Category

Capabilities

Notes

User ID

Capabilities

Contact Info

if( g.perm.Admin && (zCap[0]!='s' || g.perm.Setup) ){ @ } @ %h(zLogin) if( g.perm.Admin ){ @ } @

%s(zCap)

%h(db_column_text(&s,3))

Privileges And Capabilities:

if( higherUser ){ @

@ User %h(zLogin) has Setup privileges and you only have Admin privileges @ so you are not permitted to make changes to %h(zLogin). @

@ } @

@ The Setup user can make arbitrary @ configuration changes. An Admin user @ can add other users and change user privileges @ and reset user passwords. Both automatically get all other privileges @ listed below. Use these two settings with discretion. @

@ @

@ The "•" mark @ indicates the privileges of nobody that @ are available to all users regardless of whether or not they are logged in. @

@ @

@ The "•" mark @ indicates the privileges of anonymous that @ are inherited by all logged-in users. @

@ @

@ The "•" mark @ indicates the privileges of developer that @ are inherited by all users with the @ Developer privilege. @

@ @

@ The "•" mark @ indicates the privileges of reader that @ are inherited by all users with the Reader @ privilege. @

@ @

@ The Delete privilege give the user the @ ability to erase wiki, tickets, and attachments that have been added @ by anonymous users. This capability is intended for deletion of spam. @ The delete capability is only in effect for 24 hours after the item @ is first posted. The Setup user can @ delete anything at any time. @

@ @

@ The Hyperlinks privilege allows a user @ to see most hyperlinks. This is recommended ON for most logged-in users @ but OFF for user "nobody" to avoid problems with spiders trying to walk @ every diff and annotation of every historical check-in and file. @

@ @

@ The Zip privilege allows a user to @ see the "download as ZIP" @ hyperlink and permits access to the /zip page. This allows @ users to download ZIP archives without granting other rights like @ Read or @ Hyperlink. The "z" privilege is recommended @ for user nobody so that automatic package @ downloaders can obtain the sources without going through the login @ procedure. @

@ @

@ The Check-in privilege allows remote @ users to "push". The Check-out privilege @ allows remote users to "pull". The Clone @ privilege allows remote users to "clone". @

@ @

@ The Read Wiki, @ New Wiki, @ Append Wiki, and @ Write Wiki privileges control access to wiki pages. The @ Read Ticket, @ New Ticket, @ Append Ticket, and @ Write Ticket privileges control access @ to trouble tickets. @ The Ticket Report privilege allows @ the user to create or edit ticket report formats. @

@ @

@ Users with the Password privilege @ are allowed to change their own password. Recommended ON for most @ users but OFF for special users developer, @ anonymous, @ and nobody. @

@ @

@ The EMail privilege allows the display of @ sensitive information such as the email address of users and contact @ information on tickets. Recommended OFF for @ anonymous and for @ nobody but ON for @ developer. @

@ @

@ The Attachment privilege is needed in @ order to add attachments to tickets or wiki. Write privilege on the @ ticket or wiki is also required. @

@ @

@ Login is prohibited if the password is an empty string. @

Special Logins

@ No login is required for user nobody. The @ capabilities of the nobody user are @ inherited by all users, regardless of whether or not they are logged in. @ To disable universal access to the repository, make sure no user named @ nobody exists or that the @ nobody user has no capabilities @ enabled. The password for nobody is ignore. @ To avoid problems with spiders overloading the server, it is recommended @ that the h (Hyperlinks) capability be @ turned off for the nobody user. @

@ @

@ Login is required for user anonymous but the @ password is displayed on the login screen beside the password entry box @ so anybody who can read should be able to login as anonymous. @ On the other hand, spiders and web-crawlers will typically not @ be able to login. Set the capabilities of the @ anonymous @ user to things that you want any human to be able to do, but not any @ spider. Every other logged-in user inherits the privileges of @ anonymous. @

@ @

@ The developer user is intended as a template @ for trusted users with check-in privileges. When adding new trusted users, @ simply select the developer privilege to @ cause the new user to inherit all privileges of the @ developer @ user. Similarly, the reader user is a @ template for users who are allowed more access than @ anonymous, @ but less than a developer. @

%s(zLabel)

%s(zErrMsg)

This repository (in the file named "%h(zSelfRepo)") @ is not currently part of any login-group. @ To join a login group, fill out the form below.

