summaryrefslogtreecommitdiffstats
path: root/web
AgeCommit message (Collapse)AuthorFilesLines
2014-01-17Strip whitespace from .AURINFO linesLukas Fleischer1-0/+1
Indentation can be useful if one wants to structure an .AURINFO file. Remove leading and trailing whitespace from each line before parsing. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-17Rename "depend" field to "depends" in .AURINFOLukas Fleischer1-1/+1
This field has been renamed in a revision of the .AURINFO format. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-13Release 2.3.1v2.3.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11Fix split package error handlingLukas Fleischer1-6/+7
Do not remove parentheses from the pkgname to make sure the split package detection works properly. Also, fix a regression introduced in 4bb6e88 (pkgsubmit.php: Simplify package name validation, 2013-03-05) that resulted in the split package error message never showing up. Fixes FS#37496. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11Forbid developers to voteBalló György1-0/+3
According to Trusted User Bylaws, TUs (and only TUs) must take part in votes. Developers who want to take part in votes should set their account type to 'Trusted User'. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11passreset.php: Error out if e-mail is emptyLukas Fleischer1-7/+12
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11passreset.php: Refactor HTMLLukas Fleischer1-13/+12
* Use the "errorlist" class for errors. * Refactor some code. * Properly display error messages when requesting a key. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-11Typeahead workaround for having to press enter twiceJoris Steyn1-0/+9
Currently, one has to press enter twice in order to submit the package search form with typeahead completion. Add a workaround to fix this. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-02Go to package when selecting a typeahead suggestionJoris Steyn1-1/+5
Directly jump to the package details when selecting an entry from the drop-down list. Implements FS#34471. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-08Convert adopt/disown package action link to formcanyonknight2-17/+23
* Changes adopting/disowning packages to use GET instead of POST * Uses CSS to make form submit button look like a link * Complements commit 3bc951e3d87eaf692a7e47cf16a28d838c7cb2bd Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-03Sync CSS with archwebLukas Fleischer3-146/+159
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-03tu_list.php: Hide table if no results are foundLukas Fleischer1-12/+13
Instead of showing a table with a single "No results found." entry, do not show the table at all and display the text "No results found." in a <p></p> container. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-03Move "Add Proposal" link to "Current Votes"Lukas Fleischer2-9/+8
The page this links to allows for adding an item to the list of current votes. Move the link accordingly. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-02Release 2.3.0v2.3.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-09-02Specify charset in Content-Type header when returning JSON data from API.Chris Down1-0/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-28Only include current TUs in the last votes listLukas Fleischer1-3/+4
Do not show users that took part in past TU votes but no longer have TU powers. Also, fix the sorting column while we're touching these lines. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Move package comment check to packages.phpLukas Fleischer2-4/+6
Checking whether to add a comment is something that really does not belong to a function named display_package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Use POST-Redirect-GET for most package actionsLukas Fleischer1-0/+6
Avoid showing a POST data resubmission dialog and simply redirect to the package page if a package action completed successfully. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Add boolean return values to several pkg_*() functionsLukas Fleischer2-54/+55
Change the return values of following functions to return both error/success and an error/success message: * pkg_flag() * pkg_unflag() * pkg_adopt() * pkg_vote() * pkg_delete() * pkg_notify() * pkg_delete_comment() * pkg_change_category() Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Exclude running votes from "Last Votes by TU"Lukas Fleischer1-1/+4
Showing running votes potentially allows for tracking votes and associating yes/no/abstain votes with specific TUs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Pick sane default registration languageLukas Fleischer1-1/+1
Instead of defaulting to Català (which is the first entry in the list of supported languages), choose whatever language the unregistered user is browsing the AUR in. Fixes FS#34825. Suggested-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Re-add CRSF tokens to most package actionsLukas Fleischer2-4/+6
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add virtual path support for package actions, 2012-07-17) partly reverted this by injecting a valid CRSF token when virtual paths are in use. This patch allows for keeping the virtual path feature, while reintroducing POST forms and CRSF tokens. Actions like package flagging, votes and notifications are no longer prone to CRSF (see FS#35437 for details). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27pkg_details: Convert most action links to formsLukas Fleischer2-6/+49
Use forms and POST instead of GET for following actions: * Flagging/Unflagging a package out-of-date * Voting for a package and removing votes * Enabling/Disabling notifications Use CSS to make the submit buttons of these forms look like links. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Add Japanese and Slovak languagesLukas Fleischer1-0/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26tu_details.php: Avoid division by zeroLukas Fleischer1-1/+5
