1, # English "es" => 1, # Español "de" => 1, # Deutsch "fr" => 1, # Français ); # debugging variables # $QBUG = 1; # toggle query logging to /tmp/aurq.log $DBUG = 1; # use dbug($msg) to log to /tmp/aurd.log # see if the visitor is already logged in # function check_sid() { global $_COOKIE; global $LOGIN_TIMEOUT; if (isset($_COOKIE["AURSID"])) { $failed = 0; # the visitor is logged in, try and update the session # $dbh = db_connect(); $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); if (!$result) { # Invalid SessionID - hacker alert! # $failed = 1; } else { $row = mysql_fetch_row($result); if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) { dbug("login timeout reached"); $failed = 2; } } if ($failed == 1) { # clear out the hacker's cookie, and send them to a naughty page # setcookie("AURSID", "", time() - (60*60*24*30), "/"); header("Location: /hacker.php"); } elseif ($failed == 2) { # visitor's session id either doesn't exist, or the timeout # was reached and they must login again, send them back to # the main page where they can log in again. # $q = "DELETE FROM Sessions WHERE SessionID = '"; $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); header("Location: /timeout.php"); } else { # still logged in and haven't reached the timeout, go ahead # and update the idle timestamp # $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; $q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'"; db_query($q, $dbh); } } return; } # a new seed value for mt_srand() # function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 10000); } # generate a (hopefully) unique session id # function new_sid() { mt_srand(make_seed()); $ts = time(); $pid = getmypid(); $rand_num = mt_rand(); mt_srand(make_seed()); $rand_str = substr(md5(mt_rand()),2, 20); $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num; return strtoupper(md5($id)); } # obtain the username if given their current SID # function username_from_sid($sid="") { if (!$sid) { return ""; } $dbh = db_connect(); $q = "SELECT Email "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND SessionID = '" . mysql_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; } $row = mysql_fetch_row($result); return $row[0]; } # connect to the database # function db_connect() { # NOTE: modify these variables if your MySQL setup is different # $AUR_db_host = "localhost:/tmp/mysql.sock"; $AUR_db_name = "AUR"; $AUR_db_user = "aur"; # XXX use something better when deploying $AUR_db_pass = "aur"; # XXX use something better when deploying $handle = mysql_pconnect($AUR_db_host, $AUR_db_user, $AUR_db_pass); if (!$handle) { die("Error connecting to AUR database: " . mysql_error()); } mysql_select_db($AUR_db_name, $handle) or die("Error selecting AUR database: " . mysql_error()); return $handle; } # wrapper function around db_query in case we want to put # query logging/debuggin in. # function db_query($query="", $db_handle="") { global $QBUG; if (!$query) { return FALSE; } if (!$db_handle) { $db_handle = db_connect(); } if ($QBUG) { $fp = fopen("/tmp/aurq.log", "a"); fwrite($fp, $query . "\n"); fclose($fp); } $result = mysql_query($query, $db_handle); return $result; } # set up the visitor's language # function set_lang() { global $_REQUEST; global $_COOKIE; global $LANG; global $SUPPORTED_LANGS; $update_cookie = 0; if (isset($_REQUEST['setlang'])) { # visitor is requesting a language change # $LANG = $_REQUEST['setlang']; $update_cookie = 1; } elseif (isset($_COOKIE['AURLANG'])) { # If a cookie is set, use that # $LANG = $_COOKIE['AURLANG']; } # TODO query the database if the user is logged in if (!$LANG || !array_key_exists($LANG, $SUPPORTED_LANGS)) { $LANG = "en"; # default to English } if ($update_cookie) { # TODO do we need to set the domain too? I seem to remember some # security concerns about not using domains - but it's not like # we really care if another site can see what language our visitor # was using.... # setcookie("AURLANG", $LANG, 0, "/"); } return; } # common header # function html_header() { global $_COOKIE; print "\n"; print "\n"; print ""; print "\n"; print "AUR\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; # Menu items # print " \n"; print " "; print " "; print " \n"; print " \n"; print " \n"; print "
"; print __("%s: An ArchLinux project", array("AUR")); print "
\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "
"; # XXX Can I scale a PNG like this? # print ""; print "ArchLinux User-community Repository
"; # XXX CSS help - a:link, a:visited, etc are defined, but I don't want to # use the defaults. Is this the way to override them? # print "English "; print "Español "; print "Deutsch "; print "Français"; print "
\n"; print "
"; print " .:"; print " ".__("Home")." "; print " - "; print " ".__("Accounts")." "; print " - "; print " ".__("Packages")." "; if (isset($_COOKIE["AURSID"])) { # Only display these items if the visitor is logged in. This should # be a safe check because check_sid() has been called prior to # html_header(). # print " - "; print " ".__("Vote")." "; print " - "; print " ".__("Manage")." "; print " - "; print " ".__("Submit")." "; print " - "; print " ".__("Logout")." "; } print " :."; print "
\n"; print "\n\n"; return; } # common footer # function html_footer($ver="") { print "\n\n"; print "
\n"; print "

\n"; if ($ver) { print "\n"; print "\n"; print "
".$ver."
\n"; } print "

\n"; print "\n"; return; } # debug logging # function dbug($msg) { $fp = fopen("/tmp/aurd.log", "a"); fwrite($fp, $msg . "\n"); fclose($fp); return; } # vim: ts=2 sw=2 noet ft=php ?>