/**
* csrf_field, fonction permetant de récupérer un input généré
*
* @return string
*/
function csrf_field()
{
return create_csrf_token()->field;
}
$table->addRow(array("Level", "Added by", "Added at", "Remove"), null, 'th');
foreach ($user_karma as $item) {
$remove = sprintf("karma.php?action=remove&handle=%s&level=%s", htmlspecialchars($handle), htmlspecialchars($item['level']));
$table->addRow(array(htmlspecialchars($item['level']), htmlspecialchars($item['granted_by']), htmlspecialchars($item['granted_at']), make_link($remove, make_image("delete.gif"), false, 'onclick="javascript:return confirm(\'Do you really want to remove the karma level ' . htmlspecialchars($item['level']) . '?\');"')));
}
echo $table->toHTML();
}
echo "<br /><br />";
$table = new HTML_Table('style="width: 100%"');
$table->setCaption("Grant karma to " . htmlspecialchars($handle), 'style="background-color: #CCCCCC;"');
$form = new HTML_QuickForm2('karma_grant', 'post', array('action' => 'karma.php?action=grant'));
$form->removeAttribute('name');
$form->addElement('text', 'level')->setLabel('Level: ');
$form->addElement('hidden', 'handle')->setValue(htmlspecialchars($handle));
$form->addElement('submit', 'submit')->setLabel('Submit Changes');
$csrf_token_value = create_csrf_token($csrf_token_name);
$form->addElement('hidden', $csrf_token_name)->setValue($csrf_token_value);
$table->addRow(array((string) $form));
echo $table->toHTML();
}
echo "<p> </p><hr />";
$table = new HTML_Table('style="width: 90%"');
$table->setCaption("Karma Statistics", 'style="background-color: #CCCCCC;"');
if (!empty($_GET['a']) && $_GET['a'] == "details" && !empty($_GET['level'])) {
$table->addRow(array('Handle', 'Granted'), null, 'th');
foreach ($karma->getUsers($_GET['level']) as $user) {
$detail = sprintf("Granted by <a href=\"/user/%s\">%s</a> on %s", htmlspecialchars($user['granted_by']), htmlspecialchars($user['granted_by']), htmlspecialchars($user['granted_at']));
$table->addRow(array(make_link("/user/" . htmlspecialchars($user['user']), htmlspecialchars($user['user'])), $detail));
}
} else {
$table->addRow(array('Level', '# of users'));
print_package_navigation($id, $pkg['name'], '/package-delete.php?id=' . $id);
echo '<form action="' . 'package-delete.php?id=' . htmlspecialchars($id) . '" method="post">';
echo '<table class="form-holder" style="margin-bottom: 2em;" cellspacing="1">';
echo '<caption class="form-caption">Confirm</caption>';
echo '<tr><td class="form-input">';
echo 'Are you sure that you want to delete the package?' . "</td></tr>\n";
echo '<tr><td class="form-input">';
report_error('Deleting the package will remove all package information' . ' and all releases!', 'warnings', 'WARNING:');
echo "</td></tr>\n";
echo '<td class="form-input">';
echo '<input type="submit" value="yes" name="confirm" />';
echo ' ';
echo '<input type="submit" value="no" name="confirm" />';
echo "</td></tr>\n";
echo "</table>";
echo '<input type="hidden" value="' . create_csrf_token($csrf_token_name) . '" name="' . $csrf_token_name . '" />';
echo "</form>";
} elseif ($_POST['confirm'] == 'yes' && validate_csrf_token($csrf_token_name)) {
// XXX: Implement backup functionality
// make_backup($id);
$tables = array('releases' => 'package', 'maintains' => 'package', 'deps' => 'package', 'files' => 'package', 'packages' => 'id');
echo "<pre>\n";
$file_rm = 0;
$query = 'SELECT p.name, r.version FROM packages p, releases r
WHERE p.id = r.package AND r.package = ?';
$row = $dbh->getAll($query, array($id));
foreach ($row as $value) {
$file = sprintf("%s/%s-%s.tgz", PEAR_TARBALL_DIR, $value[0], $value[1]);
if (@unlink($file)) {
echo "Deleting release archive \"" . $file . "\"\n";
$file_rm++;
$mailtext = wordwrap($mailtext, 72);
$query = 'SELECT u.email FROM users u, maintains m WHERE m.package = ? AND u.handle = m.handle';
$rows = $dbh->getAll($query, array($id), DB_FETCHMODE_ASSOC);
foreach ($rows as $u_row) {
mail($u_row['email'], SITE_BIG . ' Package ' . $action, $mailtext, 'From: "' . SITE_BIG . ' Package Approval System" <' . PEAR_GROUP_EMAIL . '>', '-f ' . PEAR_BOUNCE_EMAIL);
}
}
echo "Successfully <b>" . $action . " package</b>.<br /><br />";
} else {
echo "There have been problems: Either an error occured while " . "updating the database or the package has already been " . $action . " by someone else.<br /><br />";
}
}
$query = 'SELECT id, name FROM packages WHERE approved = 0 AND package_type = ?';
$rows = $dbh->getAll($query, array(SITE), DB_FETCHMODE_ASSOC);
$self = htmlspecialchars($_SERVER['PHP_SELF']);
if (count($rows) == 0) {
echo "<b>Currently there are no unapproved packages.</b>\n";
} else {
require_once 'HTML/Table.php';
$table = new HTML_Table('style="width: 90%"');
$table->setCaption('Unapproved packages', 'style="background-color: #CCCCCC;"');
$csrf_link = '&' . urlencode($csrf_token_name) . '=' . urlencode(create_csrf_token($csrf_token_name));
foreach ($rows as $row) {
$tmp = array($row['name'], make_link("{$self}?approve=" . $row['id'] . $csrf_link, "Approve") . ' / ' . make_link("{$self}?reject=" . $row['id'] . $csrf_link, "Reject"));
$table->addRow($tmp);
}
echo $table->toHTML();
}
echo "<br /><br />";
echo make_link('/admin/', 'Back');
response_footer();
function csrf_token_tag($id = "")
{
$token = create_csrf_token($id);
return "<input type=\"hidden\" name=\"csrf_token{$id}\" value=\"" . $token . "\">";
}
