Merge branch 'testing'

Conflicts:
	web/html/pkgsubmit.php

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

8 files changed, 414 insertions, 52 deletions

diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index bbd6b740..73db2708 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -644,7 +644,12 @@ function try_login() {
 			if ($logged_in) {
 				# set our SID cookie
 
-				setcookie("AURSID", $new_sid, 0, "/");
+				if ($_POST['remember_me'] == "on")
+					# Set cookies for 30 days.
+					$cookie_time = time() + (60 * 60 * 24 * 30);
+				else
+					$cookie_time = 0;
+				setcookie("AURSID", $new_sid, $cookie_time, "/");
 #				header("Location: /index.php");
 				header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
 				$login_error = "";
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 81ffde26..a126bb94 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -311,12 +311,11 @@ function set_lang() {
 			$LANG = $row[0];
 		}
 		$update_cookie = 1;
-	} else {
-		$LANG = "en";
 	}
 
+	# Set $LANG to default if nothing is valid.
 	if (!array_key_exists($LANG, $SUPPORTED_LANGS)) {
-		$LANG = "en"; # default to English
+		$LANG = DEFAULT_LANG;
 	}
 
 	if ($update_cookie) {
@@ -336,7 +335,7 @@ function html_header($title="") {
 	global $SUPPORTED_LANGS;
 
 	$login = try_login();
-  $login_error = $login['error'];
+	$login_error = $login['error'];
 
 	$title = htmlspecialchars($title, ENT_QUOTES);
 
@@ -375,19 +374,10 @@ function can_submit_pkg($name="", $sid="") {
 # recursive delete directory
 #
 function rm_rf($dirname="") {
-	$d = dir($dirname);
-	while ($f = $d->read()) {
-		if ($f != "." && $f != "..") {
-			if (is_dir($dirname."/".$f)) {
-				rm_rf($dirname."/".$f);
-			}
-			if (is_file($dirname."/".$f) || is_link($dirname."/".$f)) {
-				unlink($dirname."/".$f);
-			}
-		}
+	if ($dirname != "") {
+		exec('rm -rf ' . escapeshellcmd($dirname));
 	}
-	$d->close();
-	rmdir($dirname);
+
 	return;
 }
 
@@ -410,4 +400,3 @@ function uid_from_username($username="")
 	return $row[0];
 }
 
-?>
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 953f5aba..6ff9b0f2 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -22,6 +22,8 @@ if (!extension_loaded('json'))
 class AurJSON {
     private $dbh = false;
     private $exposed_methods = array('search','info');
+    private $fields = array('ID','Name','Version','Description',
+        'URL','URLPath','License','NumVotes','OutOfDate');
 
     /**
      * Handles post data, and routes the request.
@@ -42,7 +44,9 @@ class AurJSON {
         // do the routing
         if ( in_array($http_data['type'], $this->exposed_methods) ) {
             // ugh. this works. I hate you php.
-            $json = call_user_func_array(array(&$this,$http_data['type']),$http_data['arg']);
+            $json = call_user_func_array(array(&$this,$http_data['type']),
+                $http_data['arg']);
+
             // allow rpc callback for XDomainAjax
             if ( isset($http_data['callback']) ) {
                 return $http_data['callback'] . "({$json})";
@@ -87,22 +91,22 @@ class AurJSON {
         }
 
         $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
-        $query = sprintf(
-            "SELECT Name,ID FROM Packages WHERE ( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' ) AND DummyPkg=0",
-            $keyword_string, $keyword_string );
+
+        $query = "SELECT " . implode(',', $this->fields) .
+            " FROM Packages WHERE DummyPkg=0 AND ";
+        $query .= sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )",
+                $keyword_string, $keyword_string);
 
