summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc.php
AgeCommit message (Collapse)AuthorFilesLines
2014-07-25Do not allow regular users to edit all accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Clean up user references in user_delete()Lukas Fleischer1-0/+35
Explicitly clean up all references before deleting a user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Add a new user group "Trusted User & Developer"Lukas Fleischer1-1/+5
This group has full permissions on everything. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Disallow privileged users to use invalid user namesLukas Fleischer1-22/+1
Prevent Trusted Users and developers from accidentally using a name that contains invalid characters. Also, remove user_is_privileged() which is no longer needed after this change. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer1-26/+11
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-05acctfuncs.inc.php: Fix indentationLukas Fleischer1-2/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-05acctfuncs.inc.php: Reduce nesting in several functionsLukas Fleischer1-257/+264
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-05Do not return "None" in user functionsLukas Fleischer1-1/+1
Return null instead of the string "None" in username_from_id(), uid_from_email() and uid_from_username(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-05-30Accept upper case letters in valid_username()Lukas Fleischer1-1/+1
In commit 0722f46 (Simplify valid_user() and valid_username(), 2014-02-06), the conversion to lower case letters was unintentionally removed and in consequence, names with upper case letters have been rejected since then. Instead of reintroducing the conversion, add the "i" modifier to the regular expression validating the name to do case-insensitive pattern matching. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-05-22acctfuncs.inc.php: Fix typoLukas Fleischer1-1/+1
Replace a misplaced semicolon with the concatenation operator. This makes the AUR insert proper Reply-to and From headers again when sending password reset emails on registration. Fixes a regression introduced in 94a4f59 (Set Content-type header when sending UTF-8 mails, 2014-02-10). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-05-22Use aur.archlinux.org in sender email addressesLukas Fleischer1-2/+2
Consistently use the following headers in notification emails: Reply-to: noreply@aur.archlinux.org From: notify@aur.achlinux.org Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-05-22Be friendly to newly registered usersLukas Fleischer1-3/+5
Use "Welcome to the Arch User Repository" instead of "AUR Password Reset" as subject for the initial password reset email. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-10Set Content-type header when sending UTF-8 mailsLukas Fleischer1-1/+3
Fixes FS#38568. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-10Use CRLF to separate headers in mail()Lukas Fleischer1-1/+4
This is the correct delimiter for mail headers according to the PHP documentation and RFC 2822. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-09Remove LastVoted columnLukas Fleischer1-3/+0
This has been introduced by commit aae43d9 (started working on package comments, 2005-03-05) but it seems to be of no practical use. Remove the field to save some space. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-06Simplify valid_user() and valid_username()Lukas Fleischer1-17/+10
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-06acctfuncs.inc.php: Fix comment styleLukas Fleischer1-36/+28
* Use C-style comments (/* */) instead of #. * Remove some superfluous comments and slightly reword others. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-01Sort last TU votes by vote and by user nameLukas Fleischer1-1/+1
Instead of using a random secondary order, sort by the ID of the last vote first, then by user name. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-20acctfuncs.inc.php: Allow translation of missing stringscanyonknight1-2/+2
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-28Only include current TUs in the last votes listLukas Fleischer1-3/+4
Do not show users that took part in past TU votes but no longer have TU powers. Also, fix the sorting column while we're touching these lines. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Exclude running votes from "Last Votes by TU"Lukas Fleischer1-1/+4
Showing running votes potentially allows for tracking votes and associating yes/no/abstain votes with specific TUs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Add "Last Votes by TU" listLukas Fleischer1-0/+19
This shows a list of all Trusted Users and the vote ID of the last proposal each of the TUs voted on. This list is sorted by vote ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Add a vote type to the TU proposal formLukas Fleischer1-3/+4
There are only four valid reasons for starting a TU vote, so instead of letting the user choose a vote length, let her pick a reason and set vote length and quorum based on that selection. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Store the number of TUs when starting a voteLukas Fleischer1-2/+8
This will be used for automated calculation of vote participation later. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Allow for setting an account's inactivity statusLukas Fleischer1-6/+22
This adds a field to the users table and corresponding fields to the account edit and display forms that allow for setting an (in-)activity status. This might turn out to be useful if a user is on vacation and can not respond to update/orphan/deletion requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-04-24Remove superfluous search wrapper functioncanyonknight1-10/+0
The search_accounts_form() wrapper function doesn't have any arguments and only makes it unclear what is happening within account.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-25Show hint if password is empty during loginLukas Fleischer1-2/+31
A user might have an empty password due to two reasons: * The user just created an account and needs to set an initial password. * The password has been reset by the administrator. In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-24Implement IP banning for user registration and user logincanyonknight1-1/+34