This repository (in the file "%h(zSelfRepo)") @ is currently part of the "%h(zGroup)" login group. @ Other repositories in that group are:

	Project Name	@	Repository File
%d(n).	@	%h(zTitle)		%h(zRepo)

Project Name

Repository File

%d(n).

%h(zTitle)

%h(zRepo)

login_insert_csrf_secret(); @ To leave this login group press @ @

} style_footer(); } /* ** WEBPAGE: setup_timeline */ void setup_timeline(void){ double tmDiff; char zTmDiff[20]; login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } style_header("Timeline Display Preferences"); db_begin_transaction(); @

login_insert_csrf_secret(); @

onoff_attribute("Allow block-markup in timeline", "timeline-block-markup", "tbm", 0); @

In timeline displays, check-in comments can be displayed with or @ without block markup (paragraphs, tables, etc.)

onoff_attribute("Plaintext comments on timelines", "timeline-plaintext", "tpt", 0); @

In timeline displays, check-in comments are displayed literally, @ without any wiki or HTML interpretation.

onoff_attribute("Use Universal Coordinated Time (UTC)", "timeline-utc", "utc", 1); @

Show times as UTC (also sometimes called Greenwich Mean Time (GMT) or @ Zulu) instead of in local time. On this server, local time is currently g.fTimeFormat = 2; tmDiff = db_double(0.0, "SELECT julianday('now')"); tmDiff = db_double(0.0, "SELECT (julianday(%.17g,'localtime')-julianday(%.17g))*24.0", tmDiff, tmDiff); sqlite3_snprintf(sizeof(zTmDiff), zTmDiff, "%.1f", tmDiff); if( strcmp(zTmDiff, "0.0")==0 ){ @ the same as UTC and so this setting will make no difference in @ the display.

}else if( tmDiff<0.0 ){ sqlite3_snprintf(sizeof(zTmDiff), zTmDiff, "%.1f", -tmDiff); @ %s(zTmDiff) hours behind UTC.

}else{ @ %s(zTmDiff) hours ahead of UTC.

} @

onoff_attribute("Show version differences by default", "show-version-diffs", "vdiff", 0); @

On the version-information pages linked from the timeline can either @ show complete diffs of all file changes, or can just list the names of @ the files that have changed. Users can get to either page by @ clicking. This setting selects the default.

entry_attribute("Max timeline comment length", 6, "timeline-max-comment", "tmc", "0"); @

The maximum length of a comment to be displayed in a timeline. @ "0" there is no length limit.

db_end_transaction(0); style_footer(); } /* ** WEBPAGE: setup_settings */ void setup_settings(void){ struct stControlSettings const *pSet; login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } style_header("Settings"); db_open_local(); db_begin_transaction(); @

This page provides a simple interface to the "fossil setting" command. @ See the "fossil help setting" output below for further information on @ the meaning of each setting.

login_insert_csrf_secret(); for(pSet=ctrlSettings; pSet->name!=0; pSet++){ if( pSet->width==0 ){ onoff_attribute(pSet->name, pSet->name, pSet->var!=0 ? pSet->var : pSet->name, is_truth(pSet->def)); if( pSet->versionable ){ @ (v)
} else { @
} } } @

for(pSet=ctrlSettings; pSet->name!=0; pSet++){ if( pSet->width!=0 && !pSet->versionable){ entry_attribute(pSet->name, /*pSet->width*/ 25, pSet->name, pSet->var!=0 ? pSet->var : pSet->name, (char*)pSet->def); @
} } @

for(pSet=ctrlSettings; pSet->name!=0; pSet++){ if( pSet->width!=0 && pSet->versionable){ textarea_attribute(pSet->name, /*rows*/ 3, /*cols*/ 20, pSet->name, pSet->var!=0 ? pSet->var : pSet->name, (char*)pSet->def); @ (v)
} } @

Settings marked with (v) are 'versionable' and will be overridden @ by the contents of files named .fossil-settings/PROPERTY.

