summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgsubmit.php53
-rw-r--r--web/lib/aur.inc39
2 files changed, 83 insertions, 9 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fa8f3c7..21b0f94 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -21,11 +21,11 @@ if ($_COOKIE["AURSID"]) {
# first, see if this package already exists, and if it can be overwritten
#
- if (package_exists($_FILES["pfile"]["name"])) { # TODO write function
+ $pkg_exists = package_exists($_FILES["pfile"]["name"]);
+ if ($pkg_exists) {
# ok, it exists - should it be overwritten, and does the user have
# the permissions to do so?
#
- # TODO write 'can_overwrite_pkg' function
if (can_overwrite_pkg($_FILES["pfile"]["name"], $_COOKIE["AURSID"])) {
if (!$_REQUEST["overwrite"]) {
$error = __("You did not tag the 'overwrite' checkbox.");
@@ -36,7 +36,7 @@ if ($_COOKIE["AURSID"]) {
}
}
- if (!$error)) {
+ if (!$error) {
# no errors checking upload permissions, go ahead and try to process
# the uploaded package file.
#
@@ -58,10 +58,48 @@ if ($_COOKIE["AURSID"]) {
}
}
+ # at this point, we can safely create the directories, and update
+ # the database with the new package
+ #
+ # TODO extract the package contents and parse the included files
+ #
+
+
+ # update the backend database
+ #
+ $dbh = db_connect();
+ if ($pkg_exists) {
+
+ # this is an overwrite of an existing package, the database ID
+ # needs to be preserved so that any votes are retained. However,
+ # PackageDepends, PackageSources, and PackageContents can be
+ # purged.
+ #
+ $q = "SELECT * FROM Packages ";
+ $q.= "WHERE Name = '".mysql_escape_string($_FILES["pfile"]["name"])."'";
+ $result = db_query($q, $dbh);
+ $pdata = mysql_fetch_assoc($result);
+
+ # flush out old data that will be replaced with new data
+ #
+ $q = "DELETE FROM PackageContents WHERE PackageID = ".$pdata["ID"];
+ db_query($q, $dbh);
+ $q = "DELETE FROM PackageDepends WHERE PackageID = ".$pdata["ID"];
+ db_query($q, $dbh);
+ $q = "DELETE FROM PackageSources WHERE PackageID = ".$pdata["ID"];
+ db_query($q, $dbh);
+
+
+ } else {
+ # this is a brand new package
+ #
+ }
+
+
}
- if (!$_REQUEST["pkgsubmit"] || !$error)) {
+ if (!$_REQUEST["pkgsubmit"] || $error) {
# give the visitor the default upload form
#
if (ini_get("file_uploads")) {
@@ -93,15 +131,12 @@ if ($_COOKIE["AURSID"]) {
print __("No");
print " </td>\n";
print "</tr>\n";
- print "<tr>\n";
- print " <td align='center' colspan='2'>&nbsp;</td>\n";
- print "</tr>\n";
print "<tr>\n";
- print " <td align='right'>";
+ print " <td>&nbsp;</td>\n";
+ print " <td align='left'>";
print "<input class='button' type='submit' value='".__("Upload")."' />\n";
print "</td>\n";
- print " <td>&nbsp;</td>\n";
print "</tr>\n";
print "</table>\n";
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 0db5c12..f652b06 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -444,6 +444,45 @@ function dbug($msg) {
return;
}
+# check to see if the package name exists
+#
+function package_exists($name="") {
+ if (!$name) {return 0;}
+ $dbh = db_connect();
+ $q = "SELECT COUNT(*) FROM Packages ";
+ $q.= "WHERE Name = '".mysql_escape_string($name)."'";
+ $result = db_query($q, $dbh);
+ if (!$result) {return 0;}
+ $row = mysql_fetch_row($result);
+ return $row[0];
+}
+
+# check to see if the user can overwrite an existing package
+#
+function can_overwrite_pkg($name="", $sid="") {
+ if (!$name || !$sid) {return 0;}
+ $dbh = db_connect();
+ $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID ";
+ $q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'";
+ $result = db_query($q, $dbh);
+ if (!$result) {return 0;}
+ $row = mysql_fetch_row($result);
+ $my_uid = uid_from_sid($sid);
+
+ # user is a dev and maintains the package
+ #
+ if ($my_uid == $row[2]) {return 1;}
+
+ # user is a TU and there is no dev
+ #
+ if (!$row[2] && $my_uid == $row[1]) {return 1;}
+
+ # user is a user and there is no TU or dev
+ #
+ if (!$row[2] && !$row[1] && $my_uid == $row[0]) {return 1;}
+ return 0;
+}
+
# convert an ini_get number to a real integer - stupid PHP!
#
function initeger($inival="0", $isbytes=1) {