oak)>%s(B('k'))Write Wiki</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ar"%s(oar)>%s(B('r'))Read Tkt</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="an"%s(oan)>%s(B('n'))New Tkt</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="ac"%s(oac)>%s(B('c'))Append Tkt</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="aw"%s(oaw)>%s(B('w'))Write Tkt</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="at"%s(oat)>%s(B('t'))Tkt Report</input><br> 77bdac3b19 2008-11-22 drh: @ <input type="checkbox" name="az"%s(oaz)>%s(B('z'))Download Zip</input> 916b6e4b3b 2007-07-21 drh: @ </td> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td align="right">Password:</td> 1f1d96529c 2008-08-03 drh: if( strcmp(zLogin, "anonymous")==0 ){ 1f1d96529c 2008-08-03 drh: /* User the password for "anonymous" as cleartext */ 1f1d96529c 2008-08-03 drh: @ <td><input type="text" name="pw" value="%h(zPw)"></td> 1f1d96529c 2008-08-03 drh: }else if( zPw[0] ){ 1f1d96529c 2008-08-03 drh: /* Obscure the password for all other users */ 1f1d96529c 2008-08-03 drh: @ <td><input type="password" name="pw" value="**********"></td> 1f1d96529c 2008-08-03 drh: }else{ 1f1d96529c 2008-08-03 drh: /* Show an empty password as an empty input field */ 1f1d96529c 2008-08-03 drh: @ <td><input type="password" name="pw" value=""></td> 1f1d96529c 2008-08-03 drh: } 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: if( !higherUser ){ 916b6e4b3b 2007-07-21 drh: @ <tr> 916b6e4b3b 2007-07-21 drh: @ <td> </td> 916b6e4b3b 2007-07-21 drh: @ <td><input type="submit" name="submit" value="Apply Changes"> 916b6e4b3b 2007-07-21 drh: @ </tr> 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ </table></td></tr></table> 1f1d96529c 2008-08-03 drh: @ <h2>Privileges And Capabilities:</h2> 1f1d96529c 2008-08-03 drh: @ <ul> 916b6e4b3b 2007-07-21 drh: if( higherUser ){ f8831f447a 2008-07-19 drh: @ <li><p><font color="blue"><b> f8831f447a 2008-07-19 drh: @ User %h(zLogin) has Setup privileges and you only have Admin privileges f8831f447a 2008-07-19 drh: @ so you are not permitted to make changes to %h(zLogin). f8831f447a 2008-07-19 drh: @ </b></font></p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: @ <li><p> 92f6d3d786 2008-07-19 drh: @ The <b>Setup</b> user can make arbitrary configuration changes. 92f6d3d786 2008-07-19 drh: @ An <b>Admin</b> user can add other users and change user privileges f8831f447a 2008-07-19 drh: @ and reset user passwords. Both automatically get all other privileges f8831f447a 2008-07-19 drh: @ listed below. Use these two settings with discretion. 77bdac3b19 2008-11-22 drh: @ </p></li> 77bdac3b19 2008-11-22 drh: @ 77bdac3b19 2008-11-22 drh: @ <li><p> 72e9eb6a0d 2008-11-27 drh: @ The "<font color="green"><big>•</big></font>" mark indicates 77bdac3b19 2008-11-22 drh: @ the privileges of "nobody" that are available to all users 77bdac3b19 2008-11-22 drh: @ regardless of whether or not they are logged in. 77bdac3b19 2008-11-22 drh: @ </p></li> 77bdac3b19 2008-11-22 drh: @ 77bdac3b19 2008-11-22 drh: @ <li><p> 72e9eb6a0d 2008-11-27 drh: @ The "<font color="blue"><big>•</big></font>" mark indicates 77bdac3b19 2008-11-22 drh: @ the privileges of "anonymous" that are inherited by all logged-in users. 77bdac3b19 2008-11-22 drh: @ </p></li> 77bdac3b19 2008-11-22 drh: @ 77bdac3b19 2008-11-22 drh: @ <li><p> 72e9eb6a0d 2008-11-27 drh: @ The "<font color="red"><big>•</big></font>" mark indicates 77bdac3b19 2008-11-22 drh: @ the privileges of "developer" that are inherited by all users with 77bdac3b19 2008-11-22 drh: @ the <b>Developer</b> privilege. 72e9eb6a0d 2008-11-27 drh: @ </p></li> 72e9eb6a0d 2008-11-27 drh: @ 72e9eb6a0d 2008-11-27 drh: @ <li><p> 355ee47555 2009-03-31 drh: @ The "<font color="black"><big>•</big></font>" mark indicates 355ee47555 2009-03-31 drh: @ the privileges of "reader" that are inherited by all users with 355ee47555 2009-03-31 drh: @ the <b>Reader</b> privilege. