summaryrefslogtreecommitdiffstats
path: root/web
AgeCommit message (Collapse)AuthorFilesLines
2012-07-06passreset.php: Pull out DB codecanyonknight2-22/+37
* Move DB code in passreset.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06logout.php: Pull out DB codecanyonknight2-5/+20
* Move DB code for removing a session in logout.php to a new function in acctfuncs.inc.php * Add ability for clear_expired_sessions function to check for DB connection * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_comment_form.php: Pull out DB codecanyonknight2-51/+54
* Move DB code and e-mail code from pkg_comment_form.php to new function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Pull out DB codecanyonknight2-4/+8
* Move DB code from pkg_search_results.php to already existing function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06account_search_results.php: Pull out DB codecanyonknight2-2/+7
* Move DB code from account_search_results.php to already existing function in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06action_form.php: Pull out DB codecanyonknight2-24/+48
* Create new functions in pkgfuncs.inc.php with SQL queries from action_form.php * Centralization of DB code important in a future transition to PDO interface * Flip logic of vote and notify XHTML button to use function return rather than a more confusing NOT (!) logical operator statement Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06addvote.php: Pull out DB codecanyonknight2-28/+41
* Verifying a username exists should use already present valid_user function * Create new functions in acctfuncs.inc.php with SQL queries from addvote.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06voters.php: Pull out DB codecanyonknight2-13/+27
* Create new function in pkgfuncs.inc.php with SQL queries from voters.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Move language selection to a drop-down listLukas Fleischer2-12/+23
Move all languages to a select container to save some space. Language selection is a rarely used feature, so there's no need to make this a one click option. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06actions_form.php: Overhaul to match archwebcanyonknight1-48/+41
* Change all CSS to match archweb * General clean-up of XHTML formatting * Change control structures to use PHP alternative syntax for better readability with inter-mixed XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Restructure the navigation barLukas Fleischer1-4/+3
* Remove "Bugs" and "Discussion" links. Move these to the home page. * Reorder links in a reasonable and consistent manner. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Move login form to a separate pageLukas Fleischer4-50/+58
Do not show the login form on every page. Move it to a separate login page and add a link to the navigation bar. Also, add a logout link for logged-in users. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06passreset.php: Overhaul to match archwebcanyonknight1-45/+42
* Switch to CSS used by archweb * General fixups in XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Move XHTML to account_search_results.php templatecanyonknight2-115/+104
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of a function that simply echoes the code, and moves it into a more reasonable template file in account_search_results.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06acctfuncs.inc.php: Move XHTML to account_edit_form.php templatecanyonknight2-123/+139
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of a function that simply echoes the code, and moves it into a more reasonable template file in account_edit_form.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul account pages to match archwebcanyonknight2-36/+34
* Use CSS from archweb * General clean-up of XHTML formatting Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06addvote.php: Overhaul to match archwebcanyonknight1-23/+25
* Switch CSS over to archweb styling * General clean-up of XHTML * Set proposal box size to something more sane for a default Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul trusted user proposal page to match archwebcanyonknight3-137/+137
* Change all boxes and other CSS to match archweb * General fixups in XHTML formatting * Change results table to match color scheme everywhere else Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul to stat tables to match archwebcanyonknight3-80/+49
* Move stat tables into widget boxes to match archweb * Remove old span styles * Clean-up XHTML formatting * Minor whitespace fix Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_comments.php: Overhaul to match archwebcanyonknight1-40/+37
* Limit PHP echoing XHTML as much as possible, and use pure XHTML * Switch to alternative syntax in control structures for better readability of inter-mixed XHTML * Remove box for every comment and switch to archweb news post style Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Search form layout overhaulLukas Fleischer1-121/+123
* Always show advanced search criteria. * Rearrange filter criteria (list filters first, list sorting and pagination options behind). * HTML cleanup. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Refactor package submission formLukas Fleischer1-28/+24
* Adjust style to match the overall layout. * Use proper HTML tags and double quotes. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Refactor package comment formLukas Fleischer1-10/+17
* Adjust style to match the overall layout. * Use proper HTML tags and double quotes. * Remove the "Reset" button. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06voters.php: Overhaul to match archwebcanyonknight1-15/+17
* Currently voters.php has no navigation links and/or styling. This patch adds the appropriate styling * User PHP alternative syntax for control structures * Change a variable name to more frequently used "atype" * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Synchronize footer layout with archwebLukas Fleischer1-6/+9
Also, add a copyright notice and the disclaimer. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06index.php: Overhaul to match archwebcanyonknight1-62/+103
