diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/html/pkgsubmit.php | 53 | ||||
-rw-r--r-- | web/lib/aur.inc | 39 |
2 files changed, 83 insertions, 9 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index fa8f3c7..21b0f94 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -21,11 +21,11 @@ if ($_COOKIE["AURSID"]) { # first, see if this package already exists, and if it can be overwritten # - if (package_exists($_FILES["pfile"]["name"])) { # TODO write function + $pkg_exists = package_exists($_FILES["pfile"]["name"]); + if ($pkg_exists) { # ok, it exists - should it be overwritten, and does the user have # the permissions to do so? # - # TODO write 'can_overwrite_pkg' function if (can_overwrite_pkg($_FILES["pfile"]["name"], $_COOKIE["AURSID"])) { if (!$_REQUEST["overwrite"]) { $error = __("You did not tag the 'overwrite' checkbox."); @@ -36,7 +36,7 @@ if ($_COOKIE["AURSID"]) { } } - if (!$error)) { + if (!$error) { # no errors checking upload permissions, go ahead and try to process # the uploaded package file. # @@ -58,10 +58,48 @@ if ($_COOKIE["AURSID"]) { } } + # at this point, we can safely create the directories, and update + # the database with the new package + # + # TODO extract the package contents and parse the included files + # + + + # update the backend database + # + $dbh = db_connect(); + if ($pkg_exists) { + + # this is an overwrite of an existing package, the database ID + # needs to be preserved so that any votes are retained. However, + # PackageDepends, PackageSources, and PackageContents can be + # purged. + # + $q = "SELECT * FROM Packages "; + $q.= "WHERE Name = '".mysql_escape_string($_FILES["pfile"]["name"])."'"; + $result = db_query($q, $dbh); + $pdata = mysql_fetch_assoc($result); + + # flush out old data that will be replaced with new data + # + $q = "DELETE FROM PackageContents WHERE PackageID = ".$pdata["ID"]; + db_query($q, $dbh); + $q = "DELETE FROM PackageDepends WHERE PackageID = ".$pdata["ID"]; + db_query($q, $dbh); + $q = "DELETE FROM PackageSources WHERE PackageID = ".$pdata["ID"]; + db_query($q, $dbh); + + + } else { + # this is a brand new package + # + } + + } - if (!$_REQUEST["pkgsubmit"] || !$error)) { + if (!$_REQUEST["pkgsubmit"] || $error) { # give the visitor the default upload form # if (ini_get("file_uploads")) { @@ -93,15 +131,12 @@ if ($_COOKIE["AURSID"]) { print __("No"); print " </td>\n"; print "</tr>\n"; - print "<tr>\n"; - print " <td align='center' colspan='2'> </td>\n"; - print "</tr>\n"; print "<tr>\n"; - print " <td align='right'>"; + print " <td> </td>\n"; + print " <td align='left'>"; print "<input class='button' type='submit' value='".__("Upload")."' />\n"; print "</td>\n"; - print " <td> </td>\n"; print "</tr>\n"; print "</table>\n"; diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 0db5c12..f652b06 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -444,6 +444,45 @@ function dbug($msg) { return; } +# check to see if the package name exists +# +function package_exists($name="") { + if (!$name) {return 0;} + $dbh = db_connect(); + $q = "SELECT COUNT(*) FROM Packages "; + $q.= "WHERE Name = '".mysql_escape_string($name)."'"; + $result = db_query($q, $dbh); + if (!$result) {return 0;} + $row = mysql_fetch_row($result); + return $row[0]; +} + +# check to see if the user can overwrite an existing package +# +function can_overwrite_pkg($name="", $sid="") { + if (!$name || !$sid) {return 0;} + $dbh = db_connect(); + $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID "; + $q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'"; + $result = db_query($q, $dbh); + if (!$result) {return 0;} + $row = mysql_fetch_row($result); + $my_uid = uid_from_sid($sid); + + # user is a dev and maintains the package + # + if ($my_uid == $row[2]) {return 1;} + + # user is a TU and there is no dev + # + if (!$row[2] && $my_uid == $row[1]) {return 1;} + + # user is a user and there is no TU or dev + # + if (!$row[2] && !$row[1] && $my_uid == $row[0]) {return 1;} + return 0; +} + # convert an ini_get number to a real integer - stupid PHP! # function initeger($inival="0", $isbytes=1) { |