diff options
Diffstat (limited to 'web/lib/aur.inc.php')
| -rw-r--r-- | web/lib/aur.inc.php | 152 |
1 files changed, 60 insertions, 92 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 8b9f31ec..1a6164ed 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -52,9 +52,7 @@ function check_sid($dbh=NULL) { } elseif ($failed == 2) { # session id timeout was reached and they must login again. # - $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= db_escape_string($_COOKIE["AURSID"]) . "'"; - db_query($q, $dbh); + delete_session_id($_COOKIE["AURSID"], $dbh); setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true); unset($_COOKIE['AURSID']); @@ -90,14 +88,18 @@ function check_token() { # verify that an email address looks like it is legitimate # function valid_email($addy) { - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false); -} + // check against RFC 3696 + if (filter_var($addy, FILTER_VALIDATE_EMAIL) === false) { + return false; + } -# a new seed value for mt_srand() -# -function make_seed() { - list($usec, $sec) = explode(' ', microtime()); - return (float) $sec + ((float) $usec * 10000); + // check dns for mx, a, aaaa records + list($local, $domain) = explode('@', $addy); + if (!(checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) { + return false; + } + + return true; } # generate a (hopefully) unique session id @@ -282,77 +284,11 @@ function db_query($query="", $db_handle="") { return $result; } -# set up the visitor's language -# -function set_lang($dbh=NULL) { - global $LANG; - global $SUPPORTED_LANGS; - global $PERSISTENT_COOKIE_TIMEOUT; - global $streamer, $l10n; - - $update_cookie = 0; - if (isset($_REQUEST['setlang'])) { - # visitor is requesting a language change - # - $LANG = $_REQUEST['setlang']; - $update_cookie = 1; - - } elseif (isset($_COOKIE['AURLANG'])) { - # If a cookie is set, use that - # - $LANG = $_COOKIE['AURLANG']; - - } elseif (isset($_COOKIE["AURSID"])) { - # No language but a session; use default lang preference - # - if(!$dbh) { - $dbh = db_connect(); - } - $q = "SELECT LangPreference FROM Users, Sessions "; - $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '"; - $q.= db_escape_string($_COOKIE["AURSID"])."'"; - $result = db_query($q, $dbh); - - if ($result) { - $row = mysql_fetch_array($result); - $LANG = $row[0]; - } - $update_cookie = 1; - } - - # Set $LANG to default if nothing is valid. - if (!array_key_exists($LANG, $SUPPORTED_LANGS)) { - $LANG = DEFAULT_LANG; - } - - if ($update_cookie) { - $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT; - setcookie("AURLANG", $LANG, $cookie_time, "/"); - } - - $streamer = new FileReader('../locale/' . $LANG . - '/LC_MESSAGES/aur.mo'); - $l10n = new gettext_reader($streamer, true); - - return; -} - - # common header # function html_header($title="") { - global $_SERVER; - global $_COOKIE; - global $_POST; global $LANG; global $SUPPORTED_LANGS; - global $DISABLE_HTTP_LOGIN; - - if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) { - $login = try_login(); - $login_error = $login['error']; - } $title = htmlspecialchars($title, ENT_QUOTES); @@ -441,8 +377,7 @@ function chmod_group($path) { # obtain the uid given a Users.Username # -function uid_from_username($username="", $dbh=NULL) -{ +function uid_from_username($username="", $dbh=NULL) { if (!$username) { return ""; } @@ -462,8 +397,7 @@ function uid_from_username($username="", $dbh=NULL) # obtain the uid given a Users.Email # -function uid_from_email($email="", $dbh=NULL) -{ +function uid_from_email($email="", $dbh=NULL) { if (!$email) { return ""; } @@ -483,8 +417,7 @@ function uid_from_email($email="", $dbh=NULL) # check user privileges # -function check_user_privileges() -{ +function check_user_privileges() { $type = account_from_sid($_COOKIE['AURSID']); return ($type == 'Trusted User' || $type == 'Developer'); } @@ -523,8 +456,7 @@ function mkurl($append) { return substr($out, 5); } -function get_salt($user_id, $dbh=NULL) -{ +function get_salt($user_id, $dbh=NULL) { if(!$dbh) { $dbh = db_connect(); } @@ -537,8 +469,7 @@ function get_salt($user_id, $dbh=NULL) return; } -function save_salt($user_id, $passwd, $dbh=NULL) -{ +function save_salt($user_id, $passwd, $dbh=NULL) { if(!$dbh) { $dbh = db_connect(); } @@ -549,21 +480,18 @@ function save_salt($user_id, $passwd, $dbh=NULL) return db_query($salting_q, $dbh); } -function generate_salt() -{ +function generate_salt() { return md5(uniqid(mt_rand(), true)); } -function salted_hash($passwd, $salt) -{ +function salted_hash($passwd, $salt) { if (strlen($salt) != 32) { trigger_error('Salt does not look like an md5 hash', E_USER_WARNING); } return md5($salt . $passwd); } -function parse_comment($comment) -{ +function parse_comment($comment) { $url_pattern = '/(\b(?:https?|ftp):\/\/[\w\/\#~:.?+=&%@!\-;,]+?' . '(?=[.:?\-;,]*(?:[^\w\/\#~:.?+=&%@!\-;,]|$)))/iS'; @@ -585,3 +513,43 @@ function parse_comment($comment) return $html; } + +function begin_atomic_commit($dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + db_query("BEGIN", $dbh); +} + +function end_atomic_commit($dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + db_query("COMMIT", $dbh); +} + +function last_insert_id($dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + return mysql_insert_id($dbh); +} + +function latest_pkgs($numpkgs, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + + $q = "SELECT * FROM Packages "; + $q.= "ORDER BY SubmittedTS DESC "; + $q.= "LIMIT " .intval($numpkgs); + $result = db_query($q, $dbh); + + if ($result) { + while ($row = mysql_fetch_assoc($result)) { + $packages[] = $row; + } + } + + return $packages; +} |