summaryrefslogtreecommitdiffstats
path: root/web/html/index.php
AgeCommit message (Collapse)AuthorFilesLines
2014-01-22Further optimize voters.php to only need the package namecanyonknight1-1/+1
* Extends changes in 81d4cc13dcae2f159ed937d4ce41e1df7d3c82b0 * Modify getvotes() to use the package name rather than package ID * Rename getvotes() to votes_for_pkgname() for clarity with new changes * Modify routing framework and links to now use package names for voters.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-08Convert adopt/disown package action link to formcanyonknight1-0/+6
* Changes adopting/disowning packages to use GET instead of POST * Uses CSS to make form submit button look like a link * Complements commit 3bc951e3d87eaf692a7e47cf16a28d838c7cb2bd Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Re-add CRSF tokens to most package actionsLukas Fleischer1-4/+0
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add virtual path support for package actions, 2012-07-17) partly reverted this by injecting a valid CRSF token when virtual paths are in use. This patch allows for keeping the virtual path feature, while reintroducing POST forms and CRSF tokens. Actions like package flagging, votes and notifications are no longer prone to CRSF (see FS#35437 for details). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-26Use minified typeahead JS from archwebLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-19Implemented typeahead suggestMarcel Korpel1-0/+4
Use Twitter Bootstrap JavaScript framework for typeahead support. Add a new "suggest" JSON method, which returns the first 20 packages that match the beginning characters of a query. canyonknight: Link format change, commit message Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-24index.php: Move voter page token check to switch control structurecanyonknight1-6/+4
Voter page token check takes place in the same way as other existing token checks. Move the check for consistency. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-30Return 404 for invalid account/package subpagesLukas Fleischer1-8/+26
Display an error page and return a 404 status code in the following cases: * An invalid package name is passed to the "packages" action. * An invalid user name is passed to the "account" action. * An invalid package action is passed. * An invalid account action is passed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-20Display an error page if a virtual path doesn't existLukas Fleischer1-0/+4
Give user feedback instead of bailing out with an empty HTTP response body. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-28Move package merging to a separate pagecanyonknight1-0/+3
Package actions now have a separate box on the package details page. Add a package merge link in that box. Link leads to a new page (pkgmerge.php) that can be used to confirm package merging. A separate page with confirmation is used to avoid CSRFs. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-28Move package deletion to a separate pagecanyonknight1-0/+3
Package actions now have a separate box on the package details page. Make a package deletion link in that box. Link leads to a new page (pkgdel.php) that can be used to confirm package deletion. A separate page with confirmation is used to avoid CSRFs. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Do not set GET parameters in the routing frameworkLukas Fleischer1-2/+5
Setting GET parameters manually is bad style and causes some strange side effects when using virtual URLs and mkurl(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18index.php: Fix undefined variable noticeLukas Fleischer1-1/+4
Spotted when browsing the package details page while being logged out. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Overhaul ability to edit own accountcanyonknight1-1/+2
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user account update pagecanyonknight1-0/+2
The "UpdateAccount" page displays information as to whether an account update was successful. All POST account info goes to this page, so use it with sane URLs. Before: AUR_URL/account/?Action=UpdateAccount&U=userfoo After: AUR_URL/account/userfoo/update Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user editing pagecanyonknight1-1/+9
Allows for easier account editing and saner URLs. Update account editing links to use new URL. Before: AUR_URL/account/?Action=DisplayAccount&U=userfoo After: AUR_URL/account/userfoo/edit Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user info pagecanyonknight1-0/+6
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use the "new" icon from archweb for the recent updates tablecanyonknight1-2/+2
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18Use virtual paths for voters pageLukas Fleischer1-0/+6
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a get parameter to request a specific package by ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17routing.inc.php: rtrim() path in get_route()Lukas Fleischer1-1/+1
Return the correct route -- even if a "/" is appended to the URI. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17aur.inc.php: Include routing backendLukas Fleischer1-2/+0
This needs to be available on every page since it is needed for get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if the virtual path feature is disabled. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Add virtual path support for package actionsLukas Fleischer1-1/+31
This allows for using following URLs: * /package/$pkg_name/flag: Flag a package out-of-date * /package/$pkg_name/unflag: Unflag a package * /package/$pkg_name/notify: Enable comment notifications * /package/$pkg_name/unnotify: Disable comment notifications * /package/$pkg_name/vote: Vote for the package * /package/$pkg_name/unvote: Remove vote Note that this code is very hackish and should be refactored once we drop support for legacy URLs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer1-1/+9
