summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2014-12-27Use Git repositories to store packagesLukas Fleischer7-3160/+1
* Remove package submission page from the web interface. * Replace PKGBUILD and tarball links with links to cgit. * Remove the "URLPath" field from RPC replies. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-27Add support for adding SSH public keys to profilesLukas Fleischer1-7/+71
Users can now add an SSH public key on the account edit page. This will later be used to authenticate users via SSH. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-27Use raw scanner mode in config_get()Lukas Fleischer1-1/+1
We do not want PHP to parse the values for us. Use raw scanner mode to avoid issues with certain values, such as regular expressions. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-27Release 3.5.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-12-13Avoid double slashes in notification email bodyLukas Fleischer4-18/+24
Refactor some of the URI generation code to avoid double slashes in absolute URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-11-22Release 3.5.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-11-21Remove duplicate slash in the password reset URLLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-11-21Always use virtual URLsLukas Fleischer3-31/+4
Support for non-virtual URLs has been broken for a long time and is no longer used on the official AUR setup. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-24Use an INI-style configuration fileLukas Fleischer12-182/+124
Replace web/lib/config.inc.php with an INI-style configuration file. This allows us to get rid of several globals and makes it easier to use the same configuration file in external scripts. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-17voters.php: Show time stamps if availableLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-16Add a time stamp to package base votesLukas Fleischer1-3/+3
This can potentially be used to identify trending packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-11Merge branch 'maint'Lukas Fleischer1-1/+1
2014-10-10Add support for architecture-specific sourcesLukas Fleischer1-6/+34
As a follow-up to 4d7da95 (Add support for architecture-specific fields, 2014-08-10), handle architecture-specific source fields as well. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-10Use proper email address in send_resetkey()Lukas Fleischer1-1/+1
Fixes FS#41860. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-03Merge branch 'maint'Lukas Fleischer1-2/+2
2014-10-03Include proper timestamp in auto-accept emailsLukas Fleischer1-1/+1
Fixes a regression introduced in c70b340 (Close requests before accepting, 2014-07-29). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-03Fix permission check in pkgreq_close()Lukas Fleischer1-1/+1
Make sure that requests can be auto-accepted if filed by a regular user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-11Merge branch 'maint'Lukas Fleischer5-4/+10
2014-08-10Add support for architecture-specific fieldsLukas Fleischer1-15/+57
This adds support for architecture-specific dependencies and relations. Support for this has recently been added to makepkg, see commit 2b556d8 (PKGBUILD: handle arch specific attributes, 2014-07-25) in the pacman repository for details. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08Add permission checks to the request featureLukas Fleischer2-0/+6
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08Fix the return value of save_salt()Lukas Fleischer1-1/+1
Return true if and only if the SQL query was executed successfully. Logins with an unsalted password no longer fail now. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Fix notification handling on submission and adoptionLukas Fleischer1-1/+1
Automatically add users to the notification list when adopting a package. This used to work bug was broken by 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41426. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Add PCRE_DOLLAR_ENDONLY to preg_match()Lukas Fleischer2-2/+2
When using preg_match() to check for a match that starts at the beginning of the string and ends at the last character of the string, we do not want to allow an additional newline character to sneak in. Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY modifier prevents users from registering with user names that end with a newline character. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Release 3.4.3Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Count users in "Trusted User & Developer" group as TUBalló György2-3/+3
This reflects the changes in 3610f3c. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.2Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Close requests before acceptingLukas Fleischer2-11/+29
When auto-accepting a request, we need to close the package request before performing the actual action (disown/deletion/merge). Otherwise, the former maintainer is not included in the Cc list of the acceptance/rejection notification email. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Remove duplicate recipients from CcLukas Fleischer1-0/+2
When a user files a request for a package maintained by himself, he is currently included in the Cc list twice. Use array_unique() to omit repeated entries. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Allow users to delete their own commentsLukas Fleischer1-13/+5
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41379. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Suppress PHP notice in process_account_form()Lukas Fleischer1-3/+6
Add a check to remove a notice which is displayed after registration since commit 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-28Release 3.4.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Do not allow regular users to edit all accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Clean up user references in user_delete()Lukas Fleischer1-0/+35
Explicitly clean up all references before deleting a user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Make deleted comments visible to Trusted UsersLukas Fleischer3-7/+18
This allows Trusted Users to check whether a user posted a politically incorrect comment, even if he already deleted it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Add typeahead suggest to the merge request formLukas Fleischer1-2/+26
Add the typeahead implementation we already use for the package search to the merge target text field. Instead of suggesting packages, suggest package base names. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Prevent merging a package base with itselfLukas Fleischer1-0/+4
Instead of deleting the package, show an error message if a user tries to merge a package base with itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Verify that the target of merge operations existsLukas Fleischer1-0/+4
Make sure that the target of a merge operation is either empty or an existing package base name. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Drop support for source packages without .AURINFOLukas Fleischer1-139/+0
Disallow uploading source tarballs that do not contain .AURINFO. Also, drop the PKGBUILD parser which is no longer needed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-17Automatically accept orphan requests for old packagesLukas Fleischer2-12/+42
If an orphan request is filed for a package that has been flagged out-of-date for at least 180 days, it is disowned automatically. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Fix pkgbase_votes_from_name()Lukas Fleischer1-8/+9
In 676595f (Prefix package functions with pkg_/pkgbase_, 2014-04-05), votes_for_pkgname() was renamed to pkgbase_votes_from_name() without changing the semantics. Slightly adapt the implementation and interpret the argument as a package base name instead of a package name. Also fix the call site. Reported-by: Felix Yan <felixonmars@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Mention the target of merge requests in emailsLukas Fleischer1-5/+15
When sending the initial notification email for a merge request, include the name of the package base that is the target of the requested merge operation. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Use Cc instead of Bcc in request notificationsLukas Fleischer1-6/+6
Add the request creator and the current package maintainer to Cc instead of Bcc when sending notification emails for package requests. This allows users to forward any discussion to both of them by using the "Group Reply" function of their MUA. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Bcc notification emails to the request creatorLukas Fleischer1-14/+27
Add both the request creator and the current package maintainer to the Bcc list of notification emails for package requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Remove unused function pkg_details_by_name()Lukas Fleischer1-24/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Add a new user group "Trusted User & Developer"Lukas Fleischer2-5/+13
This group has full permissions on everything. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Disallow privileged users to use invalid user namesLukas Fleischer1-22/+1
Prevent Trusted Users and developers from accidentally using a name that contains invalid characters. Also, remove user_is_privileged() which is no longer needed after this change. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer6-121/+134
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-05Release 3.3.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Display number of pending requests in actions boxLukas Fleischer2-2/+8
For packages with pending package requests, display the number of requests above the "File Request" link. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>