Differences From:

File src/http.c part of check-in [dbda8d6ce9] - Initial check-in of m1 sources. by drh on 2007-07-21 14:10:57. [view]

To:

File src/http.c part of check-in [e621b6dbe3] - Use POST instead of GET for the /xfer method. Other bug fixes in the URL parser. by drh on 2007-07-30 14:28:17. [view]

@@ -158,17 +158,32 @@
   const char *zSep;
   int i;
   int cnt = 0;
 
-  user_select();
   blob_zero(&nonce);
   blob_zero(&pw);
   db_blob(&nonce, "SELECT hex(randomblob(20))");
   blob_copy(&pw, &nonce);
-  db_blob(&pw, "SELECT pw FROM user WHERE uid=%d", g.userUid);
-  sha1sum_blob(&pw, &sig);
   blob_zero(&login);
-  blob_appendf(&login, "login %s %b %b\n", g.zLogin, &nonce, &sig);
+  if( g.urlUser==0 ){
+    user_select();
+    db_blob(&pw, "SELECT pw FROM user WHERE uid=%d", g.userUid);
+    sha1sum_blob(&pw, &sig);
+    blob_appendf(&login, "login %s %b %b\n", g.zLogin, &nonce, &sig);
+  }else{
+    if( g.urlPasswd==0 ){
+      if( strcmp(g.urlUser,"anonymous")!=0 ){
+        char *zPrompt = mprintf("password for %s", g.urlUser);
+        Blob x;
+        prompt_for_password(zPrompt, &x, 0);
+        free(zPrompt);
+        blob_append(&pw, blob_buffer(&x), blob_size(&x));
+        blob_reset(&x);
+      }
+    }
+    sha1sum_blob(&pw, &sig);
+    blob_appendf(&login, "login %s %b %b\n", g.urlUser, &nonce, &sig);
+  }
   blob_reset(&nonce);
   blob_reset(&pw);
   blob_reset(&sig);
   if( g.fHttpTrace ){
@@ -184,9 +199,9 @@
     zSep = "";
   }else{
     zSep = "/";
   }
-  blob_appendf(&hdr, "GET %s%sxfer HTTP/1.1\r\n", g.urlPath, zSep);
+  blob_appendf(&hdr, "POST %s%sxfer HTTP/1.1\r\n", g.urlPath, zSep);
   if( g.fHttpTrace ){
     blob_appendf(&hdr, "Content-Type: application/x-fossil-debug\r\n");
   }else{
     blob_appendf(&hdr, "Content-Type: application/x-fossil\r\n");