Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Changing the password requires a 'real' login. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
8b562b90c05a0c337be2283fc4e9fb3c |
User & Date: | mistachkin 2017-01-28 19:48:13.686 |
Context
2017-02-03
| ||
15:13 | On diff/gdiff command, override "diff-binary" setting when argument "--diff-binary off" command line option is specified, not only with "--diff-binary on". ... (check-in: f62c2470 user: mgagnon tags: trunk) | |
2017-02-01
| ||
02:16 | Add the --no-symlinks global command line option. ... (check-in: 85277aa3 user: mistachkin tags: noSymlinks) | |
2017-01-29
| ||
12:44 | (cherry-pick): Changing the password requires a 'real' login. ... (check-in: fb4b87d9 user: jan.nijtmans tags: branch-1.37) | |
2017-01-28
| ||
19:48 | Changing the password requires a 'real' login. ... (check-in: 8b562b90 user: mistachkin tags: trunk) | |
2017-01-27
| ||
12:21 | Make "fossil version -v" work again with SQLite 3.15.x, since no-where is documented that "fossil now requires SQLite 3.16" ... (check-in: 042d6a7b user: jan.nijtmans tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
524 525 526 527 528 529 530 | return; } /* Deal with password-change requests */ if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ | > > | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > > > > > > > > | 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 | return; } /* Deal with password-change requests */ if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ /* If there is not a "real" login, we cannot change any password. */ if( g.zLogin ){ /* The user requests a password change */ zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0); if( db_int(1, "SELECT 0 FROM user" " WHERE uid=%d" " AND (constant_time_cmp(pw,%Q)=0" " OR constant_time_cmp(pw,%Q)=0)", g.userUid, zSha1Pw, zPasswd) ){ sleep(1); zErrMsg = @ <p><span class="loginError"> @ You entered an incorrect old password while attempting to change @ your password. Your password is unchanged. @ </span></p> ; }else if( fossil_strcmp(zNew1,zNew2)!=0 ){ zErrMsg = @ <p><span class="loginError"> @ The two copies of your new passwords do not match. @ Your password is unchanged. @ </span></p> ; }else{ char *zNewPw = sha1_shared_secret(zNew1, g.zLogin, 0); char *zChngPw; char *zErr; db_multi_exec( "UPDATE user SET pw=%Q WHERE uid=%d", zNewPw, g.userUid ); fossil_free(zNewPw); zChngPw = mprintf( "UPDATE user" " SET pw=shared_secret(%Q,%Q," " (SELECT value FROM config WHERE name='project-code'))" " WHERE login=%Q", zNew1, g.zLogin, g.zLogin ); if( login_group_sql(zChngPw, "<p>", "</p>\n", &zErr) ){ zErrMsg = mprintf("<span class=\"loginError\">%s</span>", zErr); fossil_free(zErr); }else{ redirect_to_g(); return; } } }else{ zErrMsg = @ <p><span class="loginError"> @ The password cannot be changed for this type of login. @ The password is unchanged. @ </span></p> ; } } zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ zReferer = P("HTTP_REFERER"); uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs")); if( uid>0 ){ login_set_anon_cookie(zIpAddr, NULL); |
︙ | ︙ | |||
697 698 699 700 701 702 703 | @ <input type="button" value="Fill out captcha" @ onclick="gebi('u').value='anonymous'; gebi('p').value='%s(zDecoded)';" /> } @ </div> free(zCaptcha); } @ </form> | | | 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 | @ <input type="button" value="Fill out captcha" @ onclick="gebi('u').value='anonymous'; gebi('p').value='%s(zDecoded)';" /> } @ </div> free(zCaptcha); } @ </form> if( g.zLogin && g.perm.Password ){ @ <hr /> @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p> form_begin(0, "%R/login"); @ <table> @ <tr><td class="login_out_label">Old Password:</td> @ <td><input type="password" name="p" size="30" /></td></tr> @ <tr><td class="login_out_label">New Password:</td> |
︙ | ︙ |