Diff
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin

Differences From:

File src/login.c part of check-in [60212796377638c] - Make sure that "nobody" and "anonymous" privileges by users who attempt to sync with higher privileges. by drh on 2009-09-11 23:04:50. [view]

To:

File src/login.c part of check-in [7a2c37063a] - merge trunk into creole branch by bob on 2009-09-22 07:49:39. Also file src/login.c part of check-in [bbb8ae7ebf] - Make it harder to misconfigure the user accounts in a way that might give people greater access than intended. by drh on 2009-09-15 18:44:51. [view] 
@@ -180,10 +180,14 @@
   }
   if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
     uid = db_int(0,
         "SELECT uid FROM user"
-        " WHERE login=%Q AND pw=%Q", zUsername, zPasswd);
-    if( uid<=0 || strcmp(zUsername,"nobody")==0 ){
+        " WHERE login=%Q"
+        "   AND login NOT IN ('anonymous','nobody','developer','reader')"
+        "   AND pw=%Q",
+        zUsername, zPasswd
+    );
+    if( uid<=0 ){
       sleep(1);
       zErrMsg =
          @ <p><font color="red">
          @ You entered an unknown user or an incorrect password.

Fossil version [c0211010a1] 2009-12-13 01:31:36