Fossil: File Annotation

007d1ce44f 2008-02-07       drh: /*
007d1ce44f 2008-02-07       drh: ** Copyright (c) 2007 D. Richard Hipp
007d1ce44f 2008-02-07       drh: ** Copyright (c) 2008 Stephan Beal
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: ** This program is free software; you can redistribute it and/or
007d1ce44f 2008-02-07       drh: ** modify it under the terms of the GNU General Public
007d1ce44f 2008-02-07       drh: ** License as published by the Free Software Foundation; either
007d1ce44f 2008-02-07       drh: ** version 2 of the License, or (at your option) any later version.
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: ** This program is distributed in the hope that it will be useful,
007d1ce44f 2008-02-07       drh: ** but WITHOUT ANY WARRANTY; without even the implied warranty of
007d1ce44f 2008-02-07       drh: ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
007d1ce44f 2008-02-07       drh: ** General Public License for more details.
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: ** You should have received a copy of the GNU General Public
007d1ce44f 2008-02-07       drh: ** License along with this library; if not, write to the
007d1ce44f 2008-02-07       drh: ** Free Software Foundation, Inc., 59 Temple Place - Suite 330,
007d1ce44f 2008-02-07       drh: ** Boston, MA  02111-1307, USA.
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: ** Author contact information:
007d1ce44f 2008-02-07       drh: **   drh@hwaci.com
007d1ce44f 2008-02-07       drh: **   http://www.hwaci.com/drh/
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: *******************************************************************************
007d1ce44f 2008-02-07       drh: **
007d1ce44f 2008-02-07       drh: ** Implementation of the Admin SQL
007d1ce44f 2008-02-07       drh: */
007d1ce44f 2008-02-07       drh: #include <assert.h>
007d1ce44f 2008-02-07       drh: #include "config.h"
007d1ce44f 2008-02-07       drh: #include "admin.h"
007d1ce44f 2008-02-07       drh: 
007d1ce44f 2008-02-07       drh: /*
007d1ce44f 2008-02-07       drh: ** This SQLite authorizer callback prevents any SQL other than
007d1ce44f 2008-02-07       drh: ** SELECT statements from running.
007d1ce44f 2008-02-07       drh: */
007d1ce44f 2008-02-07       drh: static int selectOnly(
007d1ce44f 2008-02-07       drh:   void *NotUsed,           /* Application data - not used */
007d1ce44f 2008-02-07       drh:   int type,                /* Operation type */
007d1ce44f 2008-02-07       drh:   const char *zArg1,       /* Arguments.... */
007d1ce44f 2008-02-07       drh:   const char *zArg2,
007d1ce44f 2008-02-07       drh:   const char *zArg3,
007d1ce44f 2008-02-07       drh:   const char *zArg4
007d1ce44f 2008-02-07       drh: ){
007d1ce44f 2008-02-07       drh:   int rc = SQLITE_DENY;
007d1ce44f 2008-02-07       drh:   switch( type ){
007d1ce44f 2008-02-07       drh:     case SQLITE_READ:
007d1ce44f 2008-02-07       drh:     case SQLITE_SELECT: {
007d1ce44f 2008-02-07       drh:       rc = SQLITE_OK;
007d1ce44f 2008-02-07       drh:       break;
007d1ce44f 2008-02-07       drh:     }
007d1ce44f 2008-02-07       drh:   }
007d1ce44f 2008-02-07       drh:   return rc;
007d1ce44f 2008-02-07       drh: }
007d1ce44f 2008-02-07       drh: 
007d1ce44f 2008-02-07       drh: 
da106eb09c 2008-02-08   stephan: void admin_prepare_submenu(){
da106eb09c 2008-02-08   stephan:   if( g.okAdmin ){
da106eb09c 2008-02-08   stephan:     style_submenu_element("Main", "Main admin page", "%s/admin", g.zTop );