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 916b6e4b3b 2007-07-21 drh: @ The <b>Delete</b> privilege give the user the ability to erase 92f6d3d786 2008-07-19 drh: @ wiki, tickets, and attachments that have been added by anonymous 50a58adb76 2007-10-10 drh: @ users. This capability is intended for deletion of spam. The 50a58adb76 2007-10-10 drh: @ delete capability is only in effect for 24 hours after the item 50a58adb76 2007-10-10 drh: @ is first posted. The Setup user can delete anything at any time. 50a58adb76 2007-10-10 drh: @ </p></li> 50a58adb76 2007-10-10 drh: @ 50a58adb76 2007-10-10 drh: @ <li><p> 92f6d3d786 2008-07-19 drh: @ The <b>History</b> privilege allows a user to see most hyperlinks. 92f6d3d786 2008-07-19 drh: @ This is recommended ON for most logged-in users but OFF for 92f6d3d786 2008-07-19 drh: @ user "nobody" to avoid problems with spiders trying to walk every 92f6d3d786 2008-07-19 drh: @ historical version of every baseline and file. 92f6d3d786 2008-07-19 drh: @ </p></li> 92f6d3d786 2008-07-19 drh: @ 92f6d3d786 2008-07-19 drh: @ <li><p> 77bdac3b19 2008-11-22 drh: @ The <b>Zip</b> privilege allows a user to see the "download as ZIP" 77bdac3b19 2008-11-22 drh: @ hyperlink and permits access to the <tt>/zip</tt> page. This allows 77bdac3b19 2008-11-22 drh: @ users to download ZIP archives without granting other rights like 77bdac3b19 2008-11-22 drh: @ <b>Read</b> or <b>History</b>. This privilege is recommended for 77bdac3b19 2008-11-22 drh: @ user <b>nobody</b> so that automatic package downloaders can obtain 77bdac3b19 2008-11-22 drh: @ the sources without going through the login procedure. d3e711fd2f 2008-07-15 drh: @ </p></li> d3e711fd2f 2008-07-15 drh: @ d3e711fd2f 2008-07-15 drh: @ <li><p> 92f6d3d786 2008-07-19 drh: @ The <b>Check-in</b> privilege allows remote users to "push". 92f6d3d786 2008-07-19 drh: @ The <b>Check-out</b> privilege allows remote users to "pull". 92f6d3d786 2008-07-19 drh: @ The <b>Clone</b> privilege allows remote users to "clone". 92f6d3d786 2008-07-19 drh: @ </li><p> d3e711fd2f 2008-07-15 drh: @ d3e711fd2f 2008-07-15 drh: @ <li><p> d3e711fd2f 2008-07-15 drh: @ The <b>Read Wiki</b>, <b>New Wiki</b>, <b>Append Wiki</b>, and d3e711fd2f 2008-07-15 drh: @ <b>Write Wiki</b> privileges control access to wiki pages. The d3e711fd2f 2008-07-15 drh: @ <b>Read Tkt</b>, <b>New Tkt</b>, <b>Append Tkt</b>, and d3e711fd2f 2008-07-15 drh: @ <b>Write Tkt</b> privileges control access to trouble tickets. d3e711fd2f 2008-07-15 drh: @ The <b>Tkt Report</b> privilege allows the user to create or edit d3e711fd2f 2008-07-15 drh: @ ticket report formats. 13b7ac16e4 2007-08-09 drh: @ </p></li> 13b7ac16e4 2007-08-09 drh: @ 13b7ac16e4 2007-08-09 drh: @ <li><p> 92f6d3d786 2008-07-19 drh: @ Users with the <b>Password</b> privilege are allowed to change their 1f1d96529c 2008-08-03 drh: @ own password. Recommended ON for most users but OFF for special 5ab6f985b9 2009-03-21 drh: @ users "developer, "anonymous", and "nobody". 9c952d247e 2007-07-31 drh: @ </p></li> 9c952d247e 2007-07-31 drh: @ 9c952d247e 2007-07-31 drh: @ <li><p> 92f6d3d786 2008-07-19 drh: @ The <b>EMail</b> privilege allows the display of sensitive information 92f6d3d786 2008-07-19 drh: @ such as the email address of users and contact information on tickets. 77bdac3b19 2008-11-22 drh: @ Recommended OFF for "anonymous" and for "nobody" but ON for 77bdac3b19 2008-11-22 drh: @ "developer". 9c952d247e 2007-07-31 drh: @ </p></li> 9c952d247e 2007-07-31 drh: @ 9c952d247e 2007-07-31 drh: @ <li><p> 1f1d96529c 2008-08-03 drh: @ Login is prohibited if the password is an empty string. 9c952d247e 2007-07-31 drh: @ </p></li> 1f1d96529c 2008-08-03 drh: @ </ul> 1f1d96529c 2008-08-03 drh: @ 1f1d96529c 2008-08-03 drh: @ <h2>Special Logins</h2> 9c952d247e 2007-07-31 drh: @ 1f1d96529c 2008-08-03 drh: @ <ul> 9c952d247e 2007-07-31 drh: @ <li><p> 9c952d247e 2007-07-31 drh: @ No login is required for user "<b>nobody</b>". The capabilities 1f1d96529c 2008-08-03 drh: @ of the <b>nobody</b> user are inherited by all users, regardless of 1f1d96529c 2008-08-03 drh: @ whether or not they are logged in. To disable universal access 1f1d96529c 2008-08-03 drh: @ to the repository, make sure no user named "<b>nobody</b>" exists or 1f1d96529c 2008-08-03 drh: @ that the <b>nobody</b> user has no capabilities enabled. 1f1d96529c 2008-08-03 drh: @ The password for <b>nobody</b> is ignore. To avoid problems with 1f1d96529c 2008-08-03 drh: @ spiders overloading the server, it is recommended 1f1d96529c 2008-08-03 drh: @ that the 'h' (History) capability be turned off for the <b>nobody</b> 1f1d96529c 2008-08-03 drh: @ user. