示例#1
0
/**
 * Determine if a user has the permission to perform a given action
 *
 * @param int $credential The type of action to peform
 * @param array $approved_users A user whitelist for this query
 *
 * @return bool Return true if the user has the permission, false if not
 */
function has_credential($credential, $approved_users = array())
{
    if (!isset($_COOKIE['AURSID'])) {
        return false;
    }
    $uid = uid_from_sid($_COOKIE['AURSID']);
    if (in_array($uid, $approved_users)) {
        return true;
    }
    $atype = account_from_sid($_COOKIE['AURSID']);
    switch ($credential) {
        case CRED_PKGBASE_FLAG:
        case CRED_PKGBASE_NOTIFY:
        case CRED_PKGBASE_VOTE:
        case CRED_PKGREQ_FILE:
            return $atype == 'User' || $atype == 'Trusted User' || $atype == 'Developer' || $atype == 'Trusted User & Developer';
        case CRED_ACCOUNT_CHANGE_TYPE:
        case CRED_ACCOUNT_EDIT:
        case CRED_ACCOUNT_LAST_LOGIN:
        case CRED_ACCOUNT_SEARCH:
        case CRED_COMMENT_DELETE:
        case CRED_COMMENT_VIEW_DELETED:
        case CRED_COMMENT_EDIT:
        case CRED_PKGBASE_ADOPT:
        case CRED_PKGBASE_SET_KEYWORDS:
        case CRED_PKGBASE_DELETE:
        case CRED_PKGBASE_EDIT_COMAINTAINERS:
        case CRED_PKGBASE_DISOWN:
        case CRED_PKGBASE_LIST_VOTERS:
        case CRED_PKGBASE_UNFLAG:
        case CRED_PKGREQ_CLOSE:
        case CRED_PKGREQ_LIST:
            return $atype == 'Trusted User' || $atype == 'Developer' || $atype == 'Trusted User & Developer';
        case CRED_TU_ADD_VOTE:
        case CRED_TU_LIST_VOTES:
        case CRED_TU_VOTE:
            return $atype == 'Trusted User' || $atype == 'Trusted User & Developer';
        case CRED_ACCOUNT_EDIT_DEV:
            return $atype == 'Developer' || $atype == 'Trusted User & Developer';
    }
    return false;
}
示例#2
0
/**
 * Process information given to new/edit account form
 *
 * @global array $SUPPORTED_LANGS Languages that are supported by the AUR
 * @param string $TYPE Either "edit" for editing or "new" for registering an account
 * @param string $A Form to use, either UpdateAccount or NewAccount
 * @param string $U The username for the account
 * @param string $T The account type for the user
 * @param string $S Whether or not the account is suspended
 * @param string $E The e-mail address for the user
 * @param string $H Whether or not the e-mail address should be hidden
 * @param string $P The password for the user
 * @param string $C The confirmed password for the user
 * @param string $R The real name of the user
 * @param string $L The language preference of the user
 * @param string $I The IRC nickname of the user
 * @param string $K The PGP fingerprint of the user
 * @param string $PK The list of public SSH keys
 * @param string $J The inactivity status of the user
 * @param string $UID The user ID of the modified account
 * @param string $N The username as present in the database
 *
 * @return array Boolean indicating success and message to be printed
 */
function process_account_form($TYPE, $A, $U = "", $T = "", $S = "", $E = "", $H = "", $P = "", $C = "", $R = "", $L = "", $I = "", $K = "", $PK = "", $J = "", $UID = 0, $N = "")
{
    global $SUPPORTED_LANGS;
    $error = '';
    $message = '';
    if (is_ipbanned()) {
        $error = __('Account registration has been disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.');
    }
    $dbh = DB::connect();
    if (isset($_COOKIE['AURSID'])) {
        $editor_user = uid_from_sid($_COOKIE['AURSID']);
    } else {
        $editor_user = null;
    }
    if (empty($E) || empty($U)) {