         $result = db_query($query, $this->dbh);
 
         if ( $result && (mysql_num_rows($result) > 0) ) {
             $search_data = array();
             while ( $row = mysql_fetch_assoc($result) ) {
-                $elem = array(
-                    'Name' => $row['Name'],
-                    'ID' => $row['ID'] );
-                array_push($search_data,$elem);
-            }
+                array_push($search_data, $row);
+	    }
+
             mysql_free_result($result);
-            return $this->json_results('search',$search_data);
+            return $this->json_results('search', $search_data);
         }
         else {
             return $this->json_error('No results found');
@@ -115,7 +119,8 @@ class AurJSON {
      * @return mixed Returns an array of value data containing the package data
      **/
     private function info($pqdata) {
-        $base_query = "SELECT ID,Name,Version,Description,URL,URLPath,License,NumVotes,OutOfDate FROM Packages WHERE DummyPkg=0 AND ";
+        $base_query = "SELECT " . implode(',', $this->fields) .
+            " FROM Packages WHERE DummyPkg=0 AND ";
 
         if ( is_numeric($pqdata) ) {
             // just using sprintf to coerce the pqd to an int
@@ -127,7 +132,8 @@ class AurJSON {
             if(get_magic_quotes_gpc()) {
                 $pqdata = stripslashes($pqdata);
             }
-            $query_stub = sprintf("Name=\"%s\"",mysql_real_escape_string($pqdata));
+            $query_stub = sprintf("Name=\"%s\"",
+                mysql_real_escape_string($pqdata));
         }
 
         $result = db_query($base_query.$query_stub, $this->dbh);
@@ -135,11 +141,11 @@ class AurJSON {
         if ( $result && (mysql_num_rows($result) > 0) ) {
             $row = mysql_fetch_assoc($result);
             mysql_free_result($result);
-            return $this->json_results('info',$row);
+            return $this->json_results('info', $row);
         }
         else {
             return $this->json_error('No result found');
         }
     }
 }
-?>
+
diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.proto
index 7a0a155d..7248b930 100644
--- a/web/lib/config.inc.proto
+++ b/web/lib/config.inc.proto
@@ -16,18 +16,24 @@ define( "USERNAME_MAX_LEN", 16 );
 define( "PASSWD_MIN_LEN", 4 );
 define( "PASSWD_MAX_LEN", 128 );
 
-$LOGIN_TIMEOUT = 7200;           # number of idle seconds before timeout
+# Language that messages are initially written in.
+# This should never change.
+define("DEFAULT_LANG", "en");
 
-$SUPPORTED_LANGS = array(        # what languages we have translations for
+# Languages we have translations for
+$SUPPORTED_LANGS = array(
+	"ca" => "Català",
+	"de" => "Deutsch",
 	"en" => "English",
-	"pl" => "Polski",
+	"es" => "Español",
+	"fr" => "Français",
 	"it" => "Italiano",
-	"ca" => "Català",
+	"pl" => "Polski",
 	"pt" => "Português",
-	"es" => "Español",
-	"de" => "Deutsch",
 	"ru" => "Русский",
-	"fr" => "Français"
+	"tr" => "Türkçe"
 );
 
-?>
+# Idle seconds before timeout
+$LOGIN_TIMEOUT = 7200;
+
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 77b0ab11..7fe3f317 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -128,6 +128,7 @@ function package_required($pkgid=0) {
 		$q.= "WHERE PackageDepends.PackageID = Packages.ID ";
 		$q.= "AND PackageDepends.DepPkgID = ";
 		$q.= mysql_real_escape_string($pkgid);
+		$q.= " ORDER BY Name";
 		$result = db_query($q, $dbh);
 		if (!$result) {return array();}
 		while ($row = mysql_fetch_row($result)) {
@@ -512,14 +513,12 @@ function package_details($id=0, $SID="") {
                 if ($row["MaintainerUID"] == 0) {
                     echo "<input type='submit' class='button' name='do_Adopt'";
                     echo " value='".__("Adopt Packages")."'>\n";
-                }
-					
-				if ($row["MaintainerUID"] == uid_from_sid($SID) ||
-            account_from_sid($SID) == "Trusted User" ||
-            account_from_sid($SID) == "Developer") {
+                } else if ($row["MaintainerUID"] == uid_from_sid($SID) ||
+            	           account_from_sid($SID) == "Trusted User" ||
+            	           account_from_sid($SID) == "Developer") {
 					echo "<input type='submit' class='button' name='do_Disown'";
 					echo " value='".__("Disown Packages")."'>\n";
-				}	
+				}
 					
 				if (account_from_sid($SID) == "Trusted User" ||
 				    account_from_sid($SID) == "Developer") {
@@ -986,4 +985,284 @@ function pkg_search_page($SID="") {
     return;
 }
 