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 9c952d247e 2007-07-31 drh: @ Login is required for user "<b>anonymous</b>" but the password 9c952d247e 2007-07-31 drh: @ is displayed on the login screen beside the password entry box 9c952d247e 2007-07-31 drh: @ so anybody who can read should be able to login as anonymous. 9c952d247e 2007-07-31 drh: @ On the other hand, spiders and web-crawlers will typically not 9c952d247e 2007-07-31 drh: @ be able to login. Set the capabilities of the anonymous user 5d3783bd61 2008-02-01 drh: @ to things that you want any human to be able to do, but not any 1f1d96529c 2008-08-03 drh: @ spider. Every other logged-in user inherits the privileges of 1f1d96529c 2008-08-03 drh: @ <b>anonymous</b>. 916b6e4b3b 2007-07-21 drh: @ </p></li> 916b6e4b3b 2007-07-21 drh: @ 916b6e4b3b 2007-07-21 drh: @ <li><p> 1f1d96529c 2008-08-03 drh: @ The "<b>developer</b>" user is intended as a template for trusted users 1f1d96529c 2008-08-03 drh: @ with check-in privileges. When adding new trusted users, simply 1f1d96529c 2008-08-03 drh: @ select the <b>Developer</b> privilege to cause the new user to inherit 355ee47555 2009-03-31 drh: @ all privileges of the "developer" user. Similarly, the "<b>reader</b>" 355ee47555 2009-03-31 drh: @ user is a template for users who are allowed more access than anonymous, 355ee47555 2009-03-31 drh: @ but less than a developer. 1f1d96529c 2008-08-03 drh: @ </li></p> 1f1d96529c 2008-08-03 drh: @ </ul> 916b6e4b3b 2007-07-21 drh: @ </form> dbda8d6ce9 2007-07-21 drh: style_footer(); dbda8d6ce9 2007-07-21 drh: } 916b6e4b3b 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Generate a checkbox for an attribute. dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: static void onoff_attribute( dbda8d6ce9 2007-07-21 drh: const char *zLabel, /* The text label on the checkbox */ dbda8d6ce9 2007-07-21 drh: const char *zVar, /* The corresponding row in the VAR table */ dbda8d6ce9 2007-07-21 drh: const char *zQParm, /* The query parameter */ dbda8d6ce9 2007-07-21 drh: int dfltVal /* Default value if VAR table entry does not exist */ dbda8d6ce9 2007-07-21 drh: ){ dbda8d6ce9 2007-07-21 drh: const char *zVal = db_get(zVar, 0); dbda8d6ce9 2007-07-21 drh: const char *zQ = P(zQParm); dbda8d6ce9 2007-07-21 drh: int iVal; dbda8d6ce9 2007-07-21 drh: if( zVal ){ dbda8d6ce9 2007-07-21 drh: iVal = atoi(zVal); dbda8d6ce9 2007-07-21 drh: }else{ dbda8d6ce9 2007-07-21 drh: iVal = dfltVal; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( zQ==0 && P("submit") ){ dbda8d6ce9 2007-07-21 drh: zQ = "off"; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( zQ ){ dbda8d6ce9 2007-07-21 drh: int iQ = strcmp(zQ,"on")==0 || atoi(zQ); dbda8d6ce9 2007-07-21 drh: if( iQ!=iVal ){ 0be54823ba 2008-10-18 drh: login_verify_csrf_secret(); 134e2aeccc 2007-09-28 drh: db_set(zVar, iQ ? "1" : "0", 0); dbda8d6ce9 2007-07-21 drh: iVal = iQ; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: if( iVal ){ c7c81df138 2008-05-16 drh: @ <input type="checkbox" name="%s(zQParm)" checked><b>%s(zLabel)</b></input> dbda8d6ce9 2007-07-21 drh: }else{ c7c81df138 2008-05-16 drh: @ <input type="checkbox" name="%s(zQParm)"><b>%s(zLabel)</b></input> dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** Generate an entry box for an attribute. dbda8d6ce9 2007-07-21 drh: */ ac3f1f2ba7 2008-10-18 drh: void entry_attribute( dbda8d6ce9 2007-07-21 drh: const char *zLabel, /* The text label on the entry box */ dbda8d6ce9 2007-07-21 drh: int width, /* Width of the entry box */ dbda8d6ce9 2007-07-21 drh: const char *zVar, /* The corresponding row in the VAR table */ dbda8d6ce9 2007-07-21 drh: const char *zQParm, /* The query parameter */ 1e9c0e287e 2007-10-03 drh: char *zDflt /* Default value if VAR table entry does not exist */ dbda8d6ce9 2007-07-21 drh: ){ dbda8d6ce9 2007-07-21 drh: const char *zVal = db_get(zVar, zDflt); dbda8d6ce9 2007-07-21 drh: const char *zQ = P(zQParm); dbda8d6ce9 2007-07-21 drh: if( zQ && strcmp(zQ,zVal)!