        $error = __("Missing a required field.");
    }
    if ($TYPE != "new" && !$UID) {
        $error = __("Missing User ID");
    }
    if (!$error && !valid_username($U)) {
        $length_min = config_get_int('options', 'username_min_len');
        $length_max = config_get_int('options', 'username_max_len');
        $error = __("The username is invalid.") . "<ul>\n" . "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max) . "</li>" . "<li>" . __("Start and end with a letter or number") . "</li>" . "<li>" . __("Can contain only one period, underscore or hyphen.") . "</li>\n</ul>";
    }
    if (!$error && $P && $C && $P != $C) {
        $error = __("Password fields do not match.");
    }
    if (!$error && $P != '' && !good_passwd($P)) {
        $length_min = config_get_int('options', 'passwd_min_len');
        $error = __("Your password must be at least %s characters.", $length_min);
    }
    if (!$error && !valid_email($E)) {
        $error = __("The email address is invalid.");
    }
    if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
        $error = __("The PGP key fingerprint is invalid.");
    }
    if (!$error && !empty($PK)) {
        $ssh_keys = array_filter(array_map('trim', explode("\n", $PK)));
        $ssh_fingerprints = array();
        foreach ($ssh_keys as &$ssh_key) {
            if (!valid_ssh_pubkey($ssh_key)) {
                $error = __("The SSH public key is invalid.");
                break;
            }
            $ssh_fingerprint = ssh_key_fingerprint($ssh_key);
            if (!$ssh_fingerprint) {
                $error = __("The SSH public key is invalid.");
                break;
            }
            $tokens = explode(" ", $ssh_key);
            $ssh_key = $tokens[0] . " " . $tokens[1];
            $ssh_fingerprints[] = $ssh_fingerprint;
        }
        /*
         * Destroy last reference to prevent accidentally overwriting
         * an array element.
         */
        unset($ssh_key);
    }
    if (isset($_COOKIE['AURSID'])) {
        $atype = account_from_sid($_COOKIE['AURSID']);
        if ($atype == "User" && $T > 1 || $atype == "Trusted User" && $T > 2) {
            $error = __("Cannot increase account permissions.");
        }
    }
    if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
        $error = __("Language is not currently supported.");
    }
    if (!$error) {
        /*
         * Check whether the user name is available.
         * TODO: Fix race condition.
         */
        $q = "SELECT COUNT(*) AS CNT FROM Users ";
        $q .= "WHERE Username = "******"edit") {
            $q .= " AND ID != " . intval($UID);
        }
        $result = $dbh->query($q);
        $row = $result->fetch(PDO::FETCH_NUM);
        if ($row[0]) {
            $error = __("The username, %s%s%s, is already in use.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>");
        }
    }
    if (!$error) {
        /*
         * Check whether the e-mail address is available.
         * TODO: Fix race condition.
         */
        $q = "SELECT COUNT(*) AS CNT FROM Users ";
        $q .= "WHERE Email = " . $dbh->quote($E);
        if ($TYPE == "edit") {
            $q .= " AND ID != " . intval($UID);
        }
        $result = $dbh->query($q);
        $row = $result->fetch(PDO::FETCH_NUM);
        if ($row[0]) {
            $error = __("The address, %s%s%s, is already in use.", "<strong>", htmlspecialchars($E, ENT_QUOTES), "</strong>");
        }
    }
    if (!$error && count($ssh_keys) > 0) {
        /*
         * Check whether any of the SSH public keys is already in use.
         * TODO: Fix race condition.