Do not divide by zero if the number of active TUs is unknown. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Move "Past Votes" navigation to "Past Votes" boxLukas Fleischer2-14/+17
These are navigation links and do not belong to the action box. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-26Add "Last Votes by TU" listLukas Fleischer3-0/+61
This shows a list of all Trusted Users and the vote ID of the last proposal each of the TUs voted on. This list is sorted by vote ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22tu_details.php: Display vote resultLukas Fleischer1-0/+20
This adds an field that indicates whether the vote was accepted or rejected, based on the rules specified in the TU Bylaws. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22tu_details.php: Avoid inline computationsLukas Fleischer1-6/+15
Compute the total number of votes and the participation at the beginning of the template instead of doing it inside the template itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Add a vote type to the TU proposal formLukas Fleischer2-15/+38
There are only four valid reasons for starting a TU vote, so instead of letting the user choose a vote length, let her pick a reason and set vote length and quorum based on that selection. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Show participation in vote detailsLukas Fleischer1-0/+6
This is calculated by dividing the sum of all votes by the total number of TUs (where the number of TUs is measured when the vote starts). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Store the number of TUs when starting a voteLukas Fleischer1-2/+8
This will be used for automated calculation of vote participation later. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-22Allow for setting an account's inactivity statusLukas Fleischer4-8/+36
This adds a field to the users table and corresponding fields to the account edit and display forms that allow for setting an (in-)activity status. This might turn out to be useful if a user is on vacation and can not respond to update/orphan/deletion requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-17Merge branch 'maint'Lukas Fleischer1-1/+1
2013-08-17Release 2.2.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-17Merge branch 'maint'Lukas Fleischer1-18/+41
2013-08-17Upgrade Archive/Tar from PEAR to work with php 5.5v2.2.1Dave Reisner1-18/+41
This resolves issues with backwards incompatible changes to pack/unpack in php 5.5: http://www.php.net/manual/de/migration55.incompatible.php Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-04-24Remove superfluous search wrapper functioncanyonknight2-11/+1
The search_accounts_form() wrapper function doesn't have any arguments and only makes it unclear what is happening within account.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-04-20Retrieve package details after package actions are processedcanyonknight1-4/+7
Fixes FS#34508 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-26Release 2.2.0v2.2.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-26Use minified typeahead JS from archwebLukas Fleischer4-313/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-25Show hint if password is empty during loginLukas Fleischer1-2/+31
A user might have an empty password due to two reasons: * The user just created an account and needs to set an initial password. * The password has been reset by the administrator. In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-24Implement IP banning for user registration and user logincanyonknight1-1/+34
Adds a new is_ipbanned() function to determine whether the user attempting to login or register for an account has their IP address listed in the "Bans" table. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21Return 404 error page if invalid package ID is usedLukas Fleischer1-0/+6
We already display the 404 error page if someone tries to access an invalid package via virtual URLs ("/packages/nonexistent"). Add the same check to "web/html/packages.php" to make sure the same error is shown if a user requests package details of a nonexistent package ID via legacy URLs ("/packages.php?ID=-1"). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21Save last login IP addressLukas Fleischer1-1/+2
Save the IP address used for the last login in the "Users" table. This makes it a bit easier to create IP ban lists for spammers without looking at web server logs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21process_account_form(): Highlight errorsLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Enforce e-mail validation during registrationLukas Fleischer2-4/+4
Remove the password field from the account creation form and always send a password reset request via e-mail instead. This ensures that only users with valid e-mail addresses are able to login. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19process_account_form(): Allow using empty passwordsLukas Fleischer1-13/+25
If an empty password is passed during account registration, login for the new user is disabled and a reset key is sent to the new user's e-mail address so that they can set an initial password manually. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Move reset key submission to a separate functionLukas Fleischer2-17/+31
This allows for reusing reset key submission for other things, such as sending an initial password reset code during account registration. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Fix typo in delete permission warningConnor Behan1-1/+1
Signed-off-by: Connor Behan <connor.behan@gmail.com> Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>