fleshing out the package logic, renamed pkg include files for consistency

7 files changed, 81 insertions, 52 deletions

diff --git a/web/html/pkgsearch.php b/web/html/pkgsearch.php
index 64d229bc..9ab00ca9 100644
--- a/web/html/pkgsearch.php
+++ b/web/html/pkgsearch.php
@@ -1,6 +1,6 @@
 <?
 include("aur.inc");         # access AUR common functions
-include("pkgs.inc");        # package specific functions
+include("pkgfuncs.inc");    # package specific functions
 include("search_po.inc");   # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
 check_sid();                # see if they're still logged in
@@ -39,14 +39,13 @@ if (isset($_REQUEST["do_Flag"])) {
 		# a message and give the user a link to resume where they were
 		# in the search
 		#
-		pkg_search_page($_COOKIE["AURSID"], $_REQUEST["L"], $_REQUEST["C"],
-				$_REQUEST["K"], $_REQUEST["SB"], $_REQUEST["M"], $_REQUEST["O"],
-				$_REQUEST["PP"]);
+		pkg_search_page($_COOKIE["AURSID"]);
+				
 	}
 
 
 } elseif (isset($_REQUEST["do_Disown"])) {
-	if ($atype != "User" && $atype != "") {
+	if ($atype == "User" || $atype == "") {
 		print __("You do not have access to disown packages.");
 		print "<br />\n";
 
@@ -59,14 +58,13 @@ if (isset($_REQUEST["do_Flag"])) {
 		# a message and give the user a link to resume where they were
 		# in the search
 		#
-		pkg_search_page($_COOKIE["AURSID"], $_REQUEST["L"], $_REQUEST["C"],
-				$_REQUEST["K"], $_REQUEST["SB"], $_REQUEST["M"], $_REQUEST["O"],
-				$_REQUEST["PP"]);
+		pkg_search_page($_COOKIE["AURSID"]);
+
 	}
 
 
 } elseif (isset($_REQUEST["do_Adopt"])) {
-	if ($atype != "User" && $atype != "") {
+	if ($atype == "User" || $atype == "") {
 		print __("You do not have access to adopt packages.");
 		print "<br />\n";
 
@@ -79,9 +77,8 @@ if (isset($_REQUEST["do_Flag"])) {
 		# a message and give the user a link to resume where they were
 		# in the search
 		#
-		pkg_search_page($_COOKIE["AURSID"], $_REQUEST["L"], $_REQUEST["C"],
-				$_REQUEST["K"], $_REQUEST["SB"], $_REQUEST["M"], $_REQUEST["O"],
-				$_REQUEST["PP"]);
+		pkg_search_page($_COOKIE["AURSID"]);
+
 	}
 
 
@@ -94,15 +91,14 @@ if (isset($_REQUEST["do_Flag"])) {
 		# vote on the packages in $ids array.  'unvote' for any packages
 		# listed in the $_REQUEST["All_IDs"] array.
 		#
-		print "adopting<br />\n";
+		print "voting<br />\n";
 
 		# After voting, show the search page again (or maybe print out
 		# a message and give the user a link to resume where they were
 		# in the search
 		#
-		pkg_search_page($_COOKIE["AURSID"], $_REQUEST["L"], $_REQUEST["C"],
-				$_REQUEST["K"], $_REQUEST["SB"], $_REQUEST["M"], $_REQUEST["O"],
-				$_REQUEST["PP"]);
+		pkg_search_page($_COOKIE["AURSID"]);
+
 	}
 
 
@@ -116,9 +112,7 @@ if (isset($_REQUEST["do_Flag"])) {
 } else {
 	# do_More/do_Less/do_Search/do_MyPackages - just do a search
 	#
-	pkg_search_page($_COOKIE["AURSID"], $_REQUEST["L"], $_REQUEST["C"],
-			$_REQUEST["K"], $_REQUEST["SB"], $_REQUEST["M"], $_REQUEST["O"],
-			$_REQUEST["PP"]);
+	pkg_search_page($_COOKIE["AURSID"]);
 