         */
        $q = "SELECT Fingerprint FROM SSHPubKeys ";
        $q .= "WHERE Fingerprint IN (";
        $q .= implode(',', array_map(array($dbh, 'quote'), $ssh_fingerprints));
        $q .= ")";
        if ($TYPE == "edit") {
            $q .= " AND UserID != " . intval($UID);
        }
        $result = $dbh->query($q);
        $row = $result->fetch(PDO::FETCH_NUM);
        if ($row) {
            $error = __("The SSH public key, %s%s%s, is already in use.", "<strong>", htmlspecialchars($row[0], ENT_QUOTES), "</strong>");
        }
    }
    if ($error) {
        $message = "<ul class='errorlist'><li>" . $error . "</li></ul>\n";
        return array(false, $message);
    }
    if ($TYPE == "new") {
        /* Create an unprivileged user. */
        $salt = generate_salt();
        if (empty($P)) {
            $send_resetkey = true;
            $email = $E;
        } else {
            $send_resetkey = false;
            $P = salted_hash($P, $salt);
        }
        $U = $dbh->quote($U);
        $E = $dbh->quote($E);
        $P = $dbh->quote($P);
        $salt = $dbh->quote($salt);
        $R = $dbh->quote($R);
        $L = $dbh->quote($L);
        $I = $dbh->quote($I);
        $K = $dbh->quote(str_replace(" ", "", $K));
        $q = "INSERT INTO Users (AccountTypeID, Suspended, ";
        $q .= "InactivityTS, Username, Email, Passwd, Salt, ";
        $q .= "RealName, LangPreference, IRCNick, PGPKey) ";
        $q .= "VALUES (1, 0, 0, {$U}, {$E}, {$P}, {$salt}, {$R}, {$L}, ";
        $q .= "{$I}, {$K})";
        $result = $dbh->exec($q);
        if (!$result) {
            $message = __("Error trying to create account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>");
            return array(false, $message);
        }
        $uid = $dbh->lastInsertId();
        account_set_ssh_keys($uid, $ssh_keys, $ssh_fingerprints);
        $message = __("The account, %s%s%s, has been successfully created.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>");
        $message .= "<p>\n";
        if ($send_resetkey) {
            send_resetkey($email, true);
            $message .= __("A password reset key has been sent to your e-mail address.");
            $message .= "</p>\n";
        } else {
            $message .= __("Click on the Login link above to use your account.");
            $message .= "</p>\n";
        }
    } else {
        /* Modify an existing account. */
        $q = "SELECT InactivityTS FROM Users WHERE ";
        $q .= "ID = " . intval($UID);
        $result = $dbh->query($q);
        $row = $result->fetch(PDO::FETCH_NUM);
        if ($row[0] && $J) {
            $inactivity_ts = $row[0];
        } elseif ($J) {
            $inactivity_ts = time();
        } else {
            $inactivity_ts = 0;
        }
        $q = "UPDATE Users SET ";
        $q .= "Username = "******", AccountTypeID = " . intval($T);
        }
        if ($S) {
            /* Ensure suspended users can't keep an active session */
            delete_user_sessions($UID);
            $q .= ", Suspended = 1";
        } else {
            $q .= ", Suspended = 0";
        }
        $q .= ", Email = " . $dbh->quote($E);
        if ($H) {
            $q .= ", HideEmail = 1";
        } else {
            $q .= ", HideEmail = 0";
        }
        if ($P) {
            $salt = generate_salt();
            $hash = salted_hash($P, $salt);
            $q .= ", Passwd = '{$hash}', Salt = '{$salt}'";
        }
        $q .= ", RealName = " . $dbh->quote($R);
        $q .= ", LangPreference = " . $dbh->quote($L);
        $q .= ", IRCNick = " . $dbh->quote($I);
        $q .= ", PGPKey = " . $dbh->quote(str_replace(" ", "", $K));
        $q .= ", InactivityTS = " . $inactivity_ts;
        $q .= " WHERE ID = " . intval($UID);
        $result = $dbh->exec($q);
        $ssh_key_result = account_set_ssh_keys($UID, $ssh_keys, $ssh_fingerprints);
        if ($result === false || $ssh_key_result === false) {
            $message = __("No changes were made to the account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>");
        } else {
            $message = __("The account, %s%s%s, has been successfully modified.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>");
        }
    }
    return array(true, $message);
}
示例#3
0
文件: home.php 项目: pyp22/aurweb
	<div id="pkg-updates" class="widget box">
		<?php 
updates_table();
?>
	</div>
	<div id="pkg-stats" class="widget box">
		<?php 
general_stats_table();
?>
	</div>
	<?php 
if (!empty($_COOKIE["AURSID"])) {
    ?>
	<div id="pkg-stats" class="widget box">
		<?php 
    user_table(uid_from_sid($_COOKIE["AURSID"]));
    ?>