=0 ){ 0be54823ba 2008-10-18 drh: login_verify_csrf_secret(); 134e2aeccc 2007-09-28 drh: db_set(zVar, zQ, 0); dbda8d6ce9 2007-07-21 drh: zVal = zQ; dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)"> c7c81df138 2008-05-16 drh: @ <b>%s(zLabel)</b> dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: 07eaead5dc 2007-09-23 jnc: /* 07eaead5dc 2007-09-23 jnc: ** Generate a text box for an attribute. 07eaead5dc 2007-09-23 jnc: */ 07eaead5dc 2007-09-23 jnc: static void textarea_attribute( 07eaead5dc 2007-09-23 jnc: const char *zLabel, /* The text label on the textarea */ 07eaead5dc 2007-09-23 jnc: int rows, /* Rows in the textarea */ 07eaead5dc 2007-09-23 jnc: int cols, /* Columns in the textarea */ 07eaead5dc 2007-09-23 jnc: const char *zVar, /* The corresponding row in the VAR table */ 555911dff5 2007-11-21 drh: const char *zQP, /* The query parameter */ 07eaead5dc 2007-09-23 jnc: const char *zDflt /* Default value if VAR table entry does not exist */ 07eaead5dc 2007-09-23 jnc: ){ 2a707334c9 2007-11-22 drh: const char *z = db_get(zVar, (char*)zDflt); 555911dff5 2007-11-21 drh: const char *zQ = P(zQP); 555911dff5 2007-11-21 drh: if( zQ && strcmp(zQ,z)!=0 ){ 0be54823ba 2008-10-18 drh: login_verify_csrf_secret(); 134e2aeccc 2007-09-28 drh: db_set(zVar, zQ, 0); 555911dff5 2007-11-21 drh: z = zQ; 555911dff5 2007-11-21 drh: } 555911dff5 2007-11-21 drh: if( rows>0 && cols>0 ){ 555911dff5 2007-11-21 drh: @ <textarea name="%s(zQP)" rows="%d(rows)" cols="%d(cols)">%h(z)</textarea> c7c81df138 2008-05-16 drh: @ <b>%s(zLabel)</b> 555911dff5 2007-11-21 drh: } 07eaead5dc 2007-09-23 jnc: } dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: /* dbda8d6ce9 2007-07-21 drh: ** WEBPAGE: setup_access dbda8d6ce9 2007-07-21 drh: */ dbda8d6ce9 2007-07-21 drh: void setup_access(void){ dbda8d6ce9 2007-07-21 drh: login_check_credentials(); dbda8d6ce9 2007-07-21 drh: if( !g.okSetup ){ dbda8d6ce9 2007-07-21 drh: login_needed(); dbda8d6ce9 2007-07-21 drh: } dbda8d6ce9 2007-07-21 drh: 66f4caa379 2007-07-23 drh: style_header("Access Control Settings"); dbda8d6ce9 2007-07-21 drh: db_begin_transaction(); c4ec179bbc 2007-07-22 drh: @ <form action="%s(g.zBaseURL)/setup_access" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: onoff_attribute("Require password for local access", 0600b278c0 2008-10-26 drh: "localauth", "localauth", 0); dbda8d6ce9 2007-07-21 drh: @ <p>When enabled, the password sign-in is required for dbda8d6ce9 2007-07-21 drh: @ web access coming from 127.0.0.1. When disabled, web access dbda8d6ce9 2007-07-21 drh: @ from 127.0.0.1 is allows without any login - the user id is selected dbda8d6ce9 2007-07-21 drh: @ from the ~/.fossil database. Password login is always required dbda8d6ce9 2007-07-21 drh: @ for incoming web connections on internet addresses other than dbda8d6ce9 2007-07-21 drh: @ 127.0.0.1.</p></li> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> dbda8d6ce9 2007-07-21 drh: entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); dbda8d6ce9 2007-07-21 drh: @ <p>The number of hours for which a login is valid. This must be a dbda8d6ce9 2007-07-21 drh: @ positive number. The default is 8760 hours which is approximately equal dbda8d6ce9 2007-07-21 drh: @ to a year.</p> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> bb3a25e2f0 2008-01-31 drh: entry_attribute("Download packet limit", 10, "max-download", "mxdwn", bb3a25e2f0 2008-01-31 drh: "5000000"); bb3a25e2f0 2008-01-31 drh: @ <p>Fossil tries to limit out-bound sync, clone, and pull packets bb3a25e2f0 2008-01-31 drh: @ to this many bytes, uncompressed. If the client requires more data bb3a25e2f0 2008-01-31 drh: @ than this, then the client will issue multiple HTTP requests. bb3a25e2f0 2008-01-31 drh: @ Values below 1 million are not recommended. 5 million is a bb3a25e2f0 2008-01-31 drh: @ reasonable number.