summaryrefslogtreecommitdiffstats
path: root/web/html/tu.php
AgeCommit message (Collapse)AuthorFilesLines
2017-04-27Call check_sid() from a central locationLukas Fleischer1-2/+0
Instead of calling check_sid() from every single PHP script representing a web page, add the call to aur.inc.php which is sourced by all of them. Also, remove set_lang() calls from the scripts since these are also already included in aur.inc.php. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-02-04Rename the AUR software to aurwebLukas Fleischer1-1/+1
Rename the project to help differentiate between the software providing access to the Arch User Repository and the collection of source packages itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer1-7/+2
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11Forbid developers to voteBalló György1-0/+3
According to Trusted User Bylaws, TUs (and only TUs) must take part in votes. Developers who want to take part in votes should set their account type to 'Trusted User'. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-03Move "Add Proposal" link to "Current Votes"Lukas Fleischer1-9/+1
The page this links to allows for adding an item to the list of current votes. Move the link accordingly. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Move "Past Votes" navigation to "Past Votes" boxLukas Fleischer1-14/+3
These are navigation links and do not belong to the action box. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Add "Last Votes by TU" listLukas Fleischer1-0/+2
This shows a list of all Trusted Users and the vote ID of the last proposal each of the TUs voted on. This list is sorted by vote ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-10tu.php: Fix page showing a user hasn't voted when they havecanyonknight1-2/+5
An ended vote details page will report a user hasn't voted even when they have. This is a result of faulty logic that only checks if a user has voted if the vote is still running. Regression with commit c15441762c6f6ab4438eaf2854c0ee3146a98b30 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-3/+3
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-4/+4
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-1/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-11tu.php: Fix PHP notice for "hasvoted" variablecanyonknight1-0/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Pull out DB code from trusted user pagecanyonknight1-54/+14
* Move DB code in tu.php and tu.php and tu_list.php to new functions in accfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Overhaul trusted user proposal page to match archwebcanyonknight1-11/+14
* Change all boxes and other CSS to match archweb * General fixups in XHTML formatting * Change results table to match color scheme everywhere else Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Be consistent in PHP logical operator usagecanyonknight1-2/+2
A mix of logical operator styles are currently in use. The predominant style uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency is minor, but is easily avoided. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-1/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-12-17Set the title in the Trusted User pageAndrea Scarpino1-1/+4
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-1/+1
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17test return value from db_query before assuming it is validelij1-3/+14
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27create variable before referencing it with .=elij1-0/+1
fixes php notice level error: Undefined variable: whovoted in ../tu.php Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: use standard LIMIT/OFFSET syntaxDan McGee1-1/+1
Increases compatibility with standard SQL dialect. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-1/+1
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-12-05Do not display current votes in All Votes, and rename it as Past VotesAndrea Scarpino1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26tu.php: Sort votes by descending date.Loui Chang1-4/+4
Also make syntax more straightforward. 'asc' is ascending, rather than 'up'. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu: Bring Trusted User interface in line with the rest of the site.Loui Chang1-12/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu.php: Remove trailing whitespace.Loui Chang1-4/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-26Untranslate TU vote fields so they're properly saved in the database.Loui Chang1-3/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-1/+1
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13Change layout of tu_details.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13List TUs that voted on a proposal.Angel 'angvp' Velasquez1-0/+13
This patch lists who voted on a proposal after the proposal is closed. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-2/+2
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-10Tweak TU interface for appearance.Loui Chang1-8/+13
Show ten votes per page instead of five. Change the vote preview to 75 characters so entries fit better in the table. Remove [More] links and make the description itself a link. Clean up a couple notices. Send unauthorised users to index.php. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-07Setup translation files for tu.phpCallan Barrett1-1/+1
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-10-06Major rearrangement of tu.php, strings setup for translationCallan Barrett1-368/+70
All the strings are set up to be translated now, HTML of tu.php has been moved to templates and the worst of it rewritten (there's no longer a massive function in it) Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-01-20Add support for variable length votes in voting applicationCallan Barrett1-55/+76
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20AUR Voting ApplicationCallan Barrett1-0/+431
Added support for TU voting through AUR Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>