	</div>
	<?php 
}
?>

</div>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
<script type="text/javascript" src="/js/bootstrap-typeahead.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
    $('#pkgsearch-field').typeahead({
        source: function(query, callback) {
            $.getJSON('<?php 
echo get_uri('/rpc');
示例#4
0
文件: tu.php 项目: Zariel/arch-aur
         if ($canvote == 1) {
             if (isset($_POST['doVote'])) {
                 if (isset($_POST['voteYes'])) {
                     $myvote = "Yes";
                 } else {
                     if (isset($_POST['voteNo'])) {
                         $myvote = "No";
                     } else {
                         if (isset($_POST['voteAbstain'])) {
                             $myvote = "Abstain";
                         }
                     }
                 }
                 $qvote = "UPDATE TU_VoteInfo SET " . $myvote . " = " . ($row[$myvote] + 1) . " WHERE ID = " . $row['ID'];
                 db_query($qvote, $dbh);
                 $qvote = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . $row['ID'] . ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
                 db_query($qvote, $dbh);
                 # Can't vote anymore
                 #
                 $canvote = 0;
                 $errorvote = __("You've already voted for this proposal.");
                 # Update if they voted
                 $hasvoted = mysql_num_rows(db_query($qvoted, $dbh));
                 $results = db_query($q, $dbh);
                 $row = mysql_fetch_assoc($results);
             }
         }
         include "tu_details.php";
     }
 } else {
     print __("Vote ID not valid.");
示例#5
0
<?php

$pkgbuild_uri = sprintf(config_get('options', 'pkgbuild_uri'), urlencode($row['Name']));
$log_uri = sprintf(config_get('options', 'log_uri'), urlencode($row['Name']));
$snapshot_uri = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['Name']));
$git_clone_uri_anon = sprintf(config_get('options', 'git_clone_uri_anon'), htmlspecialchars($row['Name']));
$git_clone_uri_priv = sprintf(config_get('options', 'git_clone_uri_priv'), htmlspecialchars($row['Name']));
$uid = uid_from_sid($SID);
$base_id = intval($row['ID']);
$keywords = pkgbase_get_keywords($base_id);
$submitter = username_from_id($row["SubmitterUID"]);
$maintainer = username_from_id($row["MaintainerUID"]);
$comaintainers = pkgbase_get_comaintainers($base_id);
$packager = username_from_id($row["PackagerUID"]);
if ($row["MaintainerUID"] !== NULL) {
    $maintainers = array_merge(array($row["MaintainerUID"]), pkgbase_get_comaintainer_uids(array($base_id)));
} else {
    $maintainers = array();
}
$unflaggers = array_merge($maintainers, array($row["FlaggerUID"]));
$votes = $row['NumVotes'];
$popularity = $row['Popularity'];
# In case of wanting to put a custom message
$msg = __('unknown');
# Print the timestamps for last updates
$updated_time = $row["ModifiedTS"] == 0 ? $msg : gmdate("Y-m-d H:i", intval($row["ModifiedTS"]));
$submitted_time = $row["SubmittedTS"] == 0 ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"]));
$out_of_date_time = $row["OutOfDateTS"] == 0 ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"]));
$pkgs = pkgbase_get_pkgnames($base_id);
$base_uri = get_pkgbase_uri($row['Name']);
?>
示例#6
0
文件: pkgbase.php 项目: pyp22/aurweb
 } elseif (current_action("do_Notify")) {
     list($ret, $output) = pkgbase_notify($ids);
 } elseif (current_action("do_UnNotify")) {
     list($ret, $output) = pkgbase_notify($ids, false);
 } elseif (current_action("do_DeleteComment")) {
     list($ret, $output) = pkgbase_delete_comment();
 } elseif (current_action("do_SetKeywords")) {
     list($ret, $output) = pkgbase_set_keywords($base_id, preg_split("/[\\s,;]+/", $_POST['keywords'], -1, PREG_SPLIT_NO_EMPTY));
 } elseif (current_action("do_FileRequest")) {
     list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']);
 } elseif (current_action("do_CloseRequest")) {
     list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']);
 } elseif (current_action("do_EditComaintainers")) {
     list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users']));
 } elseif (current_action("do_AddComment")) {
     $uid = uid_from_sid($_COOKIE["AURSID"]);
     list($ret, $output) = pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
     $fragment = '#news';
 } elseif (current_action("do_EditComment")) {
     list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
     if ($ret && isset($_POST["comment_id"])) {
         $fragment = '#comment-' . intval($_POST["comment_id"]);
     }
 }
 if ($ret) {
