Checklist

Check-in [0280010860]
Login

Check-in [0280010860]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update to make use of SAME_ORIGIN.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 0280010860a25b02bd9d8c44b85c41b43bf6fa54
User & Date: drh 2018-01-30 23:47:18.604
Context
2018-02-01
15:22
Tweaks to the checklist.tcl script so that it passes --lint and to enable a timeout on the database connection. check-in: aae9b15e00 user: drh tags: trunk
2018-01-30
23:47
Update to make use of SAME_ORIGIN. check-in: 0280010860 user: drh tags: trunk
20:39
Add a warning to the login page if the client is not sending Referer headers. check-in: 1e0662e9e3 user: drh tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to checklist.tcl.
141
142
143
144
145
146
147


148

149
150
151
152
153
154
155
  if {[checklist-common-header]} return
  if {[string match https:* [wapp-param BASE_URL]]==0
       && [wapp-param REMOTE_ADDR]!="127.0.0.1"} {
    wapp-subst {<p class="error">Login via HTTPS only</p>}
    checklist-common-footer
    return
  }


  if {[wapp-param-exists u] && [wapp-param-exists p]} {

    set u [wapp-param u]
    set p [wapp-param p]
    set px [db one {SELECT hex($p)}]
    set ok [db exists {SELECT 1 FROM config
                        WHERE name=('user-'||$u)
                          AND hex(value)=$px}]
    if {$ok} {







>
>
|
>







141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
  if {[checklist-common-header]} return
  if {[string match https:* [wapp-param BASE_URL]]==0
       && [wapp-param REMOTE_ADDR]!="127.0.0.1"} {
    wapp-subst {<p class="error">Login via HTTPS only</p>}
    checklist-common-footer
    return
  }
  if {[wapp-param SAME_ORIGIN]
   && [wapp-param-exists u]
   && [wapp-param-exists p]
  } {
    set u [wapp-param u]
    set p [wapp-param p]
    set px [db one {SELECT hex($p)}]
    set ok [db exists {SELECT 1 FROM config
                        WHERE name=('user-'||$u)
                          AND hex(value)=$px}]
    if {$ok} {
333
334
335
336
337
338
339

340
341
342
343
344
345
346
  wapp-mimetype text/javascript
  wapp-cache-control max-age=86400
  wapp {
    function cklistAjax(uri,data,callback){
      var xhttp = new XMLHttpRequest();
      xhttp.onreadystatechange = function(){
        if(xhttp.readyState!=4) return

        var jx = JSON.parse(xhttp.responseText);
        callback(jx);
      }
      if(data){
        xhttp.open("POST",uri,true);
        xhttp.setRequestHeader("Content-Type",
                               "application/x-www-form-urlencoded");







>







336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
  wapp-mimetype text/javascript
  wapp-cache-control max-age=86400
  wapp {
    function cklistAjax(uri,data,callback){
      var xhttp = new XMLHttpRequest();
      xhttp.onreadystatechange = function(){
        if(xhttp.readyState!=4) return
        if(!xhttp.responseText) return
        var jx = JSON.parse(xhttp.responseText);
        callback(jx);
      }
      if(data){
        xhttp.open("POST",uri,true);
        xhttp.setRequestHeader("Content-Type",
                               "application/x-www-form-urlencoded");