summaryrefslogtreecommitdiffstats
path: root/web/lib/aur.inc
diff options
context:
space:
mode:
authorelij <elij.mx@gmail.com>2011-05-29 14:33:37 -0700
committerLukas Fleischer <archlinux@cryptocrack.de>2011-06-22 15:15:04 +0200
commit888db089c515270fd5cd9a9bedd217110f43bc4c (patch)
treee31d78b517c5b849a91c56883dcff179fd3c3164 /web/lib/aur.inc
parent023d2a2521306be2c68f7cf1514bfc50bb250c04 (diff)
downloadaurweb-888db089c515270fd5cd9a9bedd217110f43bc4c.tar.xz
rename *.inc files to *.inc.php and adjust imports and references
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/aur.inc')
-rw-r--r--web/lib/aur.inc593
1 files changed, 0 insertions, 593 deletions
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
deleted file mode 100644
index 1f7b71a..0000000
--- a/web/lib/aur.inc
+++ /dev/null
@@ -1,593 +0,0 @@
-<?php
-set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../template');
-header('Content-Type: text/html; charset=utf-8');
-header('Cache-Control: no-cache, must-revalidate');
-header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day
-header('Pragma: no-cache');
-
-date_default_timezone_set('UTC');
-
-include_once('translator.inc');
-set_lang();
-
-include_once("config.inc");
-include_once("version.inc");
-include_once("acctfuncs.inc");
-
-# Check if APC extension is loaded, and set cache prefix if it is.
-if (!defined('EXTENSION_LOADED_APC')) {
- define('EXTENSION_LOADED_APC', extension_loaded('apc'));
- define('APC_PREFIX', 'aur:');
-}
-
-# see if the visitor is already logged in
-#
-function check_sid() {
- global $_COOKIE;
- global $LOGIN_TIMEOUT;
-
- if (isset($_COOKIE["AURSID"])) {
- $failed = 0;
- # the visitor is logged in, try and update the session
- #
- $dbh = db_connect();
- $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
- $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
- $result = db_query($q, $dbh);
- if (mysql_num_rows($result) == 0) {
- # Invalid SessionID - hacker alert!
- #
- $failed = 1;
- } else {
- $row = mysql_fetch_row($result);
- $last_update = $row[0];
- if ($last_update + $LOGIN_TIMEOUT <= $row[1]) {
- $failed = 2;
- }
- }
-
- if ($failed == 1) {
- # clear out the hacker's cookie, and send them to a naughty page
- # why do you have to be so harsh on these people!?
- #
- setcookie("AURSID", "", 1, "/");
- unset($_COOKIE['AURSID']);
- } elseif ($failed == 2) {
- # session id timeout was reached and they must login again.
- #
- $q = "DELETE FROM Sessions WHERE SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
- db_query($q, $dbh);
-
- setcookie("AURSID", "", 1, "/");
- unset($_COOKIE['AURSID']);
- } else {
- # still logged in and haven't reached the timeout, go ahead
- # and update the idle timestamp
-
- # Only update the timestamp if it is less than the
- # current time plus $LOGIN_TIMEOUT.
- #
- # This keeps 'remembered' sessions from being
- # overwritten.
- if ($last_update < time() + $LOGIN_TIMEOUT) {
- $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
- $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'";
- db_query($q, $dbh);
- }
- }
- }
- return;
-}
-
-# verify that an email address looks like it is legitimate
-#
-function valid_email($addy) {
- return strpos($addy, '@');
-}
-
-# a new seed value for mt_srand()
-#
-function make_seed() {
- list($usec, $sec) = explode(' ', microtime());
- return (float) $sec + ((float) $usec * 10000);
-}
-
-# generate a (hopefully) unique session id
-#
-function new_sid() {
- mt_srand(make_seed());
- $ts = time();
- $pid = getmypid();
-
- $rand_num = mt_rand();
- mt_srand(make_seed());
- $rand_str = substr(md5(mt_rand()),2, 20);
-
- $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
- return strtoupper(md5($id));
-}
-
-
-# obtain the username if given their Users.ID
-#
-function username_from_id($id="") {
- if (!$id) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT Username FROM Users WHERE ID = " . mysql_real_escape_string($id);
- $result = db_query($q, $dbh);
- if (!$result) {
- return "None";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-
-# obtain the username if given their current SID
-#
-function username_from_sid($sid="") {
- if (!$sid) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT Username ";
- $q.= "FROM Users, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return "";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# obtain the email address if given their current SID
-#
-function email_from_sid($sid="") {
- if (!$sid) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT Email ";
- $q.= "FROM Users, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return "";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# obtain the account type if given their current SID
-# Return either "", "User", "Trusted User", "Developer"
-#
-function account_from_sid($sid="") {
- if (!$sid) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT AccountType ";
- $q.= "FROM Users, AccountTypes, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return "";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# obtain the Users.ID if given their current SID
-#
-function uid_from_sid($sid="") {
- if (!$sid) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT Users.ID ";
- $q.= "FROM Users, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return 0;
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# connect to the database
-#
-function db_connect() {
- $handle = mysql_connect(AUR_db_host, AUR_db_user, AUR_db_pass);
- if (!$handle) {
- die("Error connecting to AUR database: " . mysql_error());
- }
-
- mysql_select_db(AUR_db_name, $handle) or
- die("Error selecting AUR database: " . mysql_error());
-
- db_query("SET NAMES 'utf8' COLLATE 'utf8_general_ci';", $handle);
-
- return $handle;
-}
-
-# disconnect from the database
-# this won't normally be needed as PHP/reference counting will take care of
-# closing the connection once it is no longer referenced
-#
-function db_disconnect($db_handle="") {
- if ($db_handle) {
- mysql_close($db_handle);
- return TRUE;
- }
- return FALSE;
-}
-
-# wrapper function around db_query in case we want to put
-# query logging/debugging in.
