summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc
AgeCommit message (Collapse)AuthorFilesLines
2011-05-17fix case where user does not existelij1-0/+3
the query was being performed when $id was not set, resulting in an invalid sql query being performed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17test return value from db_query before assuming it is validelij1-24/+35
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: treat all UID/ID values as numbers, not stringsDan McGee1-9/+9
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: use standard LIMIT/OFFSET syntaxDan McGee1-1/+1
Increases compatibility with standard SQL dialect. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Pass array_map() callback function properly.Lukas Fleischer1-1/+1
PHP requires callback functions to be passed as strings. Fix this to supress PHP notices. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Remove "New Package Notify" option from user account settings.Lukas Fleischer1-27/+6
Do this in preparation for the upcoming notification script removal. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-38/+41
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-10More PHP Notice undefined fixupsDan McGee1-1/+2
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Fix PHP notices in account pagesDan McGee1-0/+8
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure users can be deleted when foreign keys are presentDan McGee1-1/+0
This change is necessary to prevent this: mysql> delete from Users where ID = 112; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`aur`.`Packages`, CONSTRAINT `Packages_ibfk_2` FOREIGN KEY (`SubmitterUID`) REFERENCES `Users` (`ID`) ON DELETE NO ACTION) As a bonus, due to foreign keys, orphaning of packages will be automatic. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Add a per-user session limit (fixes FS#12898).Lukas Fleischer1-1/+15
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Make persistent cookie timeout configurable via "config.inc" (FS#22994).Lukas Fleischer1-1/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-10-09acctfuncs: Make message translatable.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-10-02Fixing XSS vulnerabilityViktor Leonhardt1-15/+15
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-17Support for storing salted passwordsDenis1-20/+38
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-02-21acctfuncs: Fix some whitespace and formatting.Loui Chang1-40/+36
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-25Remove excess whitespace.Loui Chang1-3/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-31Get db connection for accounts search results.Loui Chang1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-22Really make all web paths relative.Loui Chang1-4/+4
I forgot about the forms. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-1/+1
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Make all web paths relative.Loui Chang1-2/+2
The site no longer needs to be hosted from the root of a domain, or virtual host. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-12-12Quell missing argument warning in clear_expired_sessions().Loui Chang1-1/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-25Make remembered sessions actually save themselves.Loui Chang1-3/+11
Also clean up a notice in index.php Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-13Clear out old expired sessions on log out.Loui Chang1-2/+12
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-08Remember user between sessions.Andrea Scarpino1-1/+6
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-07Fix logging in from package pageCallan Barrett1-1/+1
Patch by: BaSh <bash.lnx@gmail.com> Adds query string to url when logging in Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-04-03Fix some string translation problems in acctfuncsLoui Chang1-12/+13
update a few others to new usage Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Changed valid_passwd() to check for non-empty password instead of good_passwd()Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Put login into its own function.Loui Chang1-1/+0
Utilise login form template. Also cleaned up a couple notices. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-19Several functions added to web/lib/acctfuncs.inc Weeere back!Loui Chang1-4/+211
try_login() to login users valid_username() checks if a new username fits criteria valid_user() checks if the user exists in the database good_passwd() only checks for minimum password length for now. can be later expanded to tell a user to make a stronger password. valid_passwd() checks if the password for the specified user is correct user_suspended() checks if the user is suspended (or not) user_delete() deletes a user (it doesn't orphan PKGs yet though) user_is_privileged() returns privilege level User (0) TU (2) Dev (3) of user ID. 0 is used for a regular user for ease in conditionals. Also: Enforce proper usernames on account creation or editing Fix bug where $SUPPORTED_LANGS needs to be reset on account creation Fix bug where an account could be created with an empty passwd Display (required) beside password fields on account creation Enforce good_passwd() on account creation TUs and Devs can edit a user to have a username that doesn't conform to the standard valid_username(). This is to allow them to edit old accounts without messing up the user name. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-01-19Revert "Several functions added to web/lib/acctfuncs.inc"Loui Chang1-191/+4
This has a couple of bugs I just discovered arrgh. We shall return This reverts commit 5e7e9f1b21d8803c718ac8551f8e0e25709fcd6f.
2008-01-19Several functions added to web/lib/acctfuncs.incLoui Chang1-4/+191
try_login() to login users valid_username() checks if a new username fits criteria valid_user() checks if the user exists in the database good_passwd() only checks for minimum password length for now. can be later expanded to tell a user to make a stronger password. valid_passwd() checks if the password for the specified user is correct user_suspended() checks if the user is suspended (or not) user_delete() deletes a user Also: Enforce proper usernames on account creation Fix bug where $SUPPORTED_LANGS needs to be reset on account creation Fix bug where an account could be created with an empty passwd Display (required) beside password fields on account creation Enforce good_passwd() on account creation Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-01-19search_accounts_form() output is put into a templateLoui Chang1-68/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-09-20patch from eliott to convert all <? to <?phppjmattal1-1/+1
2007-09-20- Applied a patch from Loui to fix session removal.swiergot1-18/+18
- Replaced all occurences of mysql_escape_string() with mysql_real_escape_string().
2005-11-13link user search to user packagessimo1-1/+1
2005-10-17Added link to user's packages in profilesimo1-0/+4
2005-06-10Added Simo's patch for #2579, adding user info pagepjmattal1-0/+55
also modified it slightly so that we no longer look at AURMaintainerUID for maintainer
2005-02-25fixed bug 2263pjmattal1-2/+1
2005-01-25started working on package delete supporteric1-1/+1
2005-01-21added hashed passwordsjchu1-0/+6
2004-06-29fleshing out the package logic, renamed pkg include files for consistencyeric1-0/+1
2004-06-24getting closer to printing package search results - also fixed some XHTML stufferic1-1/+1
2004-06-24started working on the pkgsearcheric1-6/+12
2004-06-23account adding/editing is workingeric1-39/+65
2004-06-22pulled out account functions into separate include fileeric1-0/+552