-?>
+function pkg_flag ($atype, $ids, $action = True) {
+	if (!$atype) {
+		if ($action) {
+			return __("You must be logged in before you can flag packages.");
+		} else {
+			return __("You must be logged in before you can unflag packages.");
+		}
+	}
+
+	if (empty($ids)) {
+		if ($action) {
+			return __("You did not select any packages to flag.");
+		} else {
+			return __("You did not select any packages to unflag.");
+		}
+	}
+
+	foreach ($ids as $pid => $v) {
+		if (!is_numeric($pid)) {
+			if ($action) {
+				return __("You did not select any packages to flag.");
+			} else {
+				return __("You did not select any packages to unflag.");
+			}
+		}
+	}
+
+	$dbh = db_connect();
+
+	$first = 1;
+	foreach ($ids as $pid => $v) {
+		if ($first) {
+			$first = 0;
+			$flag = $pid;
+		} else {
+			$flag .= ", " . $pid;
+		}
+	}
+
+	$ood = $action ? 1 : 0;
+	$q = "UPDATE Packages SET OutOfDate = " . $ood;
+	$q.= " WHERE ID IN (" . $flag . ")";
+
+	db_query($q, $dbh);
+
+	if ($action) {
+		# Notify of flagging by email
+		$f_name = username_from_sid($_COOKIE['AURSID']);
+		$f_email = email_from_sid($_COOKIE['AURSID']);
+		$f_uid = uid_from_sid($_COOKIE['AURSID']);
+		$q = "SELECT Packages.Name, Users.Email, Packages.ID ";
+		$q.= "FROM Packages, Users ";
+		$q.= "WHERE Packages.ID IN (" . $flag .") ";
+		$q.= "AND Users.ID = Packages.MaintainerUID ";
+		$q.= "AND Users.ID != " . $f_uid;
+		$result = db_query($q, $dbh);
+		if (mysql_num_rows($result)) {
+			while ($row = mysql_fetch_assoc($result)) {
+				# construct email
+				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . ". You may view your package at:\nhttp://aur.archlinux.org/packages.php?ID=" . $row['ID'];
+				$body = wordwrap($body, 70);
+				$headers = "To: ".$row['Email']."\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n";
+				@mail(' ', "AUR Out-of-date Notification for ".$row['Name'], $body, $headers);
+			}
+		}
+	}
+
+	if ($action) {
+		return __("The selected packages have been flagged out-of-date.");
+	} else {
+		return __("The selected packages have been unflagged.");
+	}
+}
+
+function pkg_delete ($atype, $ids) {
+	if (!$atype) {
+		return __("You must be logged in before you can disown packages.");
+	}
+
+	if (empty($ids)) {
+		return __("You did not select any packages to delete.");
+	}
+
+	# Delete the packages in $ids array (but only if they are Unsupported)
+	#
+	$dbh = db_connect();
+
+	# Delete the packages in $ids array
+	#
+	$first = 1;
+	foreach ($ids as $pid => $v) {
+		if ($first) {
+			$first = 0;
+			$delete = $pid;
+		} else {
+			$delete .= ", ".$pid;
+		}
+	}
+
+	$field = "MaintainerUID";
+
+	# Only grab Unsupported packages that "we" own or are not owned at all
+	$ids_to_delete = array();
+	$q = "SELECT Packages.ID FROM Packages, PackageLocations ";
+	$q.= "WHERE Packages.ID IN (" . $delete . ") ";
+	$q.= "AND Packages.LocationID = PackageLocations.ID ";
+	$q.= "AND PackageLocations.Location = 'unsupported' ";
+
+	# If they're a TU or dev, can delete
+	if ($atype == "Trusted User" || $atype == "Developer") {
+		$result = db_query($q, $dbh);
+	}
+
+	if ($result != Null && mysql_num_rows($result) > 0) {
+		while ($row = mysql_fetch_assoc($result)) {
+			$ids_to_delete[] = $row['ID'];
+		}
+	}
+
+	if (empty($ids_to_delete)) {
+		return __("None of the selected packages could be deleted.");
+	}
+
+	# These are the packages that are safe to delete
+	foreach ($ids_to_delete as $id) {
+		$q = "DELETE FROM PackageVotes WHERE PackageID = " . $id;
+		$result = db_query($q, $dbh);
+
+		$q = "DELETE FROM PackageDepends WHERE PackageID = " . $id;
+		$result = db_query($q, $dbh);
+
+		$q = "DELETE FROM PackageSources WHERE PackageID = " . $id;
+		$result = db_query($q, $dbh);
+
+		$q = "DELETE FROM PackageComments WHERE PackageID = " . $id;
+		$result = db_query($q, $dbh);
+
+		$q = "DELETE FROM Packages WHERE ID = " . $id;
+		$result = db_query($q, $dbh);
+
+		$q = "DELETE FROM CommentNotify WHERE PkgID = " . $id;
+		$result = db_query($q, $dbh);
+	}
+
+	return __("The selected packages have been deleted.");
+}
+
+function pkg_adopt ($atype, $ids, $action = True) {
+	if (!$atype) {
+		if ($action) {
+			return __("You must be logged in before you can adopt packages.");
+		} else {
+			return __("You must be logged in before you can disown packages.");
+		}
+	}
+
+	if (empty($ids)) {
+		if ($action) {
+			return __("You did not select any packages to adopt.");
+		} else {
+			return __("You did not select any packages to disown.");
+		}
+	}
+
+	$dbh = db_connect();
+
+	$first = 1;
+	foreach ($ids as $pid => $v) {
+		if ($first) {
+			$first = 0;
+			$pkg = $pid;
+		} else {
+			$pkg .= ", ".$pid;
+		}
+	}
+
+	$field = "MaintainerUID";
+	$q = "UPDATE Packages ";
+
+	if ($action) {
+		$user = uid_from_sid($_COOKIE["AURSID"]);
+	} else {
+		$user = 0;
+	}
+
+	$q.= "SET $field = $user ";