</p> ebb2765954 2007-12-04 drh: ebb2765954 2007-12-04 drh: @ <hr> ebb2765954 2007-12-04 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> ebb2765954 2007-12-04 drh: @ </form> ebb2765954 2007-12-04 drh: db_end_transaction(0); ebb2765954 2007-12-04 drh: style_footer(); ebb2765954 2007-12-04 drh: } ebb2765954 2007-12-04 drh: ebb2765954 2007-12-04 drh: /* ebb2765954 2007-12-04 drh: ** WEBPAGE: setup_timeline ebb2765954 2007-12-04 drh: */ ebb2765954 2007-12-04 drh: void setup_timeline(void){ ebb2765954 2007-12-04 drh: login_check_credentials(); ebb2765954 2007-12-04 drh: if( !g.okSetup ){ ebb2765954 2007-12-04 drh: login_needed(); ebb2765954 2007-12-04 drh: } ebb2765954 2007-12-04 drh: ebb2765954 2007-12-04 drh: style_header("Timeline Display Preferences"); ebb2765954 2007-12-04 drh: db_begin_transaction(); ebb2765954 2007-12-04 drh: @ <form action="%s(g.zBaseURL)/setup_timeline" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 0be54823ba 2008-10-18 drh: 0be54823ba 2008-10-18 drh: @ <hr> d23b8ba62b 2008-11-01 drh: onoff_attribute("Allow block-markup in timeline", ebb2765954 2007-12-04 drh: "timeline-block-markup", "tbm", 0); ebb2765954 2007-12-04 drh: @ <p>In timeline displays, check-in comments can be displayed with or ebb2765954 2007-12-04 drh: @ without block markup (paragraphs, tables, etc.)</p> d23b8ba62b 2008-11-01 drh: d23b8ba62b 2008-11-01 drh: @ <hr> d23b8ba62b 2008-11-01 drh: onoff_attribute("Use Universal Coordinated Time (UTC)", 0b36f02f15 2008-11-01 drh: "timeline-utc", "utc", 1); d23b8ba62b 2008-11-01 drh: @ <p>Show times as UTC (also sometimes called Greenwich Mean Time (GMT) or d23b8ba62b 2008-11-01 drh: @ Zulu) instead of in local time.</p> ebb2765954 2007-12-04 drh: ebb2765954 2007-12-04 drh: @ <hr> ebb2765954 2007-12-04 drh: entry_attribute("Max timeline comment length", 6, ebb2765954 2007-12-04 drh: "timeline-max-comment", "tmc", "0"); ebb2765954 2007-12-04 drh: @ <p>The maximum length of a comment to be displayed in a timeline. ebb2765954 2007-12-04 drh: @ "0" there is no length limit.</p> 0b36f02f15 2008-11-01 drh: 0b36f02f15 2008-11-01 drh: @ <hr> 0b36f02f15 2008-11-01 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> 0b36f02f15 2008-11-01 drh: @ </form> 0b36f02f15 2008-11-01 drh: db_end_transaction(0); 0b36f02f15 2008-11-01 drh: style_footer(); 0b36f02f15 2008-11-01 drh: } 0b36f02f15 2008-11-01 drh: 0b36f02f15 2008-11-01 drh: /* 92e85dc68e 2009-05-27 erik: ** WEBPAGE: setup_behavior 92e85dc68e 2009-05-27 erik: */ 92e85dc68e 2009-05-27 erik: void setup_behavior(void){ 92e85dc68e 2009-05-27 erik: login_check_credentials(); 92e85dc68e 2009-05-27 erik: if( !g.okSetup ){ 92e85dc68e 2009-05-27 erik: login_needed(); 92e85dc68e 2009-05-27 erik: } 92e85dc68e 2009-05-27 erik: 7b32e45bd7 2009-05-27 erik: style_header("Fossil SCM Behavior"); 92e85dc68e 2009-05-27 erik: db_begin_transaction(); 92e85dc68e 2009-05-27 erik: @ <form action="%s(g.zBaseURL)/setup_behavior" method="POST"> 92e85dc68e 2009-05-27 erik: login_insert_csrf_secret(); 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: onoff_attribute("Automatically synchronize with repository", 92e85dc68e 2009-05-27 erik: "autosync", "autosync", 0); 92e85dc68e 2009-05-27 erik: @ <p>Automatically keeps your work in sync with a centralized server.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: onoff_attribute("Sign all commits with gpg", 92e85dc68e 2009-05-27 erik: "clearsign", "clearsign", 0); 92e85dc68e 2009-05-27 erik: @ <p>When enabled (the default), fossil will attempt to 92e85dc68e 2009-05-27 erik: @ sign all commits with gpg. When disabled, commits will 92e85dc68e 2009-05-27 erik: @ be unsigned.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: onoff_attribute("Require local authentication", 92e85dc68e 2009-05-27 erik: "localauth", "localauth", 0); 92e85dc68e 2009-05-27 erik: @ <p>If enabled, require that HTTP connections from 92e85dc68e 2009-05-27 erik: @ 127.0.0.1 be authenticated by password. If 92e85dc68e 2009-05-27 erik: @ false, all HTTP requests from localhost have 92e85dc68e 2009-05-27 erik: @ unrestricted access to the repository.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: onoff_attribute("Modification times used to detect changes", 92e85dc68e 2009-05-27 erik: "mtime-changes", "mtime-changes", 0); 92e85dc68e 2009-05-27 erik: @ <p>Use file modification times (mtimes) to detect when files have been modified.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("Diff Command", 16, 92e85dc68e 2009-05-27 erik: "diff-command", "diff-command", "diff"); 92e85dc68e 2009-05-27 erik: @ <p>External command used to generate a textual diff</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("Gdiff Command", 16, 92e85dc68e 2009-05-27 erik: "gdiff-command", "gdiff-command", "gdiff"); 92e85dc68e 2009-05-27 erik: @ <p>External command to run when performing a graphical diff. If undefined, text diff will be used.