@ These settings work in the same way, as the set @ commandline:
@

%s(zHelp_setting_cmd)

db_end_transaction(0); style_footer(); } /* ** WEBPAGE: setup_config */ void setup_config(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } style_header("WWW Configuration"); db_begin_transaction(); @

login_insert_csrf_secret(); @

entry_attribute("Project Name", 60, "project-name", "pn", ""); @

Give your project a name so visitors know what this site is about. @ The project name will also be used as the RSS feed title.

textarea_attribute("Project Description", 3, 80, "project-description", "pd", ""); @

Describe your project. This will be used in page headers for search @ engines as well as a short RSS description.

onoff_attribute("Enable WYSIWYG Wiki Editing", "wysiwyg-wiki", "wysiwyg-wiki", 0); @

Enable what-you-see-is-what-you-get (WYSIWYG) editing of wiki pages. @ The WYSIWYG editor generates HTML instead of markup, which makes @ subsequent manual editing more difficult.

entry_attribute("Index Page", 60, "index-page", "idxpg", "/home"); @

Enter the pathname of the page to display when the "Home" menu @ option is selected and when no pathname is @ specified in the URL. For example, if you visit the url:

@ @

%h(g.zBaseURL)

@ @

And you have specified an index page of "/home" the above will @ automatically redirect to:

@ @

%h(g.zBaseURL)/home

@ @

The default "/home" page displays a Wiki page with the same name @ as the Project Name specified above. Some sites prefer to redirect @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".

@ @

Note: To avoid a redirect loop or other problems, this entry must @ begin with "/" and it must specify a valid page. For example, @ "/home" will work but "home" will not, since it omits the @ leading "/".

onoff_attribute("Use HTML as wiki markup language", "wiki-use-html", "wiki-use-html", 0); @

Use HTML as the wiki markup language. Wiki links will still be parsed @ but all other wiki formatting will be ignored. This option is helpful @ if you have chosen to use a rich HTML editor for wiki markup such as @ TinyMCE.

CAUTION: when @ enabling, all HTML tags and attributes are accepted in the wiki. @ No sanitization is done. This means that it is very possible for malicious @ users to inject dangerous HTML, CSS and JavaScript code into your wiki.

This should only be enabled when wiki editing is limited @ to trusted users. It should not be used on a publically @ editable wiki.

db_end_transaction(0); style_footer(); } /* ** WEBPAGE: setup_editcss */ void setup_editcss(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); if( P("clear")!=0 ){ db_multi_exec("DELETE FROM config WHERE name='css'"); cgi_replace_parameter("css", zDefaultCSS); db_end_transaction(0); cgi_redirect("setup_editcss"); } if( P("submit")!=0 ){ textarea_attribute(0, 0, 0, "css", "css", zDefaultCSS); db_end_transaction(0); cgi_redirect("setup_editcss"); } style_header("Edit CSS"); @ @

Note: Press your browser Reload button after @ modifying the CSS in order to pull in the modified CSS file.

@ The default CSS is shown below for reference. Other examples @ of CSS files can be seen on the skins page. @ See also the header and @ footer editing screens. @

  cgi_append_default_css();
  @

style_footer(); db_end_transaction(0); } /* ** WEBPAGE: setup_header */ void setup_header(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); if( P("clear")!=0 ){ db_multi_exec("DELETE FROM config WHERE name='header'"); cgi_replace_parameter("header", zDefaultHeader); }else if( P("submit")!=0 ){ textarea_attribute(0, 0, 0, "header", "header", zDefaultHeader); }else if( P("fixbase")!=0 ){ const char *z = db_get("header", (char*)zDefaultHeader); char *zHead = strstr(z, ""); if( strstr(z, "\n%s", zHead+6-z, z, zTail); cgi_replace_parameter("header", zNew); db_set("header", zNew, 0); } } style_header("Edit Page Header"); @ @

@ The default header is shown below for reference. Other examples @ of headers can be seen on the skins page. @ See also the CSS and @ footer editing screeens. @

  @ %h(zDefaultHeader)
  @

style_footer(); db_end_transaction(0); } /* ** WEBPAGE: setup_footer */ void setup_footer(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); if( P("clear")!=0 ){ db_multi_exec("DELETE FROM config WHERE name='footer'"); cgi_replace_parameter("footer", zDefaultFooter); } style_header("Edit Page Footer"); @ @

@ The default footer is shown below for reference. Other examples @ of footers can be seen on the skins page. @ See also the CSS and @ header editing screens. @