* Switch to CSS used by archweb * Move package search to a smaller box to match the style of the main site * Add text describing mailing list and bug tracker. Eventually remove those associated nav bar links. * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Overhaul to match archwebcanyonknight2-130/+117
* Change search results table to use CSS from archweb with better alternating line contrast * Change table results header to match archweb * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_details.php: Overhaul to match archwebcanyonknight1-151/+156
* Rearrange order of package details to a more logical order * Add widget box on right side of page that has package actions. Limited to viewing PKGBUILD, downloading tarball, and printing package flag date. Eventually should be able to support all AUR package actions. * Move "Dependencies" and "Required by" to new CSS to allow for them to be displayed as columns adjacent to one another, with one package per line. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Remove all traces of "pgboxtitle"Lukas Fleischer10-24/+12
Using a div container to format heading is ridiculous. Use "<h2></h2>" instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Wrap everything in a content cotainerLukas Fleischer2-28/+29
For consistency with archweb. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Add archweb style sheetLukas Fleischer3-1/+987
* Add "archweb.css" from the master branch of archweb. We will use this as base style sheet in the future. * Add "aur.css" for AUR-specific extensions to "archweb.css". * Remove the "archnavbar.css" link from the header template since this is included in "archweb.css". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Use sane date format strings everywhereLukas Fleischer4-7/+7
We fixed this for the fields displayed on the package details page in commit b5fffe9a02cd4fd3b7da66e403f02eea89c8fcad. This should fix the remaining ones. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06pkg_details.php: Use sane format for date stringsLukas Fleischer1-3/+3
No need to show a full RFC 2822-compliant date here. Instead, display date, hours and minutes for "Last Updated" and "First Submitted" fields and display the date only for the out-of-date time stamp. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-07-06Be consistent in PHP logical operator usagecanyonknight4-8/+8
A mix of logical operator styles are currently in use. The predominant style uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency is minor, but is easily avoided. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Update web interface READMEcanyonknight1-75/+94
* Remove outdated information * Give a brief synopsis of what the web visible PHP files do Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Rearrange install documentationcanyonknight1-104/+0
Move documentation related to installation to a separate INSTALL file. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Extend pkgname_from_id() to arrays of IDsLukas Fleischer1-6/+23
This allows for getting the package names of multiple packages at once, without having to iterate over them and making one DB query per package. pkgname_from_id() now accepts both integer arrays and single integers (backwards compatibility mode). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight13-46/+82
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-31HTML/DOM fixesDario Giovannetti2-3/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-06web/html/packages.php: Remove duplicate codeLukas Fleischer1-14/+10
Retrieve the package ID early and merge the if-branches calling package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-06user_table optimizationDan McGee2-8/+7
Rather than looking up by username, it makes more sense to look the stats up by user ID to reduce the number of needed joins. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to accountsLukas Fleischer1-1/+5
Addresses FS#9582 and FS#21600. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to packagesLukas Fleischer3-2/+22
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Unify function declaration styleLukas Fleischer3-38/+19
Always put the opening brace on the same line as the beginning of the function declaration. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Add field for PGP key in profile informationLukas Fleischer2-13/+67
This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-21valid_email :: check if domain part is realBlackEagle1-1/+12
this can be used as an intermediate 'patch' util there is a validation system in place. the extra check is to verify that the domain part of a correctly formatted email address is existing and in use. this will not at all stop spammers since they can use bogus emails with valid domain parts Lukas: Minor formatting changes. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-19web/html/pkgsubmit.php: Revamp tarball validationLukas Fleischer1-12/+14
* Reorder checks. * Use simple string functions instead of regular expressions. * Check for type flags before validating paths. The latter ensures we don't treat tarball keywords/flags as directories. This avoids problems with bsdtar inserting PaxHeader attributes into the archive which look something like the following to Archive_Tar: PaxHeader/xcursor-protozoa xcursor-protozoa/ xcursor-protozoa/PaxHeader/PKGBUILD xcursor-protozoa/PKGBUILD This only occurs on certain filesystems (e.g. jfs), but the tarball is by no means invalid. When extracted, it will only contain the PKGBUILD within a single subdirectory. Addresses FS#28802. Thanks-to: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-09Merge branch 'maint'Lukas Fleischer2-3/+3
Conflicts: UPGRADING web/lib/config.inc.php.proto
2012-03-09Release 1.9.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-09Replace "nb_NO" translation by "nb"Lukas Fleischer1-1/+1
This one is not a specific dialect, so "nb" (Norwegian Bokmål) is the better name to use here. Thanks-to: Alexander Rødseth <rodseth@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>