Fossil

Check-in [9271b4bb]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow a login to occur if the USER.INFO field contains the text "expires YYYY-MM-DD" where YYYY-MM-DD is not in the future.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 9271b4bb350532d953dcd39c3faa68ac440f734a
User & Date: drh 2015-09-24 02:03:35
Context
2015-09-25
00:02
Update the built-in SQLite to the 3.8.12 alpha that includes the ShmBarrier fix. check-in: 96e698d2 user: drh tags: trunk
2015-09-24
02:03
Do not allow a login to occur if the USER.INFO field contains the text "expires YYYY-MM-DD" where YYYY-MM-DD is not in the future. check-in: 9271b4bb user: drh tags: trunk
2015-09-20
18:17
merge "stash cat" check-in: ba9d3f08 user: bch tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/login.c.

214
215
216
217
218
219
220
221


222
223
224
225
226
227
228
  char *zSha1Pw = sha1_shared_secret(zPasswd, zUsername, 0);
  int const uid =
      db_int(0,
             "SELECT uid FROM user"
             " WHERE login=%Q"
             "   AND length(cap)>0 AND length(pw)>0"
             "   AND login NOT IN ('anonymous','nobody','developer','reader')"
             "   AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))",


             zUsername, zSha1Pw, zPasswd
             );
  free(zSha1Pw);
  return uid;
}

/*







|
>
>







214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
  char *zSha1Pw = sha1_shared_secret(zPasswd, zUsername, 0);
  int const uid =
      db_int(0,
             "SELECT uid FROM user"
             " WHERE login=%Q"
             "   AND length(cap)>0 AND length(pw)>0"
             "   AND login NOT IN ('anonymous','nobody','developer','reader')"
             "   AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))"
             "   AND (info NOT LIKE '%%expires 20%%'"
             "      OR substr(info,instr(lower(info),'expires')+8,10)>datetime('now'))",
             zUsername, zSha1Pw, zPasswd
             );
  free(zSha1Pw);
  return uid;
}

/*