 }
 
diff --git a/web/lang/index_po.inc b/web/lang/index_po.inc
index d96cd67a..13c50339 100644
--- a/web/lang/index_po.inc
+++ b/web/lang/index_po.inc
@@ -111,4 +111,9 @@ $_t["en"]["Logged-in as: %h%s%h"] = "Logged-in as: %h%s%h";
 # $_t["fr"]["Logged-in as: %h%s%h"] = "--> Traduction française ici. <--";
 # $_t["de"]["Logged-in as: %h%s%h"] = "--> Deutsche Übersetzung hier. <--";
 
+$_t["en"]["Error looking up username, %s."] = "Error looking up username, %s.";
+# $_t["es"]["Error looking up username, %s."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Error looking up username, %s."] = "--> Traduction française ici. <--";
+# $_t["de"]["Error looking up username, %s."] = "--> Deutsche Übersetzung hier. <--";
+
 ?>
\ No newline at end of file
diff --git a/web/lang/mgmnt_po.inc b/web/lang/mgmnt_po.inc
index 438f50df..824ef500 100644
--- a/web/lang/mgmnt_po.inc
+++ b/web/lang/mgmnt_po.inc
@@ -16,4 +16,9 @@ $_t["en"]["Under construction..."] = "Under construction...";
 # $_t["fr"]["Under construction..."] = "--> Traduction française ici. <--";
 # $_t["de"]["Under construction..."] = "--> Deutsche Übersetzung hier. <--";
 
+$_t["en"]["Manage package ID: %s"] = "Manage package ID: %s";
+# $_t["es"]["Manage package ID: %s"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Manage package ID: %s"] = "--> Traduction française ici. <--";
+# $_t["de"]["Manage package ID: %s"] = "--> Deutsche Übersetzung hier. <--";
+
 ?>
\ No newline at end of file
diff --git a/web/lang/pkgs_po.inc b/web/lang/pkgfuncs_po.inc
index cd96ecbe..cd96ecbe 100644
--- a/web/lang/pkgs_po.inc
+++ b/web/lang/pkgfuncs_po.inc
diff --git a/web/lang/search_po.inc b/web/lang/search_po.inc
index 438f50df..01527c4c 100644
--- a/web/lang/search_po.inc
+++ b/web/lang/search_po.inc
@@ -16,4 +16,24 @@ $_t["en"]["Under construction..."] = "Under construction...";
 # $_t["fr"]["Under construction..."] = "--> Traduction française ici. <--";
 # $_t["de"]["Under construction..."] = "--> Deutsche Übersetzung hier. <--";
 
+$_t["en"]["You must be logged in before you can vote for packages."] = "You must be logged in before you can vote for packages.";
+# $_t["es"]["You must be logged in before you can vote for packages."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must be logged in before you can vote for packages."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must be logged in before you can vote for packages."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["You do not have access to disown packages."] = "You do not have access to disown packages.";
+# $_t["es"]["You do not have access to disown packages."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You do not have access to disown packages."] = "--> Traduction française ici. <--";
+# $_t["de"]["You do not have access to disown packages."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["You must be logged in before you can flag packages."] = "You must be logged in before you can flag packages.";
+# $_t["es"]["You must be logged in before you can flag packages."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must be logged in before you can flag packages."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must be logged in before you can flag packages."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["You do not have access to adopt packages."] = "You do not have access to adopt packages.";
+# $_t["es"]["You do not have access to adopt packages."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You do not have access to adopt packages."] = "--> Traduction française ici. <--";
+# $_t["de"]["You do not have access to adopt packages."] = "--> Deutsche Übersetzung hier. <--";
+
 ?>
\ No newline at end of file
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 9cd7fab2..d27b96f4 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -464,6 +464,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
 	}
 	$search_vars[] = "SB";
 	$q.= "LIMIT ". $OFFSET . ", " . $HITS_PER_PAGE;
+
 	$result = db_query($q, $dbh);
 	if (!$result) {
 		print __("No results matched your search criteria.");
diff --git a/web/lib/pkgs.inc b/web/lib/pkgfuncs.inc
index 9fd70cbf..c8427ab8 100644
--- a/web/lib/pkgs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -1,5 +1,5 @@
 <?
-include_once("pkgs_po.inc");
+include_once("pkgfuncs_po.inc");
 