+	$q.= "WHERE ID IN ($pkg) ";
+
+	if ($action && $atype == "User") {
+		# Regular users may only adopt orphan packages from unsupported
+		$q.= "AND $field = 0 ";
+		$q.= "AND LocationID = 2 ";
+	} else if ($atype == "User") {
+		$q.= "AND $field = " . uid_from_sid($_COOKIE["AURSID"]);
+	}
+
+	db_query($q, $dbh);
+
+	if ($action) {
+		return __("The selected packages have been adopted.");
+	} else {
+		return __("The selected packages have been disowned.");
+	}
+}
+
+function pkg_vote ($atype, $ids, $action = True) {
+	if (!$atype) {
+		if ($action) {
+			return __("You must be logged in before you can vote for packages.");
+		} else {
+			return __("You must be logged in before you can un-vote for packages.");
+		}
+	}
+
+	if (empty($ids)) {
+		if ($action) {
+			return __("You did not select any packages to vote for.");
+		} else {
+			return __("Your votes have been removed from the selected packages.");
+		}
+	}
+
+	$dbh = db_connect();
+	$my_votes = pkgvotes_from_sid($_COOKIE["AURSID"]);
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+
+	$first = 1;
+	foreach ($ids as $pid => $v) {
+		if ($action) {
+			$check = !isset($my_votes[$pid]);
+		} else {
+			$check = isset($my_votes[$pid]);
+		}
+
+		if ($check) {
+			if ($first) {
+				$first = 0;
+				$vote_ids = $pid;
+				if ($action) {
+					$vote_clauses = "($uid, $pid)";
+				}
+			} else {
+				$vote_ids .= ", $pid";
+				if ($action) {
+					$vote_clauses .= ", ($uid, $pid)";
+				}
+			}
+		}
+	}
+
+	# only vote for packages the user hasn't already voted for
+	#
+	$op = $action ? "+" : "-";
+	$q = "UPDATE Packages SET NumVotes = NumVotes $op 1 ";
+	$q.= "WHERE ID IN ($vote_ids)";
+
+	db_query($q, $dbh);
+
+	if ($action) {
+		$q = "INSERT INTO PackageVotes (UsersID, PackageID) VALUES ";
+		$q.= $vote_clauses;
+	} else {
+		$q = "DELETE FROM PackageVotes WHERE UsersID = $uid ";
+		$q.= "AND PackageID IN ($vote_ids)";
+	}
+
+	db_query($q, $dbh);
+
+	if ($action) {
+		$q = "UPDATE Users SET LastVoted = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = $uid";
+
+		db_query($q, $dbh);
+	}
+
+	if ($action) {
+		return __("Your votes have been cast for the selected packages.");
+	} else {
+		return __("Your votes have been removed from the selected packages.");
+	}
+}
diff --git a/web/lib/stats.inc b/web/lib/stats.inc
new file mode 100644
index 00000000..6fbc0334
--- /dev/null
+++ b/web/lib/stats.inc
@@ -0,0 +1,72 @@
+<?php
+
+include_once('aur.inc');
+
+function updates_table($dbh)
+{
+	$q = 'SELECT * FROM Packages WHERE DummyPkg != 1 ORDER BY GREATEST(SubmittedTS,ModifiedTS) DESC LIMIT 0 , 10';
+	$newest_packages = db_query($q, $dbh);
+	include('stats/updates_table.php');
+}
+
+function user_table($user, $dbh)
+{
+
+	$base_q = 'SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = "%s" AND Users.Username="' .
+	mysql_real_escape_string($user).'"';
+
+	$result = db_query(sprintf($base_q, 'unsupported'), $dbh);
+	$row = mysql_fetch_row($result);
+	$maintainer_unsupported_count = $row[0];
+
+	$q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='" .
+	mysql_real_escape_string($user)."'";
+
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$flagged_outdated = $row[0];
+
+	# If the user is a TU calculate the number of the packages
+	$atype = account_from_sid($_COOKIE["AURSID"]);
+
+	if (($atype == 'Trusted User') || ($atype == 'Developer')) {
+		$result = db_query(sprintf($base_q, 'community'), $dbh);
+		$row = mysql_fetch_row($result);
+		$maintainer_community_count = $row[0];
+	}
+
+	include('stats/user_table.php');
+}
+
+function general_stats_table($dbh)
+{
+	# AUR statistics
+	$q = "SELECT count(*) FROM Packages,PackageLocations WHERE Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported'";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$unsupported_count = $row[0];
+
+	$q = "SELECT count(*) FROM Packages,PackageLocations WHERE Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community'";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$community_count = $row[0];
+
+	$q = "SELECT count(*) from Users";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$user_count = $row[0];
+
+	$q = "SELECT count(*) from Users,AccountTypes WHERE Users.AccountTypeID = AccountTypes.ID AND AccountTypes.AccountType = 'Trusted User'";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$tu_count = $row[0];
+
+	$targstamp = intval(strtotime("-7 days"));
+	$q = "SELECT count(*) from Packages WHERE (Packages.SubmittedTS >= $targstamp OR Packages.ModifiedTS >= $targstamp)";
+	$result = db_query($q, $dbh);
+	$row = mysql_fetch_row($result);
+	$update_count = $row[0];
+
+	include('stats/general_stats_table.php');
+}
+
diff --git a/web/lib/translator.inc b/web/lib/translator.inc
index 41ece89b..fb9ed635 100644
--- a/web/lib/translator.inc
+++ b/web/lib/translator.inc
@@ -25,7 +25,6 @@
 