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Add routing front/back endsLukas Fleischer1-120/+32
This adds a URL mapping library that can be used to implement virtual paths. Also, "web/html/index.php" is moved to "web/html/home.php" and "web/html/index.php" becomes a routing front end that maps virtual paths to corresponding files. To enable the virtual path feature, all requests need to be redirected to the "index.php" routing script. If you use lighttpd, following rewrite rule can be used: url.rewrite = ( "^(.*)$" => "/index.php/$1" ) A similar rule can be used for Apache (using mod_rewrite). Note that the current routing front end only works if PATH_INFO is provided. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06index.php: Overhaul to match archwebcanyonknight1-62/+103
* Switch to CSS used by archweb * Move package search to a smaller box to match the style of the main site * Add text describing mailing list and bug tracker. Eventually remove those associated nav bar links. * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Remove all traces of "pgboxtitle"Lukas Fleischer1-3/+1
Using a div container to format heading is ridiculous. Use "<h2></h2>" instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-05-06user_table optimizationDan McGee1-2/+2
Rather than looking up by username, it makes more sense to look the stats up by user ID to reduce the number of needed joins. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-10-24Remove a boatload of inline table stylesDan McGee1-1/+1
Replacing with CSS styles where appropriate. A previously unused CSS style is tweaked in the stylesheet to match most of what was done via non-CSS styling. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-20Use "%s" instead of "%h" in format stringsLukas Fleischer1-2/+2
Use the standard string type specifier instead of "%h" in format strings. Both specifiers are treated equally in __() so we shouldn't break anything here. This also allows us to replace the hacky substitution algorithm in __() by vsprintf(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-2/+2
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2009-08-11Use include_once where applicableDan McGee1-2/+2
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-25Remove excess whitespace.1.5.6.3Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-2/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-29Add search bar to index and pkg details pagesCallan Barrett1-0/+2
Also changed it around a little bit so it's not tied down the search results function Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-5/+5
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-17Reword the disclaimer in index.php.Loui Chang1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-25Make remembered sessions actually save themselves.Loui Chang1-2/+3
Also clean up a notice in index.php Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-28Tweak index.php and update translations.Loui Chang1-15/+16
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-22Change some of the index page notices.Loui Chang1-3/+8
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-07Move code out of index.phpLoui Chang1-172/+10
Move database queries to functions and html to templates. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-11Split html and php in index.phpCallan Barrett1-160/+177
No more prints, still all in same file Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-06-07Remove obsolete inline CSS in index.php.Michael Klier1-4/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-07Revert "Split html from front page"Callan Barrett1-4/+151
This reverts commit 0cf3c5ea8bd2799e1354aa2008edb542e01635ba.
2008-06-07Split html from front pageCallan Barrett1-151/+4
html from the index page has been moved to a template file (front_page.php) needs indentation really bad Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-02-19Cleaned up the front page.eliott1-9/+4
Cleaned up the front page. Removed the blank box on the right of the front page, that was leftover from the change to the login form (move).
2008-01-20More cleanup, add TU link to headerCallan Barrett1-1/+1
Cleans up links on front page, adds a TU link to the header to the voting application, fixes some titles and styling for logged in text Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Support for verbose page titlesCallan Barrett1-4/+1
Verbose page titles again Adds support for more verbose page titles based on current page and action by user and removes sort by options from search form as they're obsolete by column links. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Removes timeout page and moves login form to headerCallan Barrett1-97/+1
This removes the need for a timeout page (and probably hacker.php) and moves the login form and status to the header. If your login times out you won't lose your place anymore and links will always work. Works for me but at the moment index_po.php is imported in aur.inc which has to stay until the translations from it for login are moved to aur_po.php. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Fixes to disclaimer text.eliott1-2/+1
2008-01-20Hand diff of simo's patch to remove flag safe functionality.eliott1-36/+1
Simo's original commit text: The idea of safe flagging is unclear, poorly named, misunderstood, and not even used. At the time this patch was created, less than a third of the packages in unsupported were flagged safe, and less than a tenth of users knew how to interpret it. The safe flag has been replaced by a disclaimer on the main page.