     if (current_action("do_CloseRequest") || current_action("do_Delete") && $_POST['via']) {
         /* Redirect back to package request page on success. */
         header('Location: ' . get_pkgreq_route());
         exit;
     }
     if (isset($base_id)) {
示例#7
0
文件: tu.php 项目: pyp22/aurweb
                     } else {
                         if (isset($_POST['voteNo'])) {
                             $myvote = "No";
                         } else {
                             if (isset($_POST['voteAbstain'])) {
                                 $myvote = "Abstain";
                             }
                         }
                     }
                     cast_proposal_vote($row['ID'], uid_from_sid($_COOKIE["AURSID"]), $myvote, $row[$myvote] + 1);
                     # Can't vote anymore
                     #
                     $canvote = 0;
                     $errorvote = __("You've already voted for this proposal.");
                     # Update if they voted
                     if (tu_voted($row['ID'], uid_from_sid($_COOKIE["AURSID"]))) {
                         $hasvoted = 1;
                     }
                     $row = vote_details($_GET['id']);
                 }
             }
             include "tu_details.php";
         }
     } else {
         print __("Vote ID not valid.");
     }
 } else {
     $limit = $pp;
     if (isset($_GET['off'])) {
         $offset = $_GET['off'];
     }
示例#8
0
文件: aur.inc.php 项目: pyp22/aurweb
/**
 * Determine if a user has permission to submit a package
 *
 * @param string $name Name of the package to be submitted
 * @param string $sid User's session ID
 *
 * @return int 0 if the user can't submit, 1 if the user can submit
 */
function can_submit_pkgbase($name = "", $sid = "")
{
    if (!$name || !$sid) {
        return 0;
    }
    $dbh = DB::connect();
    $q = "SELECT MaintainerUID ";
    $q .= "FROM PackageBases WHERE Name = " . $dbh->quote($name);
    $result = $dbh->query($q);
    $row = $result->fetch(PDO::FETCH_NUM);
    if (!$row[0]) {
        return 1;
    }
    $my_uid = uid_from_sid($sid);
    if ($row[0] === NULL || $row[0] == $my_uid) {
        return 1;
    }
    return 0;
}
示例#9
0
                    $len = 60 * 60 * 24 * $_POST['length'];
                }
            }
        } else {
            $len = 60 * 60 * 24 * 7;
        }
        if (empty($_POST['agenda'])) {
            $error .= __("Proposal cannot be empty.");
        }
    }
    if (!empty($_POST['addVote']) && empty($error)) {
        $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
        $q .= "('" . mysql_real_escape_string($_POST['agenda']) . "', ";
        $q .= "'" . mysql_real_escape_string($_POST['user']) . "', ";
        $q .= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len);
        $q .= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
        db_query($q, $dbh);
        print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n";
    } else {
        ?>

<?php 
        if (!empty($error)) {
            ?>
	<p style="color: red;" class="pkgoutput"><?php 
            print $error;
            ?>
</p>
<?php 
        }
        ?>
示例#10
0
# Add a comment to this package
if (isset($_REQUEST['comment'])) {
    # Insert the comment
    $dbh = db_connect();
    $q = 'INSERT INTO PackageComments ';
    $q .= '(PackageID, UsersID, Comments, CommentTS) VALUES (';
    $q .= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', ';
    $q .= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', ";
    $q .= 'UNIX_TIMESTAMP())';
    db_query($q, $dbh);
    # Send email notifications
    $q = 'SELECT CommentNotify.*, Users.Email ';
    $q .= 'FROM CommentNotify, Users ';
    $q .= 'WHERE Users.ID = CommentNotify.UserID ';
    $q .= 'AND CommentNotify.UserID != ' . uid_from_sid($_COOKIE['AURSID']) . ' ';
    $q .= 'AND CommentNotify.PkgID = ' . intval($_REQUEST['ID']);
    $result = db_query($q, $dbh);
    $bcc = array();
    if (mysql_num_rows($result)) {
        while ($row = mysql_fetch_assoc($result)) {
            array_push($bcc, $row['Email']);
        }
        $q = 'SELECT Packages.Name ';
        $q .= 'FROM Packages ';
        $q .= 'WHERE Packages.ID = ' . intval($_REQUEST['ID']);
        $result = db_query($q, $dbh);
        $row = mysql_fetch_assoc($result);
        # TODO: native language emails for users, based on their prefs
        # Simply making these strings translatable won't work, users would be
        # getting emails in the language that the user who posted the comment was in
示例#11
0
function pkg_search_page($SID = "")
{
    $dbh = DB::connect();
    /*
     * Get commonly used variables.
