summaryrefslogtreecommitdiffstats
path: root/web/html
AgeCommit message (Collapse)AuthorFilesLines
2012-09-18index.php: Fix undefined variable noticeLukas Fleischer1-1/+4
Spotted when browsing the package details page while being logged out. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Overhaul ability to edit own accountcanyonknight2-26/+11
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user account update pagecanyonknight1-0/+2
The "UpdateAccount" page displays information as to whether an account update was successful. All POST account info goes to this page, so use it with sane URLs. Before: AUR_URL/account/?Action=UpdateAccount&U=userfoo After: AUR_URL/account/userfoo/update Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user editing pagecanyonknight1-1/+9
Allows for easier account editing and saner URLs. Update account editing links to use new URL. Before: AUR_URL/account/?Action=DisplayAccount&U=userfoo After: AUR_URL/account/userfoo/edit Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user info pagecanyonknight2-1/+7
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Remove unused image "titlelogo.png"canyonknight1-0/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use the "new" icon from archweb for the recent updates tablecanyonknight3-2/+2
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18logout.php: Fix PHP undefined variable noticecanyonknight1-1/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23Fix broken package search on front pagecanyonknight1-1/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23Print error message when maximum DB character length is exceededcanyonknight1-6/+29
Packages can currently be submitted with variables longer than the maximum allowed by the DB for that specific field. The string will be shortened without informing the user. This can result in unexpected oddities on submitted packages. Print error messages informing the user when the package name, URL, description, license, or version is too long. Also move the resolution of full package version (including epoch) to an earlier point in pkgsubmit.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23pkgsubmit.php: Make page friendlier for logged out userscanyonknight1-4/+4
Logged out users who navigate to /submit currently reach a page with only an error message. This adds the full navigation bar for users who errantly reach /submit before logging in. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18Use virtual paths for voters pageLukas Fleischer1-0/+6
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a get parameter to request a specific package by ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18voters.php: Use "<ul></ul>" for the list of votersLukas Fleischer1-5/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18voters.php: Do not re-include librariesLukas Fleischer1-2/+2
Use include_once() instead of include(). Otherwise, a fatal error is shown if the virtual path feature is used since "web/lib/aur.inc.php" is already included in the routing front end. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17routing.inc.php: rtrim() path in get_route()Lukas Fleischer1-1/+1
Return the correct route -- even if a "/" is appended to the URI. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17aur.inc.php: Include routing backendLukas Fleischer1-2/+0
This needs to be available on every page since it is needed for get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if the virtual path feature is disabled. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Add virtual path support for package actionsLukas Fleischer1-1/+31
This allows for using following URLs: * /package/$pkg_name/flag: Flag a package out-of-date * /package/$pkg_name/unflag: Unflag a package * /package/$pkg_name/notify: Enable comment notifications * /package/$pkg_name/unnotify: Disable comment notifications * /package/$pkg_name/vote: Vote for the package * /package/$pkg_name/unvote: Remove vote Note that this code is very hackish and should be refactored once we drop support for legacy URLs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15web/html/pkgsubmit.php: Remove stray "</div>"Lukas Fleischer1-1/+1
Regression introduced in f3ce74c714e3460bb3e3e786f626e397d3139062 when resolving conflicts. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer3-3/+11
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer8-16/+16
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Add routing front/back endsLukas Fleischer2-120/+155
This adds a URL mapping library that can be used to implement virtual paths. Also, "web/html/index.php" is moved to "web/html/home.php" and "web/html/index.php" becomes a routing front end that maps virtual paths to corresponding files. To enable the virtual path feature, all requests need to be redirected to the "index.php" routing script. If you use lighttpd, following rewrite rule can be used: url.rewrite = ( "^(.*)$" => "/index.php/$1" ) A similar rule can be used for Apache (using mod_rewrite). Note that the current routing front end only works if PATH_INFO is provided. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer5-43/+56
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-14pkgsubmit.php: Refactor source processing to fix PHP noticecanyonknight1-3/+3
A foreach() being run without checking to see if the uploaded PKGBUILD had any sources now no longer causes an undefined index notice when there are no sources. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-11tu.php: Fix PHP notice for "hasvoted" variablecanyonknight1-0/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-11pkgsubmit.php: Remove stray "</div>" tagcanyonknight1-1/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-09Update archweb stylesheetLukas Fleischer1-51/+119