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("Editor", 16, 92e85dc68e 2009-05-27 erik: "editor", "editor", ""); 92e85dc68e 2009-05-27 erik: @ <p>Text editor command used for check-in comments.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("HTTP port", 16, 92e85dc68e 2009-05-27 erik: "http-port", "http-port", "8080"); 92e85dc68e 2009-05-27 erik: @ <p>The TCP/IP port number to use by the "server" and "ui" commands. Default: 8080</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("PGP Command", 32, 92e85dc68e 2009-05-27 erik: "pgp-command", "pgp-command", "gpg --clearsign -o "); 92e85dc68e 2009-05-27 erik: @ <p>Command used to clear-sign manifests at check-in.The default is "gpg --clearsign -o ".</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("Proxy", 32, 92e85dc68e 2009-05-27 erik: "proxy", "proxy", "off"); 92e85dc68e 2009-05-27 erik: @ <p>URL of the HTTP proxy.</p> 92e85dc68e 2009-05-27 erik: 92e85dc68e 2009-05-27 erik: @ <hr> 92e85dc68e 2009-05-27 erik: entry_attribute("Web browser", 32, 92e85dc68e 2009-05-27 erik: "web-browser", "web-browser", ""); 92e85dc68e 2009-05-27 erik: @ <p>Default web browser for "fossil ui".</p> dbda8d6ce9 2007-07-21 drh: dbda8d6ce9 2007-07-21 drh: @ <hr> c4ec179bbc 2007-07-22 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> c4ec179bbc 2007-07-22 drh: @ </form> c4ec179bbc 2007-07-22 drh: db_end_transaction(0); c4ec179bbc 2007-07-22 drh: style_footer(); c4ec179bbc 2007-07-22 drh: } c4ec179bbc 2007-07-22 drh: c4ec179bbc 2007-07-22 drh: /* c4ec179bbc 2007-07-22 drh: ** WEBPAGE: setup_config c4ec179bbc 2007-07-22 drh: */ c4ec179bbc 2007-07-22 drh: void setup_config(void){ c4ec179bbc 2007-07-22 drh: login_check_credentials(); c4ec179bbc 2007-07-22 drh: if( !g.okSetup ){ c4ec179bbc 2007-07-22 drh: login_needed(); c4ec179bbc 2007-07-22 drh: } c4ec179bbc 2007-07-22 drh: 66f4caa379 2007-07-23 drh: style_header("WWW Configuration"); 66f4caa379 2007-07-23 drh: db_begin_transaction(); c4ec179bbc 2007-07-22 drh: @ <form action="%s(g.zBaseURL)/setup_config" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 8ffd32c2b7 2007-10-28 drh: @ <hr /> f3807dbd88 2007-10-10 jnc: entry_attribute("Project Name", 60, "project-name", "pn", ""); f3807dbd88 2007-10-10 jnc: @ <p>Give your project a name so visitors know what this site is about. f3807dbd88 2007-10-10 jnc: @ The project name will also be used as the RSS feed title.</p> f3807dbd88 2007-10-10 jnc: @ <hr /> 555911dff5 2007-11-21 drh: textarea_attribute("Project Description", 5, 60, 555911dff5 2007-11-21 drh: "project-description", "pd", ""); f3807dbd88 2007-10-10 jnc: @ <p>Describe your project. This will be used in page headers for search f3807dbd88 2007-10-10 jnc: @ engines as well as a short RSS description.</p> 29374daa0d 2008-05-15 stephan: @ <hr /> c7c81df138 2008-05-16 drh: entry_attribute("Index Page", 60, "index-page", "idxpg", "/home"); c7c81df138 2008-05-16 drh: @ <p>Enter the pathname of the page to display when the "Home" menu c7c81df138 2008-05-16 drh: @ option is selected and when no pathname is c7c81df138 2008-05-16 drh: @ specified in the URL. For example, if you visit the url:</p> c7c81df138 2008-05-16 drh: @ c7c81df138 2008-05-16 drh: @ <blockquote>%h(g.zBaseURL)</blockquote> c7c81df138 2008-05-16 drh: @ c7c81df138 2008-05-16 drh: @ <p>And you have specified an index page of "/home" the above will c7c81df138 2008-05-16 drh: @ automatically redirect to:</p> c7c81df138 2008-05-16 drh: @ c7c81df138 2008-05-16 drh: @ <blockquote>%h(g.zBaseURL)/home</blockquote> c7c81df138 2008-05-16 drh: @ c7c81df138 2008-05-16 drh: @ <p>The default "/home" page displays a Wiki page with the same name c7c81df138 2008-05-16 drh: @ as the Project Name specified above. Some sites prefer to redirect c7c81df138 2008-05-16 drh: @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p> f3807dbd88 2007-10-10 jnc: @ <hr /> dbda8d6ce9 2007-07-21 drh: @ <p><input type="submit" name="submit" value="Apply Changes"></p> dbda8d6ce9 2007-07-21 drh: @ </form> dbda8d6ce9 2007-07-21 drh: db_end_transaction(0); dbda8d6ce9 2007-07-21 drh: style_footer(); 8ffd32c2b7 2007-10-28 drh: } 8ffd32c2b7 2007-10-28 drh: 8ffd32c2b7 2007-10-28 drh: /* 555911dff5 2007-11-21 drh: ** WEBPAGE: setup_editcss 8ffd32c2b7 2007-10-28 drh: */ 8ffd32c2b7 2007-10-28 drh: void setup_editcss(void){ 8ffd32c2b7 2007-10-28 drh: login_check_credentials(); 8ffd32c2b7 2007-10-28 drh: if( !g.okSetup ){ 8ffd32c2b7 2007-10-28 drh: login_needed(); 8ffd32c2b7 2007-10-28 drh: } adefb6c8db 2008-11-26 eric: db_begin_transaction(); adefb6c8db 2008-11-26 eric: if( P("clear")!