summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2017-02-24Use bcrypt to hash passwordsLukas Fleischer2-141/+60
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Fix user name in disown notificationsLukas Fleischer1-3/+3
Do not overwrite the $uid variable when updating co-maintainers. Fixes FS#52225. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Add a parameter to skip old requests to pkgreq_list()Lukas Fleischer1-5/+12
Allow for hiding requests which were opened before a given time stamp. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-14Make aurjson error messages consistentMichael Straube1-2/+2
All error messages in aurjson except two end with a period. Add the missing periods to make the messages consistent. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Add direct links to each source fileJanne Heß1-2/+4
Currently, each source file which is an external link (http://, https://, ...) is a clickable link. This commit extends the behaviour by making files from the repository clickable as well. The link brings the user to the corresponding cgit page. Also, the link to the PKGBUILD is altered to make the configuration more consistent. Signed-off-by: Janne Heß <jannehess@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add an option to filter by user to pkgreq_list()Lukas Fleischer1-1/+8
When a user is specified, the function only returns package requests which are either opened by the given user or affecting packages maintained by the given user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Allow to search for both maintainer and co-maintainerLukas Fleischer1-0/+8
As a follow-up to commit 6cb8c04 (Implement co-maintainer search, 2017-01-26), add an option to search for both maintainers and co-maintainers at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08confparser.inc.php: Support alternative config pathLukas Fleischer1-1/+5
Add a AUR_CONFIG environment variable that can be used to specify an alternative configuration file, similar to the feature introduced in ecbf32f (git-interface: Add AUR_CONFIG environment variable, 2016-08-03). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Return the number of results in pkg_search_page()Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Refactor pkg_search_page()Lukas Fleischer1-83/+47
* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-03Split out the search form from pkg_search_page()Lukas Fleischer1-2/+0
This makes it easier to display search results without showing the search form. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-28Implement co-maintainer searchLukas Fleischer1-0/+8
Add an option to filter package search results by co-maintainer. Partly fixes FS#45591. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25Store banned IP addresses as plain textLukas Fleischer1-1/+1
Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Update cookie for language setting when editing user informationMark Weiman1-0/+7
Currently, when a user edits their language setting from the edit user form, the changes aren't reflected until the user either lets the original cookie expire, deletes the cookie manually, or changes the language a second time via the dropdown menu on the top of the page. This patch makes the language cookie get updated when it is changed from the edit user form. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman4-6/+86
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Remove extraneous quote in translator.inc.phpMark Weiman1-1/+1
The quote is a leftover of legacy code and was meant to be removed by commit e171f6f (Migrate all DB code to use PDO, 2012-08-08). Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Fix DB.class.php to match config and include SQLite supportMark Weiman1-7/+17
In commit baf8a22 (git-interface: Support SQLite as database backend, 2016-08-03), conf/config.proto was changed so that dsn_prefix was changed to backend and this fixes this in web/lib/DB.class.php. Since SQLite's dsn is different, this adds a check of which backend is desired and will quit if MySQL or SQLite are not the backend selected. SQLite2 may be supported, but is untested and will trigger an error if used. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Remove all usage of UNIX_TIMESTAMP in web interfaceMark Weiman4-16/+16
UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in the web interface is changed to use PHP's time() function. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Release 4.4.1v4.4.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Move configuration to /etc/aurweb/configLukas Fleischer1-1/+1
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key components of the aurweb SSH interface are installed system-wide. Update the default configuration path to point to a central location. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-15Release 4.4.0v4.4.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-08-14Release 4.3.0v4.3.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-30Distinguish auto-accepted requestsLukas Fleischer1-1/+1
Before commit 9746a65 (Port notification routines to Python, 2015-06-27), notification emails for automatically closed requests explicitly stated that the action was taken "automatically by the Arch User Repository package request system". When porting the notification routines to Python, this feature was overlooked and emails sent by the new script always reported that the requester triggered the acceptance or rejection of a request. This patch reimplements the old behavior such that notifications no longer look as if the requester had accepted the request himself. Reported-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-26Add hard limit for the length of dependency listsLukas Fleischer1-4/+6