 # grab the current list of PackageCategories
 #
@@ -35,8 +35,8 @@ function pkgLocations() {
 
 # display the search form in a boxSoft style
 #
-function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
-		$D="") {
+function pkg_search_page($SID="") {
+	global $_REQUEST;
 	# SID: session id cookie
 	# L: PackageLocations.ID
 	# C: PackageCategories.ID
@@ -53,16 +53,20 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 	$dbh = db_connect();
 
 
-	if (!$PP) {$PP = 25;}
-	if ($O) {
-		$OFFSET = intval($O);
-	} else {
-		$OFFSET = 0;
+	# determine paging variables
+	#
+	isset($_REQUEST["PP"]) ? $PP = intval($_REQUEST["PP"]) : $PP = 25;
+	isset($_REQUEST["O"]) ? $O = intval($_REQUEST["O"]) : $O = 0;
+	if (isset($_REQUEST["do_More"])) {
+		$O += $PP;
+	} elseif (isset($_REQUEST["do_Less"])) {
+		$O -= $PP;
 	}
-	if ($OFFSET < 0) {
-		$OFFSET = 0;
+	if ($O < 0) {
+		$O = 0;
 	}
 
+
 	# grab info for user if they're logged in
 	#
 	if ($SID) {
@@ -72,15 +76,15 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 
 	# The search form
 	#
-	print "SID=$SID, L=$L, C=$C, K=$K, SB=$SB, M=$M, O=$O, PP=$PP<br />\n";
-
+	$K = str_replace("\"", "", $_REQUEST["K"]); # TODO better testing for
+                                              # SQL trickery...
 	print "<form action='/pkgsearch.php' method='post'>\n";
-	print "<input type='hidden' name='O' value='".($OFFSET+intval($PP))."'>\n";
-	print "<input type='hidden' name='L' value='".$L."'>\n";
-	print "<input type='hidden' name='M' value='".$M."'>\n";
-	print "<input type='hidden' name='C' value='".$C."'>\n";
+	print "<input type='hidden' name='O' value='".$O."'>\n";
+	print "<input type='hidden' name='L' value='".$_REQUEST["L"]."'>\n";
+	print "<input type='hidden' name='M' value='".$_REQUEST["M"]."'>\n";
+	print "<input type='hidden' name='C' value='".$_REQUEST["C"]."'>\n";
 	print "<input type='hidden' name='K' value='".$K."'>\n";
-	print "<input type='hidden' name='SB' value='".$SB."'>\n";
+	print "<input type='hidden' name='SB' value='".$_REQUEST["SB"]."'>\n";
 	print "<input type='hidden' name='PP' value='".$PP."'>\n";
 
 	print "<center>\n";
@@ -101,7 +105,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 	print "  <select name='L'>\n";
 	print "  <option value=0> ".__("Any")."\n";
 	while (list($id, $loc) = each($locs)) {
-		if ($L == $id) {
+		if ($_REQUEST["L"] == $id) {
 			print "  <option value=".$id." selected> ".$loc."\n";
 		} else {
 			print "  <option value=".$id."> ".$loc."\n";
@@ -116,7 +120,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 	print "  <select name='C'>\n";
 	print "  <option value=0> ".__("Any")."\n";
 	while (list($id, $cat) = each($cats)) {
-		if ($C == $id) {
+		if ($_REQUEST["C"] == $id) {
 			print "  <option value=".$id." selected> ".$cat."\n";
 		} else {
 			print "  <option value=".$id."> ".$cat."\n";
@@ -129,7 +133,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 	print "  <span class='f5'><span class='blue'>".__("Keywords");
 	print "</span></span><br />\n";
 	print "  <input type='text' name='K' size='35'";
-	print " value='".$K."' maxlength='35'>\n";
+	print " value=\"".stripslashes($K)."\" maxlength='35'>\n";
 	print "</td>\n";
 