 include_once("common_po.inc");
 
-
 function __() {
 	global $_t;
 	global $LANG;
@@ -37,14 +36,20 @@ function __() {
 	# First argument is always string to be translated
 	$tag = $args[0];
 
-	$translated = $_t[$LANG][$tag];
+	if (empty($LANG) || $LANG == DEFAULT_LANG)
+		$translated = $tag;
+	else
+		$translated = $_t[$LANG][$tag];
+
 	if (empty($translated)) {
 		# if it's a supported language, but there isn't a translation,
 		# alert the visitor to the missing translation.
 		#
-		$translated = "<b style=\"color: red\">_${tag}_</b>";
+		$translated = "_${tag}_";
 	}
 
+	$translated = htmlspecialchars($translated, ENT_QUOTES); 
+
 	# This condition is to reorganise the arguments in case of
 	# deprecated usage. __("string", array("string","string"))
 	if (!empty($args[1]) && is_array($args[1])) {
@@ -60,7 +65,7 @@ function __() {
 			$translated = preg_replace("/\%[sh]/", $args[$i], $translated, 1);
 		}
 	}
+
 	return $translated;
 }
 
-?>
diff --git a/web/lib/version.inc b/web/lib/version.inc
index dcc2f3c2..9ef059f2 100644
--- a/web/lib/version.inc
+++ b/web/lib/version.inc
@@ -1,3 +1,3 @@
 <?php
-define( "AUR_VERSION", "<b>v1.5.2</b>" );
+define( "AUR_VERSION", "v1.5.2" );