     * TODO: Reduce the number of database queries!
     */
    if ($SID) {
        $myuid = uid_from_sid($SID);
    }
    /* Sanitize paging variables. */
    if (isset($_GET['O'])) {
        $_GET['O'] = max(intval($_GET['O']), 0);
    } else {
        $_GET['O'] = 0;
    }
    if (isset($_GET["PP"])) {
        $_GET["PP"] = bound(intval($_GET["PP"]), 50, 250);
    } else {
        $_GET["PP"] = 50;
    }
    /*
     * FIXME: Pull out DB-related code. All of it! This one's worth a
     * choco-chip cookie, one of those nice big soft ones.
     */
    /* Build the package search query. */
    $q_select = "SELECT ";
    if ($SID) {
        $q_select .= "CommentNotify.UserID AS Notify,\n\t\t\t   PackageVotes.UsersID AS Voted, ";
    }
    $q_select .= "Users.Username AS Maintainer,\n\tPackages.Name, Packages.Version, Packages.Description,\n\tPackageBases.NumVotes, PackageBases.Popularity, Packages.ID,\n\tPackages.PackageBaseID, PackageBases.OutOfDateTS ";
    $q_from = "FROM Packages\n\tLEFT JOIN PackageBases ON (PackageBases.ID = Packages.PackageBaseID)\n\tLEFT JOIN Users ON (PackageBases.MaintainerUID = Users.ID) ";
    if ($SID) {
        /* This is not needed for the total row count query. */
        $q_from_extra = "LEFT JOIN PackageVotes\n\t\tON (PackageBases.ID = PackageVotes.PackageBaseID AND PackageVotes.UsersID = {$myuid})\n\t\tLEFT JOIN CommentNotify\n\t\tON (PackageBases.ID = CommentNotify.PackageBaseID AND CommentNotify.UserID = {$myuid}) ";
    } else {
        $q_from_extra = "";
    }
    $q_where = 'WHERE PackageBases.PackagerUID IS NOT NULL ';
    if (isset($_GET['K'])) {
        if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
            /* Search by maintainer. */
            $q_where .= "AND Users.Username = "******" ";
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") {
            /* Search by submitter. */
            $q_where .= "AND SubmitterUID = " . intval(uid_from_username($_GET['K'])) . " ";
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") {
            /* Search by name. */
            $K = "%" . addcslashes($_GET['K'], '%_') . "%";
            $q_where .= "AND (Packages.Name LIKE " . $dbh->quote($K) . ") ";
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "b") {
            /* Search by package base name. */
            $K = "%" . addcslashes($_GET['K'], '%_') . "%";
            $q_where .= "AND (PackageBases.Name LIKE " . $dbh->quote($K) . ") ";
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "k") {
            /* Search by keywords. */
            $q_where .= construct_keyword_search($dbh, false);
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "N") {
            /* Search by name (exact match). */
            $q_where .= "AND (Packages.Name = " . $dbh->quote($_GET['K']) . ") ";
        } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "B") {
            /* Search by package base name (exact match). */
            $q_where .= "AND (PackageBases.Name = " . $dbh->quote($_GET['K']) . ") ";
        } else {
            /* Keyword search (default). */
            $q_where .= construct_keyword_search($dbh, true);
        }
    }
    if (isset($_GET["do_Orphans"])) {
        $q_where .= "AND MaintainerUID IS NULL ";
    }
    if (isset($_GET['outdated'])) {
        if ($_GET['outdated'] == 'on') {
            $q_where .= "AND OutOfDateTS IS NOT NULL ";
        } elseif ($_GET['outdated'] == 'off') {
            $q_where .= "AND OutOfDateTS IS NULL ";
        }
    }