 	print "<td align='right'>\n";
@@ -137,16 +141,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 	print "</span></span><br />\n";
 	print "  <select name='SB'>\n";
 	print "  <option value=n";
-	$SB == "n" ? print " selected> " : print "> ";
+	$_REQUEST["SB"] == "n" ? print " selected> " : print "> ";
 	print __("Name")."\n";
 	print "  <option value=c";
-	$SB == "c" ? print " selected> " : print "> ";
+	$_REQUEST["SB"] == "c" ? print " selected> " : print "> ";
 	print __("Category")."\n";
 	print "  <option value=l";
-	$SB == "l" ? print " selected> " : print "> ";
+	$_REQUEST["SB"] == "l" ? print " selected> " : print "> ";
 	print __("Location")."\n";
 	print "  <option value=v";
-	$SB == "v" ? print " selected> " : print "> ";
+	$_REQUEST["SB"] == "v" ? print " selected> " : print "> ";
 	print __("Votes")."\n";
 	print "  </select>\n";
 	print "</td>\n";
@@ -194,16 +198,16 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 #	$q.= "ON Packages.ID = PackageVotes.PackageID ";
 	$q = "SELECT * FROM Packages ";
 	$has_where = 0;
-	if ($L) {
-		$q.= "WHERE LocationID = ".intval($L)." ";
+	if (isset($_REQUEST["L"]) && $_REQUEST["L"]) {
+		$q.= "WHERE LocationID = ".mysql_escape_string($_REQUEST["L"])." ";
 		$has_where = 1;
 	}
-	if ($C) {
+	if (isset($_REQUEST["C"]) && $_REQUEST["C"]) {
 		if (!$has_where) {
-			$q.= "WHERE CategoryID = ".intval($C)." ";
+			$q.= "WHERE CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
 			$has_where = 1;
 		} else {
-			$q.= "AND CategoryID = ".intval($C)." ";
+			$q.= "AND CategoryID = ".mysql_escape_string($_REQUEST["C"])." ";
 		}
 	}
 	if ($K) {
@@ -216,7 +220,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 			$q.= "Description LIKE '%".mysql_escape_string($K)."%') ";
 		}
 	}
-	if ($M && $SID) {
+	if (isset($_REQUEST["M"]) && $_REQUEST["M"] && $SID) {
 		if ($myuid) {
 			if (!$has_where) {
 				$q.= "WHERE MaintainerUID = ".$myuid." ";
@@ -227,7 +231,7 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 		}
 	}
 
-	switch ($SB) {
+	switch (isset($_REQUEST["SB"])) {
 		case 'c':
 			$q.= "ORDER BY CategoryID ASC, Name ASC, LocationID ASC ";
 			break;
@@ -241,13 +245,13 @@ function pkg_search_page($SID="",$L="",$C="",$K="",$SB="",$M=0,$O=0,$PP=25,
 			$q.= "ORDER BY Name ASC, LocationID ASC, CategoryID ASC ";
 			break;
 	}
-	$q.= "LIMIT ".$OFFSET.", ".intval($PP);
+	$q.= "LIMIT ".$O.", ".$PP;
 
 	print $q."<br />\n";
 
 	$result = db_query($q, $dbh);
 	if (!$result) {
-		print __("No packages matched your search criteria.");
+		print __("Error retrieving package list.");
 
 	} elseif (!mysql_num_rows($result)) {
 		print __("No packages matched your search criteria.");