  @ %h(zDefaultFooter)
  @

style_footer(); db_end_transaction(0); } /* ** WEBPAGE: setup_modreq */ void setup_modreq(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } style_header("Moderator For Wiki And Tickets"); db_begin_transaction(); @

login_insert_csrf_secret(); @

onoff_attribute("Moderate ticket changes", "modreq-tkt", "modreq-tkt", 0); @

When enabled, any change to tickets is subject to the approval @ a ticket moderator - a user with the "q" or Mod-Tkt privilege. @ Ticket changes enter the system and are shown locally, but are not @ synced until they are approved. The moderator has the option to @ delete the change rather than approve it. Ticket changes made by @ a user who hwas the Mod-Tkt privilege are never subject to @ moderation. @ @

onoff_attribute("Moderate wiki changes", "modreq-wiki", "modreq-wiki", 0); @

When enabled, any change to wiki is subject to the approval @ a ticket moderator - a user with the "l" or Mod-Wiki privilege. @ Wiki changes enter the system and are shown locally, but are not @ synced until they are approved. The moderator has the option to @ delete the change rather than approve it. Wiki changes made by @ a user who has the Mod-Wiki privilege are never subject to @ moderation. @

db_end_transaction(0); style_footer(); } /* ** WEBPAGE: setup_adunit */ void setup_adunit(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); if( P("clear")!=0 ){ db_multi_exec("DELETE FROM config WHERE name GLOB 'adunit*'"); cgi_replace_parameter("adunit",""); } style_header("Edit Ad Unit"); @ style_footer(); db_end_transaction(0); } /* ** WEBPAGE: setup_logo */ void setup_logo(void){ const char *zLogoMime = db_get("logo-mimetype","image/gif"); const char *aLogoImg = P("logoim"); int szLogoImg = atoi(PD("logoim:bytes","0")); const char *zBgMime = db_get("background-mimetype","image/gif"); const char *aBgImg = P("bgim"); int szBgImg = atoi(PD("bgim:bytes","0")); if( szLogoImg>0 ){ zLogoMime = PD("logoim:mimetype","image/gif"); } if( szBgImg>0 ){ zBgMime = PD("bgim:mimetype","image/gif"); } login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); if( P("setlogo")!=0 && zLogoMime && zLogoMime[0] && szLogoImg>0 ){ Blob img; Stmt ins; blob_init(&img, aLogoImg, szLogoImg); db_prepare(&ins, "REPLACE INTO config(name,value,mtime)" " VALUES('logo-image',:bytes,now())" ); db_bind_blob(&ins, ":bytes", &img); db_step(&ins); db_finalize(&ins); db_multi_exec( "REPLACE INTO config(name,value,mtime) VALUES('logo-mimetype',%Q,now())", zLogoMime ); db_end_transaction(0); cgi_redirect("setup_logo"); }else if( P("clrlogo")!=0 ){ db_multi_exec( "DELETE FROM config WHERE name IN " "('logo-image','logo-mimetype')" ); db_end_transaction(0); cgi_redirect("setup_logo"); }else if( P("setbg")!=0 && zBgMime && zBgMime[0] && szBgImg>0 ){ Blob img; Stmt ins; blob_init(&img, aBgImg, szBgImg); db_prepare(&ins, "REPLACE INTO config(name,value,mtime)" " VALUES('background-image',:bytes,now())" ); db_bind_blob(&ins, ":bytes", &img); db_step(&ins); db_finalize(&ins); db_multi_exec( "REPLACE INTO config(name,value,mtime)" " VALUES('background-mimetype',%Q,now())", zBgMime ); db_end_transaction(0); cgi_redirect("setup_logo"); }else if( P("clrbg")!=0 ){ db_multi_exec( "DELETE FROM config WHERE name IN " "('background-image','background-mimetype')" ); db_end_transaction(0); cgi_redirect("setup_logo"); } style_header("Edit Project Logo And Background"); @

The current project logo has a MIME-Type of %h(zLogoMime) @ and looks like this:

@

@ @ @

@ @

The current background image has a MIME-Type of %h(zBgMime) @ and looks like this:

@

@ @ @

@ @

Note: Your browser has probably cached these @ images, so you may need to press the Reload button before changes will @ take effect.