    $order = isset($_GET["SO"]) && $_GET["SO"] == 'd' ? 'DESC' : 'ASC';
    $q_sort = "ORDER BY ";
    $sort_by = isset($_GET["SB"]) ? $_GET["SB"] : '';
    switch ($sort_by) {
        case 'v':
            $q_sort .= "NumVotes " . $order . ", ";
            break;
        case 'p':
            $q_sort .= "Popularity " . $order . ", ";
            break;
        case 'w':
            if ($SID) {
                $q_sort .= "Voted " . $order . ", ";
            }
            break;
        case 'o':
            if ($SID) {
                $q_sort .= "Notify " . $order . ", ";
            }
            break;
        case 'm':
            $q_sort .= "Maintainer " . $order . ", ";
            break;
        case 'l':
            $q_sort .= "ModifiedTS " . $order . ", ";
            break;
        case 'a':
            /* For compatibility with old search links. */
            $q_sort .= "-ModifiedTS " . $order . ", ";
            break;
        default:
            break;
    }
    $q_sort .= " Packages.Name " . $order . " ";
    $q_limit = "LIMIT " . $_GET["PP"] . " OFFSET " . $_GET["O"];
    $q = $q_select . $q_from . $q_from_extra . $q_where . $q_sort . $q_limit;
    $q_total = "SELECT COUNT(*) " . $q_from . $q_where;
    $result = $dbh->query($q);
    $result_t = $dbh->query($q_total);
    if ($result_t) {
        $row = $result_t->fetch(PDO::FETCH_NUM);
        $total = $row[0];
    } else {
        $total = 0;
    }
    if ($result && $total > 0) {
        if (isset($_GET["SO"]) && $_GET["SO"] == "d") {
            $SO_next = "a";
        } else {
            $SO_next = "d";
        }
    }
    /* Calculate the results to use. */
    $first = $_GET['O'] + 1;
    /* Calculation of pagination links. */
    $per_page = $_GET['PP'] > 0 ? $_GET['PP'] : 50;
    $current = ceil($first / $per_page);
    $pages = ceil($total / $per_page);
    $templ_pages = array();
    if ($current > 1) {
        $templ_pages['&laquo; ' . __('First')] = 0;
        $templ_pages['&lsaquo; ' . __('Previous')] = ($current - 2) * $per_page;
    }
    if ($current - 5 > 1) {
        $templ_pages["..."] = false;
    }
    for ($i = max($current - 5, 1); $i <= min($pages, $current + 5); $i++) {
        $templ_pages[$i] = ($i - 1) * $per_page;
    }
    if ($current + 5 < $pages) {
        $templ_pages["... "] = false;
    }
    if ($current < $pages) {
        $templ_pages[__('Next') . ' &rsaquo;'] = $current * $per_page;
        $templ_pages[__('Last') . ' &raquo;'] = ($pages - 1) * $per_page;
    }
    include 'pkg_search_form.php';
    $searchresults = array();
    if ($result) {
        while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
            $searchresults[] = $row;
        }
    }
    include 'pkg_search_results.php';
    return;
}
示例#12
0
/**
 * Edit a package comment
 *
 * @return array Tuple of success/failure indicator and error message
 */
function pkgbase_edit_comment($comment)
{
    $uid = uid_from_sid($_COOKIE["AURSID"]);
    if (!$uid) {
        return array(false, __("You must be logged in before you can edit package information."));
    }
    if (isset($_POST["comment_id"])) {
        $comment_id = $_POST["comment_id"];
    } else {
        return array(false, __("Missing comment ID."));
    }
    if (trim($comment) == '') {
        return array(false, __('Comment cannot be empty.'));
    }
    $dbh = DB::connect();
    if (can_edit_comment($comment_id)) {
        $q = "UPDATE PackageComments ";
        $q .= "SET EditedUsersID = " . $uid . ", ";
