still working on pkgsubmit

2 files changed, 83 insertions, 9 deletions

diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fa8f3c75..21b0f942 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -21,11 +21,11 @@ if ($_COOKIE["AURSID"]) {
 
 		# first, see if this package already exists, and if it can be overwritten
 	 	#	
-		if (package_exists($_FILES["pfile"]["name"])) { # TODO write function
+		$pkg_exists = package_exists($_FILES["pfile"]["name"]);
+		if ($pkg_exists) {
 			# ok, it exists - should it be overwritten, and does the user have
 			# the permissions to do so?
 			#
-			# TODO write 'can_overwrite_pkg' function
 			if (can_overwrite_pkg($_FILES["pfile"]["name"], $_COOKIE["AURSID"])) {
 				if (!$_REQUEST["overwrite"]) {
 					$error = __("You did not tag the 'overwrite' checkbox.");
@@ -36,7 +36,7 @@ if ($_COOKIE["AURSID"]) {
 			}
 		}
 
-		if (!$error)) {
+		if (!$error) {
 			# no errors checking upload permissions, go ahead and try to process
 			# the uploaded package file.
 			#
@@ -58,10 +58,48 @@ if ($_COOKIE["AURSID"]) {
 			}
 		}
 
+		# at this point, we can safely create the directories, and update
+		# the database with the new package
+		#
+		# TODO extract the package contents and parse the included files
+		#
+
+
+		# update the backend database
+		#
+		$dbh = db_connect();
+		if ($pkg_exists) {
+
+			# this is an overwrite of an existing package, the database ID
+			# needs to be preserved so that any votes are retained.  However,
+			# PackageDepends, PackageSources, and PackageContents can be
+			# purged.
+			#
+			$q = "SELECT * FROM Packages ";
+			$q.= "WHERE Name = '".mysql_escape_string($_FILES["pfile"]["name"])."'";
+			$result = db_query($q, $dbh);
+			$pdata = mysql_fetch_assoc($result);
+
+			# flush out old data that will be replaced with new data
+			#
+			$q = "DELETE FROM PackageContents WHERE PackageID = ".$pdata["ID"];
+			db_query($q, $dbh);
+			$q = "DELETE FROM PackageDepends WHERE PackageID = ".$pdata["ID"];
+			db_query($q, $dbh);
+			$q = "DELETE FROM PackageSources WHERE PackageID = ".$pdata["ID"];
+			db_query($q, $dbh);
+
+
+		} else {
+			# this is a brand new package
+			#
+		}
+
+
 	}
 
 
-	if (!$_REQUEST["pkgsubmit"] || !$error)) {
+	if (!$_REQUEST["pkgsubmit"] || $error) {
 		# give the visitor the default upload form
 		#
 		if (ini_get("file_uploads")) {
@@ -93,15 +131,12 @@ if ($_COOKIE["AURSID"]) {
 			print __("No");
 			print "  </td>\n";
 			print "</tr>\n";
-			print "<tr>\n";
-			print "  <td align='center' colspan='2'>&nbsp;</td>\n";
-			print "</tr>\n";
 
 			print "<tr>\n";
-			print "  <td align='right'>";
+			print "  <td>&nbsp;</td>\n";
+			print "  <td align='left'>";
 			print "<input class='button' type='submit' value='".__("Upload")."' />\n";
 			print "</td>\n";
-			print "  <td>&nbsp;</td>\n";
 			print "</tr>\n";
 			print "</table>\n";
 
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 0db5c126..f652b061 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -444,6 +444,45 @@ function dbug($msg) {
 	return;
 }
 
+# check to see if the package name exists
+#
+function package_exists($name="") {
+	if (!$name) {return 0;}
+	$dbh = db_connect();
+	$q = "SELECT COUNT(*) FROM Packages ";
+	$q.= "WHERE Name = '".mysql_escape_string($name)."'";
+	$result = db_query($q, $dbh);
+	if (!$result) {return 0;}
+	$row = mysql_fetch_row($result);
+	return $row[0];
+}
+
+# check to see if the user can overwrite an existing package
+#
+function can_overwrite_pkg($name="", $sid="") {
+	if (!$name || !$sid) {return 0;}
+	$dbh = db_connect();
+	$q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID ";
+	$q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'";
+	$result = db_query($q, $dbh);
+	if (!$result) {return 0;}
+	$row = mysql_fetch_row($result);
+	$my_uid = uid_from_sid($sid);
+
+	# user is a dev and maintains the package
+	#
+	if ($my_uid == $row[2]) {return 1;}
+
+	# user is a TU and there is no dev
+	#
+	if (!$row[2] && $my_uid == $row[1]) {return 1;}
+
+	# user is a user and there is no TU or dev
+	#
+	if (!$row[2] && !$row[1] && $my_uid == $row[0]) {return 1;}
+	return 0;
+}
+
 # convert an ini_get number to a real integer - stupid PHP!
 #
 function initeger($inival="0", $isbytes=1) {