Pull in the latest changes from the archweb Git repository. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-08Remove legacy CSSLukas Fleischer3-728/+0
We completely switched to using the archweb stylesheet (with some custom extensions in "aur.css"). The old CSS files are no longer needed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Move XHTML to account_details.php templatecanyonknight1-3/+1
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of the display_account_info function that echoes the code, and moves it to the new account_details.php template file. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkgsubmit.php: Improve file upload error messagescanyonknight1-2/+17
* Currently, $_FILES showing a filesize of zero is interpreted as no file was uploaded, despite other errors potentially being the cause. * The $_FILES superglobal stores what the actual error was, so use it. This includes file write problems, empty uploads, partial uploads, and upload_max_filesize being exceeded. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06rss.php: Pull out DB codecanyonknight1-6/+2
* Move DB code in rss.php to new function in aur.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Pull out DB code from trusted user pagecanyonknight1-54/+14
* Move DB code in tu.php and tu.php and tu_list.php to new functions in accfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06account.php: Pull out DB codecanyonknight1-34/+10
* Move DB code in account.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface * Consolidate redudant SQL statements from DisplayAccount and AccountInfo * Consolidation also adds ability to edit accounts based on username Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkgsubmit.php: Pull out DB codecanyonknight1-48/+11
* Move DB code in pkgsubmit.php to new functions in aur.inc.php and pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06passreset.php: Pull out DB codecanyonknight1-22/+3
* Move DB code in passreset.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06logout.php: Pull out DB codecanyonknight1-4/+4
* Move DB code for removing a session in logout.php to a new function in acctfuncs.inc.php * Add ability for clear_expired_sessions function to check for DB connection * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06addvote.php: Pull out DB codecanyonknight1-27/+4
* Verifying a username exists should use already present valid_user function * Create new functions in acctfuncs.inc.php with SQL queries from addvote.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06voters.php: Pull out DB codecanyonknight1-13/+2
* Create new function in pkgfuncs.inc.php with SQL queries from voters.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Move language selection to a drop-down listLukas Fleischer1-0/+3
Move all languages to a select container to save some space. Language selection is a rarely used feature, so there's no need to make this a one click option. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Move login form to a separate pageLukas Fleischer1-0/+55
Do not show the login form on every page. Move it to a separate login page and add a link to the navigation bar. Also, add a logout link for logged-in users. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06passreset.php: Overhaul to match archwebcanyonknight1-45/+42
* Switch to CSS used by archweb * General fixups in XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul account pages to match archwebcanyonknight1-3/+1
* Use CSS from archweb * General clean-up of XHTML formatting Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06addvote.php: Overhaul to match archwebcanyonknight1-23/+25
* Switch CSS over to archweb styling * General clean-up of XHTML * Set proposal box size to something more sane for a default Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul trusted user proposal page to match archwebcanyonknight1-11/+14
* Change all boxes and other CSS to match archweb * General fixups in XHTML formatting * Change results table to match color scheme everywhere else Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Refactor package submission formLukas Fleischer1-28/+24
* Adjust style to match the overall layout. * Use proper HTML tags and double quotes. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06voters.php: Overhaul to match archwebcanyonknight1-15/+17
* Currently voters.php has no navigation links and/or styling. This patch adds the appropriate styling * User PHP alternative syntax for control structures * Change a variable name to more frequently used "atype" * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06index.php: Overhaul to match archwebcanyonknight1-62/+103
* Switch to CSS used by archweb * Move package search to a smaller box to match the style of the main site * Add text describing mailing list and bug tracker. Eventually remove those associated nav bar links. * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Remove all traces of "pgboxtitle"Lukas Fleischer5-11/+5
Using a div container to format heading is ridiculous. Use "<h2></h2>" instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Add archweb style sheetLukas Fleischer2-0/+985
* Add "archweb.css" from the master branch of archweb. We will use this as base style sheet in the future. * Add "aur.css" for AUR-specific extensions to "archweb.css". * Remove the "archnavbar.css" link from the header template since this is included in "archweb.css". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Be consistent in PHP logical operator usagecanyonknight2-3/+3
A mix of logical operator styles are currently in use. The predominant style uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency is minor, but is easily avoided. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight5-44/+61
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>