style_footer(); db_end_transaction(0); } /* ** Prevent the RAW SQL feature from being used to ATTACH a different ** database and query it. ** ** Actually, the RAW SQL feature only does a single statement per request. ** So it is not possible to ATTACH and then do a separate query. This ** routine is not strictly necessary, therefore. But it does not hurt ** to be paranoid. */ int raw_sql_query_authorizer( void *pError, int code, const char *zArg1, const char *zArg2, const char *zArg3, const char *zArg4 ){ if( code==SQLITE_ATTACH ){ return SQLITE_DENY; } return SQLITE_OK; } /* ** WEBPAGE: admin_sql ** ** Run raw SQL commands against the database file using the web interface. */ void sql_page(void){ const char *zQ = P("q"); int go = P("go")!=0; login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); style_header("Raw SQL Commands"); @

Caution: There are no restrictions on the SQL that can be @ run by this page. You can do serious and irrepairable damage to the @ repository. Proceed with extreme caution.

@ @

Only a the first statement in the entry box will be run. @ Any subsequent statements will be silently ignored.

@ @

Database names:

repository → %s(db_name("repository")) if( g.zConfigDbName ){ @
config → %s(db_name("configdb")) } if( g.localOpen ){ @
local-checkout → %s(db_name("localdb")) } @

@ @ if( P("schema") ){ zQ = sqlite3_mprintf( "SELECT sql FROM %s.sqlite_master WHERE sql IS NOT NULL", db_name("repository")); go = 1; }else if( P("tablelist") ){ zQ = sqlite3_mprintf( "SELECT name FROM %s.sqlite_master WHERE type='table'" " ORDER BY name", db_name("repository")); go = 1; } if( go ){ sqlite3_stmt *pStmt; int rc; const char *zTail; int nCol; int nRow = 0; int i; @

login_verify_csrf_secret(); sqlite3_set_authorizer(g.db, raw_sql_query_authorizer, 0); rc = sqlite3_prepare_v2(g.db, zQ, -1, &pStmt, &zTail); if( rc!=SQLITE_OK ){ @

%h(sqlite3_errmsg(g.db))

sqlite3_finalize(pStmt); }else if( pStmt==0 ){ /* No-op */ }else if( (nCol = sqlite3_column_count(pStmt))==0 ){ sqlite3_step(pStmt); rc = sqlite3_finalize(pStmt); if( rc ){ @

%h(sqlite3_errmsg(g.db))

} }else{ @ while( sqlite3_step(pStmt)==SQLITE_ROW ){ if( nRow==0 ){ @ for(i=0; i%h(sqlite3_column_name(pStmt, i)) } @ } nRow++; @ for(i=0; i @ %s(sqlite3_column_text(pStmt, i)) break; } case SQLITE_NULL: { @ break; } case SQLITE_TEXT: { const char *zText = (const char*)sqlite3_column_text(pStmt, i); @ break; } case SQLITE_BLOB: { @ break; } } } @ } sqlite3_finalize(pStmt); @

NULL

%h(zText)

@ %d(sqlite3_column_bytes(pStmt, i))-byte BLOB

} } style_footer(); } /* ** WEBPAGE: admin_th1 ** ** Run raw TH1 commands using the web interface. If Tcl integration was ** enabled at compile-time and the "tcl" setting is enabled, Tcl commands ** may be run as well. */ void th1_page(void){ const char *zQ = P("q"); int go = P("go")!=0; login_check_credentials(); if( !g.perm.Setup ){ login_needed(); } db_begin_transaction(); style_header("Raw TH1 Commands"); @

Caution: There are no restrictions on the TH1 that can be @ run by this page. If Tcl integration was enabled at compile-time and @ the "tcl" setting is enabled, Tcl commands may be run as well.

@ @ if( go ){ const char *zR; int rc; int n; @

login_verify_csrf_secret(); rc = Th_Eval(g.interp, 0, zQ, -1); zR = Th_GetResult(g.interp, &n); if( rc==TH_OK ){ @

%h(zR)

}else{ @

%h(zR)

} } style_footer(); }

Repository filename in group to join:		@
Login on the above repo:		@
Password:		@
Name of login-group:		@ @ (only used if creating a new login-group).
@