summaryrefslogtreecommitdiffstats
path: root/web/lib/aur.inc
AgeCommit message (Collapse)AuthorFilesLines
2011-04-27SQL: treat all UID/ID values as numbers, not stringsDan McGee1-3/+3
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Replace translation engine with php-gettext.Lukas Fleischer1-4/+4
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Remove Dummy Package conceptDan McGee1-2/+1
Instead, we just store dependencies directly in the PackageDepends table. Since we don't use this info anywhere besides the package details page, there is little value in precalculating what is in the AUR vs. what is not. An upgrade path is provided via several SQL statements in the UPGRADING document. There should be no user-visible change from this, but the DB schema gets a bit more sane and we no longer have loads of junk packages in our tables that are never shown to the end user. This should also help the MySQL query planner in several cases as we no longer have to be careful to exclude dummy packages on every query. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Set a default timezoneDan McGee1-0/+2
With our use of strtotime() in stats.inc, we are "required" to do so or at least the emitted warning tells us it is a good idea. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Improve cookie handlingDan McGee1-12/+8
* Remove comment that is mostly bogus- the domain is automatically set. * When logging out, don't delete the language cookie. * Make the language cookie persistent. * Use the minimal time possible to expire cookies; no need to compute anything. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Set the character set when connecting to mysqlFlorian Pritz1-0/+2
We should not rely on the default server setting staying the same forever. Signed-off-by: Florian Pritz <bluewind@server-speed.net> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Replaced rm_rf() by rm_tree().Lukas Fleischer1-3/+15
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Make external links in comments clickable (FS#20137).Lukas Fleischer1-0/+24
Comments are now split at link boundaries and links are converted separately. I find this to be a much cleaner way than re-converting comments that have already been converted using htmlspecialchars(). This also doesn't require any callback procedure. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-07-23Header and navbar consistent with Arch site redesignDenis Kobozev1-0/+8
-- Loui Chang Change is_tu to check_user_privileges Change div#archdev-navbar style Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-16aur.inc: generate_salt() now uses mt_rand()Linas1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-17Support for storing salted passwordsDenis1-0/+31
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-10Remove useless or redundant code for translations.Loui Chang1-6/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-08Make DEFAULT_LANG mean the default language for displayed messages.Athurg Gooth1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-13Add uid_from_email(), similar to uid_from_usernameEvangelos Foutras1-1/+20
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-04-13Remove author information from scripts.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-4/+6
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-31aur.inc: remove unused codeDan McGee1-47/+0
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-30Use non-persistant connectionsDan McGee1-4/+15
There is really no need to use persistent connections to the database in this day and age. Most PHP development guides recommend against it, and the new mysqli interface doesn't even include the functionality. Add a matching but currently unused db_disconnect() function while we are at it. Reference counting will cover us for the most part, however. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-29Add function to generate clean urlsCallan Barrett1-0/+34
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Fix up valid email function, FS#12269Callan Barrett1-1/+1
All we're looking for now is an @ in any email address to fix problem with not being able to have + in addresses and just because I see no advantage to having any sort of stringent validation Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-7/+8
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-20Revert "Move call to try_login to login_form."Callan Barrett1-0/+3
This reverts commit 77d93c4946fabcda417b6a5672d881c64e11fb78. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-17Move call to try_login to login_form.Loui Chang1-3/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-25Make remembered sessions actually save themselves.Loui Chang1-4/+13
Also clean up a notice in index.php Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-13Give group writable permissions to uploaded files.Loui Chang1-0/+28
Add a new function chown_group to recursively change permissions. Tweak some of the coding style. Replace some of the redundant string concatenation with a variable. Thanks to Dan McGee for chmod_group. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-09-22Use system rm in rm_rf function.Loui Chang1-12/+3
PHP can't properly handle symlinks which causes problems when self-referencing symlinks appear. This closes FS#11187. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-22Add a new DEFAULT_LANG constant.Loui Chang1-5/+3
DEFAULT_LANG will essentially be used to specify what language strings are initially written in. This will eliminate the need for English translation arrays in AUR and make adding or changing the English strings a lot easier. DEFAULT_LANG may be required for strings to display properly. Also change the output when a translation isn't found. Eliminate the <b> which can cause validation errors depending on where the string is placed. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-05Fix FS#8672Callan Barrett1-1/+2
Patches can_submit_pkg(), this fixes the heaps of bugs people are having Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-03-23Put login into its own function.Loui Chang1-65/+7
Utilise login form template. Also cleaned up a couple notices. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-02-19Fix for information leak in login logic.eliott1-4/+2
Fix for information leak in login logic. No point telling people they have a valid username when the pass is wrong, etc.