Adds a new is_ipbanned() function to determine whether the user attempting to login or register for an account has their IP address listed in the "Bans" table. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21Save last login IP addressLukas Fleischer1-1/+2
Save the IP address used for the last login in the "Users" table. This makes it a bit easier to create IP ban lists for spammers without looking at web server logs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21process_account_form(): Highlight errorsLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19process_account_form(): Allow using empty passwordsLukas Fleischer1-13/+25
If an empty password is passed during account registration, login for the new user is disabled and a reset key is sent to the new user's e-mail address so that they can set an initial password manually. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Move reset key submission to a separate functionLukas Fleischer1-0/+26
This allows for reusing reset key submission for other things, such as sending an initial password reset code during account registration. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove checks before calling connection methodcanyonknight1-73/+24
Large amount of boilerplate code that checks if a database connection exists is useless now that the new connection method automatically does the same check. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove documentation references to database parametercanyonknight1-24/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove unnecessary database connection parameter from all functionscanyonknight1-29/+29
All functions now have a database connection method that will use the same database connection. This imitates the functionality of passing a database connection as an argument and makes it redundant. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Add database wrapper class and new connection methodcanyonknight1-24/+24
Uses the Singleton pattern to ensure all queries use the same database connection that is released upon script completion. All database connections should now be called with DB::connect() and not db_connect(). Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-30acctfuncs.inc.php: Change wording of account editing messagecanyonknight1-1/+1
An error message is printed when the number of affected rows is 0 for an edited account. A count of 0 doesn't imply an error, only that no changes were made in the database. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-30Clear a user's active sessions following account suspensioncanyonknight1-0/+19
A suspended user can stay in active sessions. Introduce new function delete_user_sessions to remove all open sessions for a specific user. Allows suspensions to take effect immediately. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-30acctfuncs.inc.php: Change return type of valid_username functioncanyonknight1-6/+5
The function is only determining whether a username is valid, so it makes more sense to simply return a boolean value. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-29Fix account privilege escalation vulnerabilitycanyonknight1-2/+2
A check is only done to verify a Trusted User isn't promoting their account. An attacker can send tampered account type POST data to change their "User" level account to a "Developer" account. Add check so that all users cannot increase their own account permissions. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-29Fix account editing and hijacking vulnerabilitycanyonknight1-0/+29
Checks are in place to avoid users getting account editing forms they shouldn't have access to. The appropriate checks before editing the account in the backend are not in place. This vulnerability allows a user to craft malicious POST data to edit other user accounts, thereby allowing account hijacking. Add a new flexible function can_edit_account() to determine if a user has appropriate permissions. Run the permission check before processing any account information in the backend. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-08Refactor TU voters listLukas Fleischer1-3/+3
* Change voters_list() to return an array of voters instead of generating HTML code in the library call. * Change the template to generate HTML code for the list of voters instead of displaying the library's return value. * Use HTML lists. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Avoid use of "<b>"/"</b>"Lukas Fleischer1-6/+6
* Use "<label>"/"</label>" for form labels. * Use "<strong>"/"</strong>" for important text. * Use "<h4>"/"</h4>" for headings. * Drop "<b>"/"</b>" everywhere else. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24acctfuncs.inc.php: Document all functions using PHPDoc formatcanyonknight1-81/+270
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Overhaul ability to edit own accountcanyonknight1-18/+0
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user info pagecanyonknight1-1/+1
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Adjust user directions after registering to reflect new login pagecanyonknight1-1/+1
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Migrate all DB code to use PDOcanyonknight1-110/+119
All DB code currently uses the quickly aging mysql_* functions. These functions are strongly discouraged and may eventually be deprecated. Transition all code to utilize the PDO data access abstraction layer. PDO allows for consistent query code across multiple databases. This could potentially allow for someone to use a database other than MySQL with minimal code changes. All functions and behaviors are reproduced as faithfully as possible with PDO equivalents and some changes in code. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Redirect to the home page after successful loginLukas Fleischer1-1/+1
Jump to the home page instead of displaying a page that only tells you that you're logged in. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-2/+2
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>