        $q .= "Comments = " . $dbh->quote($comment) . ", ";
        $q .= "EditedTS = UNIX_TIMESTAMP() ";
        $q .= "WHERE ID = " . intval($comment_id);
        $dbh->exec($q);
        return array(true, __("Comment has been edited."));
    } else {
        return array(false, __("You are not allowed to edit this comment."));
    }
}
示例#13
0
    $result = db_query("SELECT PackageVotes.UsersID, PackageVotes.PackageID, Packages.Name, Packages.NumVotes FROM PackageVotes LEFT JOIN Packages ON (Packages.ID = PackageVotes.PackageID) WHERE PackageVotes.UsersID = {$userid} ORDER BY Name", $dbh);
    return $result;
}
if (isset($_COOKIE['AURSID'])) {
    $acc = account_from_sid($_COOKIE['AURSID']);
} else {
    $acc = "";
}
print "<div class = 'pgbox'>";
print "<div class = 'pgboxtitle'>";
print "<span class = 'f3'>" . __("Favourite Packages") . "</span>";
print "<div class = 'pgboxbody'>";
if (!$acc) {
    print __("You must be logged in before you can view favourite packages");
    print "<br />\n";
    for ($i = 0; $i < 3; $i++) {
        print "</div>";
    }
    html_footer(AUR_VERSION);
    exit;
}
$pkgs = getPkgs(uid_from_sid($_COOKIE['AURSID']));
print "<ul>";
while ($row = mysql_fetch_object($pkgs)) {
    print "<li><a href=packages.php?ID={$row->PackageID}>{$row->Name}</a> - {$row->NumVotes}</li>";
}
print "</ul>";
print "</div>";
print "</div>";
print "</div>";
html_footer(AUR_VERSION);
示例#14
0
/**
 * Close a deletion/orphan request
 *
 * @param int $id The package request to close
 * @param string $reason Whether the request was accepted or rejected
 * @param string $comments Comments to be added to the notification email
 * @param boolean $auto_close (optional) Whether the request is auto-closed
 *
 * @return array Tuple of success/failure indicator and error message
 */
function pkgreq_close($id, $reason, $comments, $auto_close = false)
{
    switch ($reason) {
        case 'accepted':
            $status = 2;
            break;
        case 'rejected':
            $status = 3;
            break;
        default:
            return array(false, __("Invalid reason."));
    }
    $dbh = DB::connect();
    $id = intval($id);
    $uid = uid_from_sid($_COOKIE["AURSID"]);
    if (!$auto_close && !has_credential(CRED_PKGREQ_CLOSE)) {
        return array(false, __("Only TUs and developers can close requests."));
    }
    $q = "UPDATE PackageRequests SET Status = " . intval($status) . " ";
    $q .= "WHERE ID = " . intval($id);
    $dbh->exec($q);
    /* Send e-mail notifications. */
    notify(array('request-close', $uid, $id, $reason), $comments);
    return array(true, __("Request closed successfully."));
}
示例#15
0
        print $row['Yes'];
        ?>
</span></span></td>
					<td class='<?php 
        print $c;
        ?>
'><span class='f5'><span class='blue'><?php 
        print $row['No'];
        ?>
</span></span></td>
					<td class='<?php 
        print $c;
        ?>
'>
						<?php 
        $q = "SELECT * FROM TU_Votes WHERE VoteID = " . $row['ID'] . " AND UserID = " . uid_from_sid($_COOKIE["AURSID"]);
        $hasvoted = mysql_num_rows(db_query($q, $dbh));
        ?>
						<span class='f5'><span class='blue'>
						<?php 
        if ($hasvoted == 0) {
            ?>
						<span style='color: red; font-weight: bold'><?php 
            print __("No");
            ?>
</span>
						<?php 
        } else {
            ?>
						<span style='color: green; font-weight: bold'><?php 
            print __("Yes");