2008-01-23Removed QBUG and DBUGSimo Leone1-16/+0
It was broken and hardly used. It's just as easy to add short print statements or logging if some debugging output is needed. Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-20Fix login error and translation bugCallan Barrett1-2/+2
Fixes a login error where entering nothing would result in the login message "Incorrect password for username, ." and changes the translation "TU" to "Trusted User" so the menu bar on the accounts page doesn't bug up (we need a new translation system :((() Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-20More cleanup, add TU link to headerCallan Barrett1-23/+0
Cleans up links on front page, adds a TU link to the header to the voting application, fixes some titles and styling for logged in text Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Support for verbose page titlesCallan Barrett1-1/+3
Verbose page titles again Adds support for more verbose page titles based on current page and action by user and removes sort by options from search form as they're obsolete by column links. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Removes need for name, overwrite and comment fields from pkgsubmit.phpCallan Barrett1-14/+8
This removes the name, overwrite and comment options from pkgsubmit.php by moving when the tarball is extracted (and where) and when the pkgbuild is parsed so pkgname is taken from the pkgbuild instead of user input Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Fix bug with botched AURSID valuesCallan Barrett1-5/+3
In the check_sid function in aur.inc the condition for expiring the cookie and redirecting to hacker.php could never be met and instead the user would be given blank login instead of being considered logged out, now fixed. This also means we no longer need either hacker.php or timeout.php at all. Also, this bug seems to be present in the AUR version running on aur.archlinux.org. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Removes timeout page and moves login form to headerCallan Barrett1-2/+69
This removes the need for a timeout page (and probably hacker.php) and moves the login form and status to the header. If your login times out you won't lose your place anymore and links will always work. Works for me but at the moment index_po.php is imported in aur.inc which has to stay until the translations from it for login are moved to aur_po.php. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Added header, footer, and login form templatesLoui Chang1-82/+6
Implemented the first two in web/lib/aur.inc. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-12-02Update tur-users -> aur-generalSimo Leone1-1/+1
Fix broken links after mailing list rename. Signed-off-by: Simo Leone <simo@archlinux.org>
2007-10-02Tweak to version strings patch.1.4.0Paul Mattal1-0/+1
Rather than rely in any way on config.inc, which is expected to be edited by the user and to persist across versions without change, the version string definition is stored in version.inc and included from aur.inc.
2007-09-27nitpick: Changed "AUR-Home" button to "AUR Home"Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-09-27Merge commit 'origin/testing'Loui Chang1-96/+70
Yeah I actually want to work from testing. Conflicts: web/lib/pkgfuncs.inc Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-09-27I forgot to change AUR_db* usage to constants. Fixed now.Loui Chang1-6/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-09-27Made some things in config.inc.proto that should be constants constantsLoui Chang1-22/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2007-09-22Changes to bring the main arch site theme to the aur.eliott1-96/+70
2007-09-20patch from eliott to convert all <? to <?phppjmattal1-1/+1
2007-09-20- Applied a patch from Loui to fix session removal.swiergot1-11/+11
- Replaced all occurences of mysql_escape_string() with mysql_real_escape_string().