summaryrefslogtreecommitdiffstats
path: root/web/lib/aur.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib/aur.inc.php')
-rw-r--r--web/lib/aur.inc.php152
1 files changed, 60 insertions, 92 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 8b9f31e..1a6164e 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -52,9 +52,7 @@ function check_sid($dbh=NULL) {
} elseif ($failed == 2) {
# session id timeout was reached and they must login again.
#
- $q = "DELETE FROM Sessions WHERE SessionID = '";
- $q.= db_escape_string($_COOKIE["AURSID"]) . "'";
- db_query($q, $dbh);
+ delete_session_id($_COOKIE["AURSID"], $dbh);
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
@@ -90,14 +88,18 @@ function check_token() {
# verify that an email address looks like it is legitimate
#
function valid_email($addy) {
- return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false);
-}
+ // check against RFC 3696
+ if (filter_var($addy, FILTER_VALIDATE_EMAIL) === false) {
+ return false;
+ }
-# a new seed value for mt_srand()
-#
-function make_seed() {
- list($usec, $sec) = explode(' ', microtime());
- return (float) $sec + ((float) $usec * 10000);
+ // check dns for mx, a, aaaa records
+ list($local, $domain) = explode('@', $addy);
+ if (!(checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) {
+ return false;
+ }
+
+ return true;
}
# generate a (hopefully) unique session id
@@ -282,77 +284,11 @@ function db_query($query="", $db_handle="") {
return $result;
}
-# set up the visitor's language
-#
-function set_lang($dbh=NULL) {
- global $LANG;
- global $SUPPORTED_LANGS;
- global $PERSISTENT_COOKIE_TIMEOUT;
- global $streamer, $l10n;
-
- $update_cookie = 0;
- if (isset($_REQUEST['setlang'])) {
- # visitor is requesting a language change
- #
- $LANG = $_REQUEST['setlang'];
- $update_cookie = 1;
-
- } elseif (isset($_COOKIE['AURLANG'])) {
- # If a cookie is set, use that
- #
- $LANG = $_COOKIE['AURLANG'];
-
- } elseif (isset($_COOKIE["AURSID"])) {
- # No language but a session; use default lang preference
- #
- if(!$dbh) {
- $dbh = db_connect();
- }
- $q = "SELECT LangPreference FROM Users, Sessions ";
- $q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '";
- $q.= db_escape_string($_COOKIE["AURSID"])."'";
- $result = db_query($q, $dbh);
-
- if ($result) {
- $row = mysql_fetch_array($result);
- $LANG = $row[0];
- }
- $update_cookie = 1;
- }
-
- # Set $LANG to default if nothing is valid.
- if (!array_key_exists($LANG, $SUPPORTED_LANGS)) {
- $LANG = DEFAULT_LANG;
- }
-
- if ($update_cookie) {
- $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
- setcookie("AURLANG", $LANG, $cookie_time, "/");
- }
-
- $streamer = new FileReader('../locale/' . $LANG .
- '/LC_MESSAGES/aur.mo');
- $l10n = new gettext_reader($streamer, true);
-
- return;
-}
-
-
# common header
#
function html_header($title="") {
- global $_SERVER;
- global $_COOKIE;
- global $_POST;
global $LANG;
global $SUPPORTED_LANGS;
- global $DISABLE_HTTP_LOGIN;
-
- if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
- $login = try_login();
- $login_error = $login['error'];
- }
$title = htmlspecialchars($title, ENT_QUOTES);
@@ -441,8 +377,7 @@ function chmod_group($path) {
# obtain the uid given a Users.Username
#
-function uid_from_username($username="", $dbh=NULL)
-{
+function uid_from_username($username="", $dbh=NULL) {
if (!$username) {
return "";
}
@@ -462,8 +397,7 @@ function uid_from_username($username="", $dbh=NULL)
# obtain the uid given a Users.Email
#
-function uid_from_email($email="", $dbh=NULL)
-{
+function uid_from_email($email="", $dbh=NULL) {
if (!$email) {
return "";
}
@@ -483,8 +417,7 @@ function uid_from_email($email="", $dbh=NULL)
# check user privileges
#
-function check_user_privileges()
-{
+function check_user_privileges() {
$type = account_from_sid($_COOKIE['AURSID']);
return ($type == 'Trusted User' || $type == 'Developer');
}
@@ -523,8 +456,7 @@ function mkurl($append) {
return substr($out, 5);
}
-function get_salt($user_id, $dbh=NULL)
-{
+function get_salt($user_id, $dbh=NULL) {
if(!$dbh) {
$dbh = db_connect();
}
@@ -537,8 +469,7 @@ function get_salt($user_id, $dbh=NULL)
return;
}
-function save_salt($user_id, $passwd, $dbh=NULL)
-{
+function save_salt($user_id, $passwd, $dbh=NULL) {
if(!$dbh) {
$dbh = db_connect();
}
@@ -549,21 +480,18 @@ function save_salt($user_id, $passwd, $dbh=NULL)
return db_query($salting_q, $dbh);
}
-function generate_salt()
-{
+function generate_salt() {
return md5(uniqid(mt_rand(), true));
}
-function salted_hash($passwd, $salt)
-{
+function salted_hash($passwd, $salt) {
if (strlen($salt) != 32) {
trigger_error('Salt does not look like an md5 hash', E_USER_WARNING);
}
return md5($salt . $passwd);
}
-function parse_comment($comment)
-{
+function parse_comment($comment) {
$url_pattern = '/(\b(?:https?|ftp):\/\/[\w\/\#~:.?+=&%@!\-;,]+?' .
'(?=[.:?\-;,]*(?:[^\w\/\#~:.?+=&%@!\-;,]|$)))/iS';
@@ -585,3 +513,43 @@ function parse_comment($comment)
return $html;
}
+
+function begin_atomic_commit($dbh=NULL) {
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
+ db_query("BEGIN", $dbh);
+}
+
+function end_atomic_commit($dbh=NULL) {
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
+ db_query("COMMIT", $dbh);
+}
+
+function last_insert_id($dbh=NULL) {
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
+ return mysql_insert_id($dbh);
+}
+
+function latest_pkgs($numpkgs, $dbh=NULL) {
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
+
+ $q = "SELECT * FROM Packages ";
+ $q.= "ORDER BY SubmittedTS DESC ";
+ $q.= "LIMIT " .intval($numpkgs);
+ $result = db_query($q, $dbh);
+
+ if ($result) {
+ while ($row = mysql_fetch_assoc($result)) {
+ $packages[] = $row;
+ }
+ }
+
+ return $packages;
+}