Age | Commit message (Collapse) | Author | Files | Lines |
|
When changing the password of an account, instead of asking for the old
password of the account, ask for the password of the currently logged in
user. This allows privileged users to edit other accounts without
knowing their passwords.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a CAPTCHA to protect against automated account creation. The CAPTCHA
changes whenever three new accounts are registered.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The each() function has been deprecated as of PHP 7.2.0. Use foreach
loops instead.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow users to add a link to their homepage to their profile.
Implements FS#22774.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a new option that makes it possible to subscribe to package
ownership changes (adoption/disownment).
Fixes FS#15412.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.
Implements FS#30109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a configuration option to the account edit page that allows for
globally enabling/disabling package base comment notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
After 24734d0 (Shorten Email column to 254 characters, 2015-11-12) the
maximum length of the input fields should be shortened, too.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
According to RFC 3696 (and the associated errata), an email address can
be up to 256 characters long. Change the database field and the length
limit on all input fields accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Change the maxlength attribute of the user name input field such that it
corresponds to the username_max_len option.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements FS#42343.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This fixes a bug where the new user name input by the user was
invalid, causing the account deletion link and the form action to be
wrong.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Creating an inactive account does not make sense. Hide the activity
check box from the registration page.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Now that we have a short explanation on how we use the SSH public key,
we can show that field on the registration page.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Also, reorder the fields such that optional fields come last.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make sure that users confirm their email addresses before setting an
initial SSH key.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Users can now add an SSH public key on the account edit page. This will
later be used to authenticate users via SSH.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
In 7df8dc8 (Add support for deleting user accounts, 2014-07-25), a link
to the account deletion page was added to the account edit form. Make
sure we only show this link if the user actually wants to edit an
account and do not show this link on the account registration page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This group has full permissions on everything.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Remove the password field from the account creation form and always send
a password reset request via e-mail instead. This ensures that only
users with valid e-mail addresses are able to login.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We used a mixture of account type IDs and account type descriptions on
the account edit page. This resulted in the account type field always
defaulting to "Normal user" after an invalid form had been submitted.
Consistently use account type IDs to avoid this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Add </option> close tags
* Add VI delimiter to selected option
* Add quotes to language codes
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
As all new passwords are hashed and therefore stored in the database
at the same length, this limitation is no longer needed.
Fixes FS#31855
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Synchronize the layout of the account editing page with the profiles
page from archweb.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to
reduce noise in templates.
Note that as of PHP 5.4.0, "<?=" is always available and no longer
requires "short_open_tag" to be set.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The account editing form requires two different form action URLs
due to the fact that the same template is shared for both account
registration and account editing.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The "UpdateAccount" page displays information as to whether an account
update was successful. All POST account info goes to this page, so use
it with sane URLs.
Before:
AUR_URL/account/?Action=UpdateAccount&U=userfoo
After:
AUR_URL/account/userfoo/update
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Conflicts:
web/html/account.php
web/html/addvote.php
web/html/pkgsubmit.php
web/lib/acctfuncs.inc.php
web/template/actions_form.php
web/template/pkg_comment_form.php
web/template/pkg_comments.php
web/template/pkg_details.php
web/template/pkg_search_results.php
web/template/tu_details.php
|
|
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML
out of a function that simply echoes the code, and moves it into a more
reasonable template file in account_edit_form.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|