=0 ){ adefb6c8db 2008-11-26 eric: db_multi_exec("DELETE FROM config WHERE name='css'"); adefb6c8db 2008-11-26 eric: cgi_replace_parameter("css", zDefaultCSS); adefb6c8db 2008-11-26 eric: }else{ adefb6c8db 2008-11-26 eric: textarea_attribute(0, 0, 0, "css", "css", zDefaultCSS); adefb6c8db 2008-11-26 eric: } 8ffd32c2b7 2007-10-28 drh: style_header("Edit CSS"); 555911dff5 2007-11-21 drh: @ <form action="%s(g.zBaseURL)/setup_editcss" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 8ffd32c2b7 2007-10-28 drh: @ Edit the CSS:<br /> 8ffd32c2b7 2007-10-28 drh: textarea_attribute("", 40, 80, "css", "css", zDefaultCSS); 8ffd32c2b7 2007-10-28 drh: @ <br /> 8ffd32c2b7 2007-10-28 drh: @ <input type="submit" name="submit" value="Apply Changes"> adefb6c8db 2008-11-26 eric: @ <input type="submit" name="clear" value="Revert To Default"> 555911dff5 2007-11-21 drh: @ </form> 555911dff5 2007-11-21 drh: @ <hr> 555911dff5 2007-11-21 drh: @ Here is the default CSS: 555911dff5 2007-11-21 drh: @ <blockquote><pre> 555911dff5 2007-11-21 drh: @ %h(zDefaultCSS) 555911dff5 2007-11-21 drh: @ </pre></blockquote> 555911dff5 2007-11-21 drh: style_footer(); adefb6c8db 2008-11-26 eric: db_end_transaction(0); 555911dff5 2007-11-21 drh: } 555911dff5 2007-11-21 drh: 555911dff5 2007-11-21 drh: /* 555911dff5 2007-11-21 drh: ** WEBPAGE: setup_header 555911dff5 2007-11-21 drh: */ 555911dff5 2007-11-21 drh: void setup_header(void){ 555911dff5 2007-11-21 drh: login_check_credentials(); 555911dff5 2007-11-21 drh: if( !g.okSetup ){ 555911dff5 2007-11-21 drh: login_needed(); 555911dff5 2007-11-21 drh: } 555911dff5 2007-11-21 drh: db_begin_transaction(); 555911dff5 2007-11-21 drh: if( P("clear")!=0 ){ 555911dff5 2007-11-21 drh: db_multi_exec("DELETE FROM config WHERE name='header'"); 555911dff5 2007-11-21 drh: cgi_replace_parameter("header", zDefaultHeader); 555911dff5 2007-11-21 drh: }else{ 555911dff5 2007-11-21 drh: textarea_attribute(0, 0, 0, "header", "header", zDefaultHeader); 555911dff5 2007-11-21 drh: } 555911dff5 2007-11-21 drh: style_header("Edit Page Header"); 555911dff5 2007-11-21 drh: @ <form action="%s(g.zBaseURL)/setup_header" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 3122fc4c7e 2008-02-14 drh: @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to 555911dff5 2007-11-21 drh: @ generate the beginning of every page through start of the main 555911dff5 2007-11-21 drh: @ menu.</p> 555911dff5 2007-11-21 drh: textarea_attribute("", 40, 80, "header", "header", zDefaultHeader); 555911dff5 2007-11-21 drh: @ <br /> 555911dff5 2007-11-21 drh: @ <input type="submit" name="submit" value="Apply Changes"> 555911dff5 2007-11-21 drh: @ <input type="submit" name="clear" value="Revert To Default"> 555911dff5 2007-11-21 drh: @ </form> 555911dff5 2007-11-21 drh: @ <hr> 555911dff5 2007-11-21 drh: @ Here is the default page header: 555911dff5 2007-11-21 drh: @ <blockquote><pre> 555911dff5 2007-11-21 drh: @ %h(zDefaultHeader) 555911dff5 2007-11-21 drh: @ </pre></blockquote> 23ed5e2cd6 2008-07-18 eric: style_footer(); 34af72801d 2007-11-23 drh: db_end_transaction(0); 34af72801d 2007-11-23 drh: } 34af72801d 2007-11-23 drh: 34af72801d 2007-11-23 drh: /* 34af72801d 2007-11-23 drh: ** WEBPAGE: setup_footer 34af72801d 2007-11-23 drh: */ 34af72801d 2007-11-23 drh: void setup_footer(void){ 34af72801d 2007-11-23 drh: login_check_credentials(); 34af72801d 2007-11-23 drh: if( !g.okSetup ){ 34af72801d 2007-11-23 drh: login_needed(); 34af72801d 2007-11-23 drh: } 34af72801d 2007-11-23 drh: db_begin_transaction(); 34af72801d 2007-11-23 drh: if( P("clear")!