summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-02-27Suppress warning on unset SSH keyLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Do not quote legacy variableLukas Fleischer1-1/+0
The $salt variable is no longer needed as of 29a4870 (Use bcrypt to hash passwords, 2017-02-24). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Always use source_file_uri instead of pkgbuild_uriLukas Fleischer1-1/+1
The pkgbuild_uri option was replaced by source_file_uri in 9df1bd5 (Add direct links to each source file, 2017-02-12). Change one remaining reference to pkgbuild_uri accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Fix SQL query used for creating new accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 608c483 (Add user set timezones, 2017-01-20). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-26Merge branch 'master' into maintLukas Fleischer80-971/+2813
2017-02-26Release 4.5.0v4.5.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-26Translation updates from TransifexLukas Fleischer29-355/+1536
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-25Update message catalogLukas Fleischer1-1/+5
2017-02-25pkgreq_results.php: Hide empty tableLukas Fleischer1-0/+4
Display a message that no requests matched the filter criteria instead of showing an empty package requests table. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Use bcrypt to hash passwordsLukas Fleischer5-146/+68
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Fix user name in disown notificationsLukas Fleischer1-3/+3
Do not overwrite the $uid variable when updating co-maintainers. Fixes FS#52225. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Update message catalogLukas Fleischer1-11/+59
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Add security tracker into navbarMorten Linderud2-0/+2
Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Fix several PHP short open tagsLukas Fleischer7-7/+7
Use "<?=" instead of "<?" for printing. Fixes a regression introduced in a9048bb (Dedupe translatable strings, 2015-11-25). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15pkgbase.php: Add default titleLukas Fleischer1-1/+1
Instead of triggering a PHP warning and using an empty title if no package base is specified, use a default title. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Hide old requests from the dashboardLukas Fleischer2-1/+4
Only show package requests created less than 6 months ago on the dashboard. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Add a parameter to skip old requests to pkgreq_list()Lukas Fleischer1-5/+12
Allow for hiding requests which were opened before a given time stamp. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-14Make aurjson error messages consistentMichael Straube1-2/+2
All error messages in aurjson except two end with a period. Add the missing periods to make the messages consistent. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Add direct links to each source fileJanne Heß3-5/+7
Currently, each source file which is an external link (http://, https://, ...) is a clickable link. This commit extends the behaviour by making files from the repository clickable as well. The link brings the user to the corresponding cgit page. Also, the link to the PKGBUILD is altered to make the configuration more consistent. Signed-off-by: Janne Heß <jannehess@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Move package search links on the dashboardLukas Fleischer1-2/+4
Move the package search links below the section headings. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Move my packages to separate dashboard sectionsLukas Fleischer1-6/+10
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add requests to dashboardLukas Fleischer1-0/+6
Add a new table which shows all package requests affecting the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Add a flag to hide headersLukas Fleischer2-4/+9
Introduce a new boolean flag that can be used to disable extended headers, pagination and forms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Split out package results boxLukas Fleischer2-120/+120
Do not include the wrapper div container in the template. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add an option to filter by user to pkgreq_list()Lukas Fleischer1-1/+8
When a user is specified, the function only returns package requests which are either opened by the given user or affecting packages maintained by the given user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add flagged packages to the dashboardLukas Fleischer1-0/+12
Implement a table that shows all packages which are flagged out-of-date and either maintained or co-maintained by the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Allow to search for both maintainer and co-maintainerLukas Fleischer2-0/+9
As a follow-up to commit 6cb8c04 (Implement co-maintainer search, 2017-01-26), add an option to search for both maintainers and co-maintainers at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08confparser.inc.php: Support alternative config pathLukas Fleischer1-1/+5
Add a AUR_CONFIG environment variable that can be used to specify an alternative configuration file, similar to the feature introduced in ecbf32f (git-interface: Add AUR_CONFIG environment variable, 2016-08-03). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add links to all owned packages to the dashboardLukas Fleischer1-2/+2
In addition to showing the 50 most recent maintained and co-maintained packages, add links to all packages one owns or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Return the number of results in pkg_search_page()Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Hide the table sorting links on the dashboardLukas Fleischer1-8/+27
The tables on the dashboard always show the 50 most recent packages, ordered by last update. Do not make the table headers of these tables clickable. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Add dashboardLukas Fleischer2-5/+38
For logged in users, the home page is replaced with an overview of the packages the user maintains or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04pkg_search_results.php: Split out package results boxLukas Fleischer2-88/+88
Do not print the wrapper div container when calling pkg_search_page(). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Refactor pkg_search_page()Lukas Fleischer3-87/+55
* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-03Split out the search form from pkg_search_page()Lukas Fleischer2-3/+2
This makes it easier to display search results without showing the search form. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-28Implement co-maintainer searchLukas Fleischer2-0/+9
Add an option to filter package search results by co-maintainer. Partly fixes FS#45591. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25t1200: Test IP address log and bansLukas Fleischer2-0/+29
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Implement IP address bansLukas Fleischer2-0/+16
Currently, IP address bans affect the web interface only. Make sure they are honored in the SSH interface as well. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25Store banned IP addresses as plain textLukas Fleischer3-2/+9
Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Save last SSH login date and IP addressLukas Fleischer3-1/+24
In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25config.proto: Update path to the notification scriptLukas Fleischer1-1/+1
As of commit 3718860 (Make maintenance scripts installable, 2016-10-17), the notification script is installed as aurweb-notify. Update the sample configuration file accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23Show co-maintainers SSH clone URL on package base pageMark Weiman1-1/+1
On package base pages, if a co-maintainer visits, only the read-only URL is displayed which is inconsistent with how the individual packages of a package base's pages displays them. This adds the SSH clone URL to the package base's page for co-maintainers to see. Implements FS#52675. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23t1200: Add tests for vote/unvoteLukas Fleischer1-0/+66
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23git-serve: Add support for (un-)votingLukas Fleischer2-0/+75
Add support for voting for packages and removing votes from the SSH interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20account.php: Reformat process_account_form() callMark Weiman1-6/+18
Modify the call to process_account_form() to only having one parameter per line. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Update cookie for language setting when editing user informationMark Weiman1-0/+7
Currently, when a user edits their language setting from the edit user form, the changes aren't reflected until the user either lets the original cookie expire, deletes the cookie manually, or changes the language a second time via the dropdown menu on the top of the page. This patch makes the language cookie get updated when it is changed from the edit user form. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman19-23/+130
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-17Document garbage collection settings for GitLukas Fleischer2-2/+12
Add a note to the Git/SSH interface documentation that we recommend to disable automatic garbage collection and use a maintenance script to cleanup and optimize the Git repository instead. Also, add a reference to the Git/SSH interface documentation to the Git repository setup instructions in INSTALL. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-12INSTALL: Refer to the AUR backend as aurwebLukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-07Increase minimum password length to 8 charactersAlex Muller1-1/+1
There are 95 printable ASCII characters which with a minimum length of 4 gives 95^4 or 81 million possible passwords. Increasing the minimum length to 8 increases the number of possible passwords by a factor of about 10^7. Relates to FS#52297. Signed-off-by: Alex Muller <alex@mullr.net> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>