summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2012-09-18Migrate all DB code to use PDOcanyonknight8-379/+349
All DB code currently uses the quickly aging mysql_* functions. These functions are strongly discouraged and may eventually be deprecated. Transition all code to utilize the PDO data access abstraction layer. PDO allows for consistent query code across multiple databases. This could potentially allow for someone to use a database other than MySQL with minimal code changes. All functions and behaviors are reproduced as faithfully as possible with PDO equivalents and some changes in code. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23Allow only Trusted Users, Developers, and Maintainers to unflag packagescanyonknight1-0/+4
Currently everyone is allowed to unflag a package as out of date. This should be limited to only the appropriate people for a specific package. Fixes FS#27263 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18Use virtual paths for voters pageLukas Fleischer1-1/+0
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a get parameter to request a specific package by ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18pkgfuncs.inc.php: Fix pkg_change_category()Lukas Fleischer1-0/+2
Make sure that pkg_change_category() works, even if the "N" get parameter is used and "ID" is unset. Note that this is considered to be a hack rather than a proper fix; pkg_change_category() needs a lot of work. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18routing.inc.php: Add missing "/account" routeLukas Fleischer1-0/+1
Minor oversight when adding the routing back end in commit eb22bcc7548d1b1025a3832aa4555792729d11b0. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17routing.inc.php: rtrim() path in get_route()Lukas Fleischer1-0/+1
Return the correct route -- even if a "/" is appended to the URI. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17aur.inc.php: Include routing backendLukas Fleischer1-0/+1
This needs to be available on every page since it is needed for get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if the virtual path feature is disabled. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Move package actions to the action boxLukas Fleischer1-0/+1
Note that this currently only works if the virtual path feature is enabled. If you don't use virtual paths, these will still be displayed as buttons below the package details listing. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Redirect to the home page after successful loginLukas Fleischer1-1/+1
Jump to the home page instead of displaying a page that only tells you that you're logged in. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer2-4/+21
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer2-5/+5
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Add routing front/back endsLukas Fleischer2-0/+43
This adds a URL mapping library that can be used to implement virtual paths. Also, "web/html/index.php" is moved to "web/html/home.php" and "web/html/index.php" becomes a routing front end that maps virtual paths to corresponding files. To enable the virtual path feature, all requests need to be redirected to the "index.php" routing script. If you use lighttpd, following rewrite rule can be used: url.rewrite = ( "^(.*)$" => "/index.php/$1" ) A similar rule can be used for Apache (using mod_rewrite). Note that the current routing front end only works if PATH_INFO is provided. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer3-2/+12
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-14aur.inc.php: Use delete_session_id() where appropriatecanyonknight1-3/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14acctfuncs.inc.php: Make user_suspended() work correctlycanyonknight1-1/+1
Fixes broken account suspension system. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-08acctfuncs.inc.php: Fix "Undefined variable" noticesLukas Fleischer1-0/+4
Initialize the "$details" and "$whovoted" variables with an empty array/string to suppress a "Undefined variable" notice if the votes/voters list is empty. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Move XHTML to account_details.php templatecanyonknight1-70/+0
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of the display_account_info function that echoes the code, and moves it to the new account_details.php template file. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06aur.inc.php: Remove old and unused make_seed functioncanyonknight1-7/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Make user_is_privileged() workcanyonknight1-2/+2
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Remove deprecated configuration variablecanyonknight1-1/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Allow functions to take DB handle as argumentcanyonknight1-10/+28
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06rss.php: Pull out DB codecanyonknight1-0/+19
* Move DB code in rss.php to new function in aur.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Pull out DB code from trusted user pagecanyonknight1-0/+104
* Move DB code in tu.php and tu.php and tu_list.php to new functions in accfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06account.php: Pull out DB codecanyonknight1-0/+39
* Move DB code in account.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface * Consolidate redudant SQL statements from DisplayAccount and AccountInfo * Consolidation also adds ability to edit accounts based on username Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkgsubmit.php: Pull out DB codecanyonknight2-0/+118