-#
-function db_query($query="", $db_handle="") {
- if (!$query) {
- return FALSE;
- }
-
- if (!$db_handle) {
- die("DB handle was not provided to db_query");
- }
-
- if (SQL_DEBUG == 1) {
- $bt = debug_backtrace();
- error_log("DEBUG: ".$bt[0]['file'].":".$bt[0]['line']." query: $query\n");
- }
-
- $result = @mysql_query($query, $db_handle);
- if (!$result) {
- $bt = debug_backtrace();
- error_log("ERROR: near ".$bt[0]['file'].":".$bt[0]['line']." in query: $query\n -> ".mysql_error($db_handle));
- }
-
- return $result;
-}
-
-# Set a value in the cache (currently APC) if cache is available for use. If
-# not available, this becomes effectively a no-op (return value is
-# false). Accepts an optional TTL (defaults to 600 seconds).
-function set_cache_value($key, $value, $ttl=600) {
- $status = false;
- if (EXTENSION_LOADED_APC) {
- $status = apc_store(APC_PREFIX.$key, $value, $ttl);
- }
- return $status;
-}
-
-# Get a value from the cache (currently APC) if cache is available for use. If
-# not available, this returns false (optionally sets passed in variable $status
-# to false, much like apc_fetch() behaves). This allows for testing the fetch
-# result appropriately even in the event that a 'false' value was the value in
-# the cache.
-function get_cache_value($key, &$status=false) {
- if(EXTENSION_LOADED_APC) {
- $ret = apc_fetch(APC_PREFIX.$key, $status);
- if ($status) {
- return $ret;
- }
- }
- return $status;
-}
-
-# Run a simple db query, retrieving and/or caching the value if APC is
-# available for use. Accepts an optional TTL value (defaults to 600 seconds).
-function db_cache_value($dbq, $dbh, $key, $ttl=600) {
- $status = false;
- $value = get_cache_value($key, $status);
- if (!$status) {
- $result = db_query($dbq, $dbh);
- $row = mysql_fetch_row($result);
- $value = $row[0];
- set_cache_value($key, $value, $ttl);
- }
- return $value;
-}
-
-# set up the visitor's language
-#
-function set_lang() {
- global $LANG;
- global $SUPPORTED_LANGS;
- global $PERSISTENT_COOKIE_TIMEOUT;
- global $streamer, $l10n;
-
- $update_cookie = 0;
- if (isset($_REQUEST['setlang'])) {
- # visitor is requesting a language change
- #
- $LANG = $_REQUEST['setlang'];
- $update_cookie = 1;
-
- } elseif (isset($_COOKIE['AURLANG'])) {
- # If a cookie is set, use that
- #
- $LANG = $_COOKIE['AURLANG'];
-
- } elseif (isset($_COOKIE["AURSID"])) {
- # No language but a session; use default lang preference
- #
- $dbh = db_connect();
- $q = "SELECT LangPreference FROM Users, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'";
- $result = db_query($q, $dbh);
-
- if ($result) {
- $row = mysql_fetch_array($result);
- $LANG = $row[0];
- }
- $update_cookie = 1;
- }
-
- # Set $LANG to default if nothing is valid.
- if (!array_key_exists($LANG, $SUPPORTED_LANGS)) {
- $LANG = DEFAULT_LANG;
- }
-
- if ($update_cookie) {
- $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
- setcookie("AURLANG", $LANG, $cookie_time, "/");
- }
-
- $streamer = new FileReader('../locale/' . $LANG .