Introduce a configuration option max_depends which can be used to specify a maximum number of (reverse) dependencies to display on the package details pages. Fixes FS#49059. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-08Add a homepage field to accountsLukas Fleischer1-4/+8
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-02pkgbasefuncs.inc.php: Remove debug statementLukas Fleischer1-1/+0
Remove a leftover var_dump() invocation that was introduced in commit 5fb7a74 (Replace categories with keywords, 2015-06-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-19Merge branch 'maint'Lukas Fleischer1-1/+1
2016-03-13Release 4.2.1v4.2.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-13Merge branch 'maint'Lukas Fleischer1-2/+2
2016-03-13Store last login address as plain textLukas Fleischer1-2/+2
Directly store the information contained in $_SERVER['REMOTE_ADDR'] instead of using ip2long() which does not support IPv6 addresses. Note that the LastLoginIPAddress field is designed to be used by the administrator on rare occasions only (e.g. to fight spam) and is not displayed anywhere. Fixes FS#48557. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-01Merge branch 'maint'Lukas Fleischer1-1/+0
2016-03-01aurjson: Remove stray GROUP BY clauseLukas Fleischer1-1/+0
The IDs of packages are unique, so there is no need to group search results by package ID. Note that the GROUP BY statement in question was introduced in commit 3447dfc (Support versioned RPC queries, 2014-04-28) for no apparent reason and could even lead to errors in various DBMS. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-21Send notifications when changing ownershipLukas Fleischer2-3/+12
Add a new option that makes it possible to subscribe to package ownership changes (adoption/disownment). Fixes FS#15412. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-19Unset $pinned unconditionally when displaying commentsMark Weiman2-2/+2
In pkg_comments.php, the $pinned variable is used to determine whether the template is supposed to print all comments or pinned comments only. If the $pinned variable is unset, the top 10 comments are printed, followed by an "All comments" link. If the $pinned variable is set, the pinned comments are printed and the "All comments" link below the comment listing is skipped. Thus, we need to make sure that this variable is always unset at the time we include the template to display all comments, even if it was empty before. Fixes FS#48194. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-15Release 4.2.0v4.2.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-09aurjson: Add package base keywordsLukas Fleischer1-2/+16
Expose package base keywords through the RPC interface (version 5). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add support for package update notificationsLukas Fleischer1-2/+5
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add global comment notification settingLukas Fleischer1-2/+5
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Rename the CommentNotify table to PackageNotificationsLukas Fleischer3-11/+11
As a preparatory step to adding support for package notifications on events other than comments, rename the database table accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-31Remove 'new' tag from updates tableMarcel Korpel1-1/+1
It was hard to make it consistent with the other new icons from Open Iconic and it hadn't much use after all. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-28Rename constructors to __constructMarcel Korpel2-4/+4
In PHP 7, constructor methods that have the same name as the class they are defined in are deprecated. Use __construct instead. http://php.net/manual/en/migration70.deprecated.php Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-23Add comment undeletion functionalityMarcel Korpel2-4/+20
Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-15Add link to flag OOD commentMark Weiman1-0/+32
Implements: FS#46546 Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Store current date and time when deleting commentsLukas Fleischer1-4/+4
Instead of modifying EditedTS when a comment is deleted, use a separate field DelTS. Use this field to determine whether a comment has been deleted, instead of checking DelUsersID which might be unset when the corresponding user is deleted. Fixes FS#47362. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13aurjson: Do not search by ID when argument is numericLukas Fleischer1-2/+2
When performing info or multiinfo queries, one can currently either pass package names or package IDs as parameters. As a consequence, it is impossible to search for packages with a numeric package name because numeric arguments are always treated as IDs. Since package IDs are not public anymore these days, simply remove the possibility to search by ID in revision 5 of the RPC interface. Fixes FS#47324. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13notify: Do not pass notification texts via pipesLukas Fleischer3-7/+6
Directly retrieve comments from the database instead of additionally passing them via stdin. Fixes FS#46742. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Save comment when closing requestsLukas Fleischer1-1/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Implement capability to pin comments above othersMark Weiman3-6/+127
Adds capability to pin comments before others. Implements FS#10863. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-14Make the notification script configurableLukas Fleischer1-1/+1
Add a configuration option to set the path of the notification script. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-12Remove redundant codeLukas Fleischer1-15/+1
This code is no longer needed since 9746a65 (Port notification routines to Python, 2015-06-27). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>