* Move DB code in pkgsubmit.php to new functions in aur.inc.php and pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06passreset.php: Pull out DB codecanyonknight1-0/+34
* Move DB code in passreset.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06logout.php: Pull out DB codecanyonknight1-1/+16
* Move DB code for removing a session in logout.php to a new function in acctfuncs.inc.php * Add ability for clear_expired_sessions function to check for DB connection * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_comment_form.php: Pull out DB codecanyonknight1-0/+54
* Move DB code and e-mail code from pkg_comment_form.php to new function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Pull out DB codecanyonknight1-0/+5
* Move DB code from pkg_search_results.php to already existing function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06account_search_results.php: Pull out DB codecanyonknight1-0/+6
* Move DB code from account_search_results.php to already existing function in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06action_form.php: Pull out DB codecanyonknight1-0/+40
* Create new functions in pkgfuncs.inc.php with SQL queries from action_form.php * Centralization of DB code important in a future transition to PDO interface * Flip logic of vote and notify XHTML button to use function return rather than a more confusing NOT (!) logical operator statement Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06addvote.php: Pull out DB codecanyonknight1-1/+37
* Verifying a username exists should use already present valid_user function * Create new functions in acctfuncs.inc.php with SQL queries from addvote.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06voters.php: Pull out DB codecanyonknight1-0/+25
* Create new function in pkgfuncs.inc.php with SQL queries from voters.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Move login form to a separate pageLukas Fleischer1-10/+0
Do not show the login form on every page. Move it to a separate login page and add a link to the navigation bar. Also, add a logout link for logged-in users. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06acctfuncs.inc.php: Move XHTML to account_search_results.php templatecanyonknight1-115/+1
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of a function that simply echoes the code, and moves it into a more reasonable template file in account_search_results.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Move XHTML to account_edit_form.php templatecanyonknight1-123/+1
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of a function that simply echoes the code, and moves it into a more reasonable template file in account_edit_form.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Overhaul to match archwebcanyonknight1-4/+4
* Change search results table to use CSS from archweb with better alternating line contrast * Change table results header to match archweb * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Be consistent in PHP logical operator usagecanyonknight1-2/+2
A mix of logical operator styles are currently in use. The predominant style uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency is minor, but is easily avoided. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Extend pkgname_from_id() to arrays of IDsLukas Fleischer1-6/+23
This allows for getting the package names of multiple packages at once, without having to iterate over them and making one DB query per package. pkgname_from_id() now accepts both integer arrays and single integers (backwards compatibility mode). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight2-0/+11
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-31HTML/DOM fixesDario Giovannetti1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-06user_table optimizationDan McGee1-6/+5
Rather than looking up by username, it makes more sense to look the stats up by user ID to reduce the number of needed joins. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Unify function declaration styleLukas Fleischer3-38/+19
Always put the opening brace on the same line as the beginning of the function declaration. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Add field for PGP key in profile informationLukas Fleischer1-7/+60
This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-21valid_email :: check if domain part is realBlackEagle1-1/+12
this can be used as an intermediate 'patch' util there is a validation system in place. the extra check is to verify that the domain part of a correctly formatted email address is existing and in use. this will not at all stop spammers since they can use bogus emails with valid domain parts Lukas: Minor formatting changes. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-09Merge branch 'maint'Lukas Fleischer2-3/+3
Conflicts: UPGRADING web/lib/config.inc.php.proto
2012-03-09Release 1.9.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-09Replace "nb_NO" translation by "nb"Lukas Fleischer1-1/+1
This one is not a specific dialect, so "nb" (Norwegian Bokmål) is the better name to use here. Thanks-to: Alexander Rødseth <rodseth@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-09Replace "pt" translation by "pt_PT"Lukas Fleischer1-1/+1
This makes the difference between Portuguese (Brazil) and Portuguese (Portugal) a bit clearer. Also, "pt_PT" is way more up to date than "pt". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-08Always set the "To:" header when sending mailLukas Fleischer1-1/+1
Use "undisclosed-recipients: ;" when sending mass notifications (such as comment notifications and the like. Addresses FS#28229. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>