- '/LC_MESSAGES/aur.mo');
- $l10n = new gettext_reader($streamer, true);
-
- return;
-}
-
-
-# common header
-#
-function html_header($title="") {
- global $_SERVER;
- global $_COOKIE;
- global $_POST;
- global $LANG;
- global $SUPPORTED_LANGS;
-
- $login = try_login();
- $login_error = $login['error'];
-
- $title = htmlspecialchars($title, ENT_QUOTES);
-
- include('header.php');
- return;
-}
-
-
-# common footer
-#
-function html_footer($ver="") {
- include('footer.php');
- return;
-}
-
-# check to see if the user can submit a package
-#
-function can_submit_pkg($name="", $sid="") {
- if (!$name || !$sid) {return 0;}
- $dbh = db_connect();
- $q = "SELECT MaintainerUID ";
- $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'";
- $result = db_query($q, $dbh);
- if (mysql_num_rows($result) == 0) {return 1;}
- $row = mysql_fetch_row($result);
- $my_uid = uid_from_sid($sid);
-
- if ($row[0] === NULL || $row[0] == $my_uid) {
- return 1;
- }
-
- return 0;
-}
-
-# recursive delete directory
-#
-function rm_tree($dirname) {
- if (empty($dirname) || !is_dir($dirname)) return;
-
- foreach (scandir($dirname) as $item) {
- if ($item != '.' && $item != '..') {
- $path = $dirname . '/' . $item;
- if (is_file($path) || is_link($path)) {
- unlink($path);
- }
- else {
- rm_tree($path);
- }
- }
- }
-
- rmdir($dirname);
-
- return;
-}
-
-# Recursive chmod to set group write permissions
-#
-function chmod_group($path) {
- if (!is_dir($path))
- return chmod($path, 0664);
-
- $d = dir($path);
- while ($f = $d->read()) {
- if ($f != '.' && $f != '..') {
- $fullpath = $path.'/'.$f;
- if (is_link($fullpath))
- continue;
- elseif (!is_dir($fullpath)) {
- if (!chmod($fullpath, 0664))
- return FALSE;
- }
- elseif(!chmod_group($fullpath))
- return FALSE;
- }
- }
- $d->close();
-
- if(chmod($path, 0775))
- return TRUE;
- else
- return FALSE;
-}
-
-# obtain the uid given a Users.Username
-#
-function uid_from_username($username="")
-{
- if (!$username) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT ID FROM Users WHERE Username = '".mysql_real_escape_string($username)
- ."'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return "None";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# obtain the uid given a Users.Email
-#
-function uid_from_email($email="")
-{
- if (!$email) {
- return "";
- }
- $dbh = db_connect();
- $q = "SELECT ID FROM Users WHERE Email = '".mysql_real_escape_string($email)
- ."'";
- $result = db_query($q, $dbh);
- if (!$result) {
- return "None";
- }
- $row = mysql_fetch_row($result);
-
- return $row[0];
-}
-
-# check user privileges
-#
-function check_user_privileges()
-{
- $type = account_from_sid($_COOKIE['AURSID']);
- return ($type == 'Trusted User' || $type == 'Developer');
-}
-
-/**
- * Generate clean url with edited/added user values
- *
- * Makes a clean string of variables for use in URLs based on current $_GET and
- * list of values to edit/add to that. Any empty variables are discarded.
- *
- * ex. print "http://example.com/test.php?" . mkurl("foo=bar&bar=baz")
- *
- * @param string $append string of variables and values formatted as in URLs
- * ex. mkurl("foo=bar&bar=baz")
- * @return string clean string of variables to append to URL, urlencoded
- */
-function mkurl($append) {
- $get = $_GET;
- $append = explode('&', $append);
- $uservars = array();
- $out = '';
-
- foreach ($append as $i) {
- $ex = explode('=', $i);
- $uservars[$ex[0]] = $ex[1];
- }
-
- foreach ($uservars as $k => $v) { $get[$k] = $v; }
-
- foreach ($get as $k => $v) {
- if ($v !== '') {
- $out .= '&amp;' . urlencode($k) . '=' . urlencode($v);
- }
- }
-
- return substr($out, 5);
-}
-
-function get_salt($user_id)
-{
- $dbh = db_connect();
- $salt_q = "SELECT Salt FROM Users WHERE ID = " . $user_id;
- $result = db_query($salt_q, $dbh);
- if ($result) {
- $salt_row = mysql_fetch_row($result);
- return $salt_row[0];
- }
- return;
-}
-
-function save_salt($user_id, $passwd)
-{
- $dbh = db_connect();
- $salt = generate_salt();
- $hash = salted_hash($passwd, $salt);
- $salting_q = "UPDATE Users SET Salt = '" . $salt . "', " .
- "Passwd = '" . $hash . "' WHERE ID = " . $user_id;
- return db_query($salting_q, $dbh);
-}
-
-function generate_salt()
-{
- return md5(uniqid(mt_rand(), true));
-}
-
-function salted_hash($passwd, $salt)
-{
- if (strlen($salt) != 32) {
- trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
- }
- return md5($salt . $passwd);
-}
-
-function parse_comment($comment)
-{
- $url_pattern = '/(\b(?:https?|ftp):\/\/[\w\/\#~:.?+=&%@!\-;,]+?' .
- '(?=[.:?\-;,]*(?:[^\w\/\#~:.?+=&%@!\-;,]|$)))/iS';
-
- $matches = preg_split($url_pattern, $comment, -1,
- PREG_SPLIT_DELIM_CAPTURE);
-
- $html = '';
- for ($i = 0; $i < count($matches); $i++) {
- if ($i % 2) {
- # convert links
- $html .= '<a href="' . htmlspecialchars($matches[$i]) .
- '">' . htmlspecialchars($matches[$i]) . '</a>';
- }
- else {
- # convert everything else
- $html .= nl2br(htmlspecialchars($matches[$i]));
- }
- }
-
- return $html;
-}