/**
* Check if a visitor is logged in
*
* Query "Sessions" table with supplied cookie. Determine if the cookie is valid
* or not. Unset the cookie if invalid or session timeout reached. Update the
* session timeout if it is still valid.
*
* @global array $_COOKIE User cookie values
*
* @return void
*/
function check_sid()
{
global $_COOKIE;
if (isset($_COOKIE["AURSID"])) {
$failed = 0;
$timeout = config_get_int('options', 'login_timeout');
# the visitor is logged in, try and update the session
#
$dbh = DB::connect();
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q .= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]);
$result = $dbh->query($q);
$row = $result->fetch(PDO::FETCH_NUM);
if (!$row[0]) {
# Invalid SessionID - hacker alert!
#
$failed = 1;
} else {
$last_update = $row[0];
if ($last_update + $timeout <= $row[1]) {
$failed = 2;
}
}
if ($failed == 1) {
# clear out the hacker's cookie, and send them to a naughty page
# why do you have to be so harsh on these people!?
#
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
} elseif ($failed == 2) {
# session id timeout was reached and they must login again.
#
delete_session_id($_COOKIE["AURSID"]);
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
} else {
# still logged in and haven't reached the timeout, go ahead
# and update the idle timestamp
# Only update the timestamp if it is less than the
# current time plus $timeout.
#
# This keeps 'remembered' sessions from being
# overwritten.
if ($last_update < time() + $timeout) {
$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
$q .= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]);
$dbh->exec($q);
}
}
}
return;
}
/**
* Remove sessions from the database that have exceed the timeout
*
* @return void
*/
function clear_expired_sessions()
{
$dbh = DB::connect();
$timeout = config_get_int('options', 'login_timeout');
$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - " . $timeout . ")";
$dbh->query($q);
return;
}
if (!empty($login_error)) {
?>
<ul class="errorlist"><li><?php
echo $login_error;
?>
</li></ul>
<?php
}
?>
<p>
<label for="id_username"><?php
echo __('User name or email address') . ':';
?>
</label>
<input id="id_username" type="text" name="user" size="30" maxlength="<?php
echo config_get_int('options', 'username_max_len');
?>
" value="<?php
if (isset($_POST['user'])) {
print htmlspecialchars($_POST['user'], ENT_QUOTES);
}
?>
" autofocus="autofocus" />
</p>
<p>
<label for="id_password"><?php
echo __('Password') . ':';
?>
</label>
<input id="id_password" type="password" name="passwd" size="30" />
</p>
echo __("Date");
?>
</th>
<th><?php
echo __("Status");
?>
</th>
</tr>
</thead>
<tbody>
<?php
while (list($indx, $row) = each($results)) {
?>
<?php
$idle_time = config_get_int('options', 'request_idle_time');
$due = $row['Open'] && time() - intval($row['RequestTS']) > $idle_time;
if (!$due) {
$time_left = $idle_time - (time() - intval($row['RequestTS']));
if ($time_left > 48 * 3600) {
$time_left_fmt = __("~%d days left", round($time_left / (24 * 3600)));
} elseif ($time_left > 3600) {
$time_left_fmt = _n("~%d hour left", "~%d hours left", round($time_left / 3600));
} else {
$time_left_fmt = __("<1 hour left");
}
}
?>
<tr class="<?php
echo $indx % 2 == 0 ? 'odd' : 'even';
?>
private function process_query($type, $where_condition)
{
$max_results = config_get_int('options', 'max_rpc_results');
if ($this->version == 1) {
$fields = implode(',', self::$fields_v1);
$query = "SELECT {$fields} " . "FROM Packages LEFT JOIN PackageBases " . "ON PackageBases.ID = Packages.PackageBaseID " . "LEFT JOIN Users " . "ON PackageBases.MaintainerUID = Users.ID " . "LEFT JOIN PackageLicenses " . "ON PackageLicenses.PackageID = Packages.ID " . "LEFT JOIN Licenses " . "ON Licenses.ID = PackageLicenses.LicenseID " . "WHERE {$where_condition} " . "AND PackageBases.PackagerUID IS NOT NULL " . "GROUP BY Packages.ID " . "LIMIT {$max_results}";
} elseif ($this->version >= 2) {
if ($this->version == 2 || $this->version == 3) {
$fields = implode(',', self::$fields_v2);
} else {
if ($this->version == 4) {
$fields = implode(',', self::$fields_v4);
}
}
$query = "SELECT {$fields} " . "FROM Packages LEFT JOIN PackageBases " . "ON PackageBases.ID = Packages.PackageBaseID " . "LEFT JOIN Users " . "ON PackageBases.MaintainerUID = Users.ID " . "WHERE {$where_condition} " . "AND PackageBases.PackagerUID IS NOT NULL " . "LIMIT {$max_results}";
}
$result = $this->dbh->query($query);
if ($result) {
$resultcount = 0;
$search_data = array();
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$resultcount++;
$row['URLPath'] = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['PackageBase']));
if ($this->version < 4) {
$row['CategoryID'] = 1;
}
/*
* Unfortunately, mysql_fetch_assoc() returns
* all fields as strings. We need to coerce
* numeric values into integers to provide
* proper data types in the JSON response.
*/
foreach (self::$numeric_fields as $field) {
if (isset($row[$field])) {
$row[$field] = intval($row[$field]);
}
}
foreach (self::$decimal_fields as $field) {
if (isset($row[$field])) {
$row[$field] = floatval($row[$field]);
}
}
if ($this->version >= 2 && ($type == 'info' || $type == 'multiinfo')) {
$row = array_merge($row, $this->get_extended_fields($row['ID']));
}
if ($this->version < 3) {
if ($type == 'info') {
$search_data = $row;
break;
} else {
array_push($search_data, $row);
}
} elseif ($this->version >= 3) {
array_push($search_data, $row);
}
}
if ($resultcount === $max_results) {
return $this->json_error('Too many package results.');
}
return $this->json_results($type, $resultcount, $search_data, NULL);
} else {
return $this->json_results($type, 0, array(), NULL);
}
}
header('Location: /');
exit;
}
$error = '';
if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) {
$resetkey = $_GET['resetkey'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm = $_POST['confirm'];
$uid = uid_from_email($email);
if (empty($email) || empty($password)) {
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
} elseif (!good_passwd($password)) {
$length_min = config_get_int('options', 'passwd_min_len');
$error = __("Your password must be at least %s characters.", $length_min);
} elseif ($uid == null) {
$error = __('Invalid e-mail.');
}
if (empty($error)) {
$salt = generate_salt();
$hash = salted_hash($password, $salt);
$error = password_reset($hash, $salt, $resetkey, $email);
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
$username = username_from_id(uid_from_email($email));
if (empty($email)) {
$error = __('Missing a required field.');
} else {