da106eb09c 2008-02-08   stephan:     style_submenu_element("SQL", "SQL page", "%s/admin/sql", g.zTop );
da106eb09c 2008-02-08   stephan:     style_submenu_element("Setup", "Setup page", "%s/setup", g.zTop );
da106eb09c 2008-02-08   stephan:   }
da106eb09c 2008-02-08   stephan: }
da106eb09c 2008-02-08   stephan: 
da106eb09c 2008-02-08   stephan: 
007d1ce44f 2008-02-07       drh: /*
007d1ce44f 2008-02-07       drh: ** WEBPAGE: /admin/sql
007d1ce44f 2008-02-07       drh: */
007d1ce44f 2008-02-07       drh: void admin_sql_page(void){
007d1ce44f 2008-02-07       drh:   const char *zSql = PD("sql","");
007d1ce44f 2008-02-07       drh:   login_check_credentials();
007d1ce44f 2008-02-07       drh:   if( !g.okAdmin ){
007d1ce44f 2008-02-07       drh:     login_needed();
007d1ce44f 2008-02-07       drh:     return;
007d1ce44f 2008-02-07       drh:   }
da106eb09c 2008-02-08   stephan:   admin_prepare_submenu();
007d1ce44f 2008-02-07       drh:   style_header("Admin SQL");
da106eb09c 2008-02-08   stephan:   @ <h2>SQL:</h2>
138177c30e 2008-02-08   stephan:   @ You can enter only SELECT statements here, and some SQL-side functions
138177c30e 2008-02-08   stephan:   @ are also restricted.<br/>
007d1ce44f 2008-02-07       drh:   @ <form action='' method='post'>
0be54823ba 2008-10-18       drh:   login_insert_csrf_secret();
007d1ce44f 2008-02-07       drh:   @ <textarea style='border:2px solid black' name='sql'
007d1ce44f 2008-02-07       drh:   @  cols='80' rows='5'>%h(zSql)</textarea>
007d1ce44f 2008-02-07       drh:   @ <br/><input type='submit' name='sql_submit'/> <input type='reset'/>
007d1ce44f 2008-02-07       drh:   @ </form>
007d1ce44f 2008-02-07       drh:   if( zSql[0] ){
0be54823ba 2008-10-18       drh:     login_verify_csrf_secret();
007d1ce44f 2008-02-07       drh:     sqlite3_set_authorizer(g.db, selectOnly, 0);
007d1ce44f 2008-02-07       drh:     db_generic_query_view(zSql, 0);
007d1ce44f 2008-02-07       drh:     sqlite3_set_authorizer(g.db, 0, 0);
007d1ce44f 2008-02-07       drh:   }
da106eb09c 2008-02-08   stephan:   style_footer();
da106eb09c 2008-02-08   stephan: }
da106eb09c 2008-02-08   stephan: 
da106eb09c 2008-02-08   stephan: /*
da106eb09c 2008-02-08   stephan: ** WEBPAGE: /admin
da106eb09c 2008-02-08   stephan: */
da106eb09c 2008-02-08   stephan: void admin_page(void){
da106eb09c 2008-02-08   stephan:   login_check_credentials();
da106eb09c 2008-02-08   stephan:   if( !g.okAdmin ){
da106eb09c 2008-02-08   stephan:     login_needed();
da106eb09c 2008-02-08   stephan:     return;
da106eb09c 2008-02-08   stephan:   }
da106eb09c 2008-02-08   stephan:   if( g.zExtra && g.zExtra[0] ){
da106eb09c 2008-02-08   stephan:     if(g.zExtra == strstr(g.zExtra,"sql")) admin_sql_page();
da106eb09c 2008-02-08   stephan:     /* FIXME: ^^^ this ^^^ is an awful lot of work, especially once
da106eb09c 2008-02-08   stephan:     ** the paths deepen. Figure out a way to simplify dispatching.
da106eb09c 2008-02-08   stephan:     */
da106eb09c 2008-02-08   stephan:     return;
da106eb09c 2008-02-08   stephan:   }
da106eb09c 2008-02-08   stephan:   admin_prepare_submenu();
da106eb09c 2008-02-08   stephan:   style_header("Admin");
da106eb09c 2008-02-08   stephan:   @ <h2>Links:</h2>
da106eb09c 2008-02-08   stephan:   @ <ul>
1f1d96529c 2008-08-03       drh:   @ <li><a href='%s(g.zBaseURL)/setup'>Fossil WWW Setup</a></li>
da106eb09c 2008-02-08   stephan:   @ <li><a href='%s(g.zBaseURL)/admin/sql'>Run SQL queries</a></li>
da106eb09c 2008-02-08   stephan:   @ </ul>
007d1ce44f 2008-02-07       drh:   style_footer();
007d1ce44f 2008-02-07       drh: }