=0 ){ 34af72801d 2007-11-23 drh: db_multi_exec("DELETE FROM config WHERE name='footer'"); 34af72801d 2007-11-23 drh: cgi_replace_parameter("footer", zDefaultFooter); 34af72801d 2007-11-23 drh: }else{ 34af72801d 2007-11-23 drh: textarea_attribute(0, 0, 0, "footer", "footer", zDefaultFooter); 34af72801d 2007-11-23 drh: } 34af72801d 2007-11-23 drh: style_header("Edit Page Footer"); 34af72801d 2007-11-23 drh: @ <form action="%s(g.zBaseURL)/setup_footer" method="POST"> 0be54823ba 2008-10-18 drh: login_insert_csrf_secret(); 3122fc4c7e 2008-02-14 drh: @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to 34af72801d 2007-11-23 drh: @ generate the end of every page.</p> 34af72801d 2007-11-23 drh: textarea_attribute("", 20, 80, "footer", "footer", zDefaultFooter); 34af72801d 2007-11-23 drh: @ <br /> 34af72801d 2007-11-23 drh: @ <input type="submit" name="submit" value="Apply Changes"> 34af72801d 2007-11-23 drh: @ <input type="submit" name="clear" value="Revert To Default"> 34af72801d 2007-11-23 drh: @ </form> 34af72801d 2007-11-23 drh: @ <hr> 34af72801d 2007-11-23 drh: @ Here is the default page footer: 34af72801d 2007-11-23 drh: @ <blockquote><pre> 34af72801d 2007-11-23 drh: @ %h(zDefaultFooter) 34af72801d 2007-11-23 drh: @ </pre></blockquote> 43481115ed 2009-09-21 drh: style_footer(); 5f3ddcc1b8 2007-11-25 drh: db_end_transaction(0); 5f3ddcc1b8 2007-11-25 drh: } 5f3ddcc1b8 2007-11-25 drh: 5f3ddcc1b8 2007-11-25 drh: /* 43481115ed 2009-09-21 drh: ** WEBPAGE: setup_logo 5f3ddcc1b8 2007-11-25 drh: */ 43481115ed 2009-09-21 drh: void setup_logo(void){ 43481115ed 2009-09-21 drh: const char *zMime = "image/gif"; 43481115ed 2009-09-21 drh: const char *aImg = P("im"); 43481115ed 2009-09-21 drh: int szImg = atoi(PD("im:bytes","0")); 43481115ed 2009-09-21 drh: if( szImg>0 ){ 43481115ed 2009-09-21 drh: zMime = PD("im:mimetype","image/gif"); 43481115ed 2009-09-21 drh: } 5f3ddcc1b8 2007-11-25 drh: login_check_credentials(); 5f3ddcc1b8 2007-11-25 drh: if( !g.okSetup ){ 5f3ddcc1b8 2007-11-25 drh: login_needed(); 5f3ddcc1b8 2007-11-25 drh: } 5f3ddcc1b8 2007-11-25 drh: db_begin_transaction(); 43481115ed 2009-09-21 drh: if( P("set")!=0 && zMime && zMime[0] && szImg>0 ){ 43481115ed 2009-09-21 drh: Blob img; 43481115ed 2009-09-21 drh: Stmt ins; 43481115ed 2009-09-21 drh: blob_init(&img, aImg, szImg); 43481115ed 2009-09-21 drh: db_prepare(&ins, 43481115ed 2009-09-21 drh: "REPLACE INTO config(name, value)" 43481115ed 2009-09-21 drh: " VALUES('logo-image',:bytes)" 43481115ed 2009-09-21 drh: ); 43481115ed 2009-09-21 drh: db_bind_blob(&ins, ":bytes", &img); 43481115ed 2009-09-21 drh: db_step(&ins); 43481115ed 2009-09-21 drh: db_finalize(&ins); 43481115ed 2009-09-21 drh: db_multi_exec( 43481115ed 2009-09-21 drh: "REPLACE INTO config(name, value) VALUES('logo-mimetype',%Q)", 43481115ed 2009-09-21 drh: zMime 43481115ed 2009-09-21 drh: ); 43481115ed 2009-09-21 drh: }else if( P("clr")!=0 ){ 43481115ed 2009-09-21 drh: db_multi_exec( 43481115ed 2009-09-21 drh: "DELETE FROM config WHERE name GLOB 'logo-*'" 43481115ed 2009-09-21 drh: ); 5f3ddcc1b8 2007-11-25 drh: } 43481115ed 2009-09-21 drh: style_header("Edit Project Logo"); 43481115ed 2009-09-21 drh: @ <p>The current project logo has a MIME-Type of <b>%h(zMime)</b> and looks 43481115ed 2009-09-21 drh: @ like this:</p> 37f295c310 2009-09-21 drh: @ <blockquote><img src="%s(g.zTop)/logo" alt="logo"></blockquote> 43481115ed 2009-09-21 drh: @ 43481115ed 2009-09-21 drh: @ <form action="%s(g.zBaseURL)/setup_logo" method="POST" 43481115ed 2009-09-21 drh: @ enctype="multipart/form-data"> 43481115ed 2009-09-21 drh: @ <p>The logo is accessible to all users at this URL: 43481115ed 2009-09-21 drh: @ <a href="%s(g.zBaseURL)/logo">%s(g.zBaseURL)/logo</a>. 43481115ed 2009-09-21 drh: @ To set a new logo image, select a file to use as the logo using 43481115ed 2009-09-21 drh: @ the entry box below and then press the "Change Logo" button.</p> 43481115ed 2009-09-21 drh: login_insert_csrf_secret(); 43481115ed 2009-09-21 drh: @ Logo Image file: 43481115ed 2009-09-21 drh: @ <input type="file" name="im" size="60" accepts="image/*"><br> 43481115ed 2009-09-21 drh: @ <input type="submit" name="set" value="Change Logo"> 43481115ed 2009-09-21 drh: @ <input type="submit" name="clr" value="Revert To Default"> 8ffd32c2b7 2007-10-28 drh: @ </form> 8ffd32c2b7 2007-10-28 drh: style_footer(); 555911dff5 2007-11-21 drh: db_end_transaction(0); dbda8d6ce9 2007-07-21 drh: }
File Annotation