/** * Determine if a user has the permission to perform a given action * * @param int $credential The type of action to peform * @param array $approved_users A user whitelist for this query * * @return bool Return true if the user has the permission, false if not */ function has_credential($credential, $approved_users = array()) { if (!isset($_COOKIE['AURSID'])) { return false; } $uid = uid_from_sid($_COOKIE['AURSID']); if (in_array($uid, $approved_users)) { return true; } $atype = account_from_sid($_COOKIE['AURSID']); switch ($credential) { case CRED_PKGBASE_FLAG: case CRED_PKGBASE_NOTIFY: case CRED_PKGBASE_VOTE: case CRED_PKGREQ_FILE: return $atype == 'User' || $atype == 'Trusted User' || $atype == 'Developer' || $atype == 'Trusted User & Developer'; case CRED_ACCOUNT_CHANGE_TYPE: case CRED_ACCOUNT_EDIT: case CRED_ACCOUNT_LAST_LOGIN: case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: case CRED_COMMENT_VIEW_DELETED: case CRED_COMMENT_EDIT: case CRED_PKGBASE_ADOPT: case CRED_PKGBASE_SET_KEYWORDS: case CRED_PKGBASE_DELETE: case CRED_PKGBASE_EDIT_COMAINTAINERS: case CRED_PKGBASE_DISOWN: case CRED_PKGBASE_LIST_VOTERS: case CRED_PKGBASE_UNFLAG: case CRED_PKGREQ_CLOSE: case CRED_PKGREQ_LIST: return $atype == 'Trusted User' || $atype == 'Developer' || $atype == 'Trusted User & Developer'; case CRED_TU_ADD_VOTE: case CRED_TU_LIST_VOTES: case CRED_TU_VOTE: return $atype == 'Trusted User' || $atype == 'Trusted User & Developer'; case CRED_ACCOUNT_EDIT_DEV: return $atype == 'Developer' || $atype == 'Trusted User & Developer'; } return false; }
/** * Process information given to new/edit account form * * @global array $SUPPORTED_LANGS Languages that are supported by the AUR * @param string $TYPE Either "edit" for editing or "new" for registering an account * @param string $A Form to use, either UpdateAccount or NewAccount * @param string $U The username for the account * @param string $T The account type for the user * @param string $S Whether or not the account is suspended * @param string $E The e-mail address for the user * @param string $H Whether or not the e-mail address should be hidden * @param string $P The password for the user * @param string $C The confirmed password for the user * @param string $R The real name of the user * @param string $L The language preference of the user * @param string $I The IRC nickname of the user * @param string $K The PGP fingerprint of the user * @param string $PK The list of public SSH keys * @param string $J The inactivity status of the user * @param string $UID The user ID of the modified account * @param string $N The username as present in the database * * @return array Boolean indicating success and message to be printed */ function process_account_form($TYPE, $A, $U = "", $T = "", $S = "", $E = "", $H = "", $P = "", $C = "", $R = "", $L = "", $I = "", $K = "", $PK = "", $J = "", $UID = 0, $N = "") { global $SUPPORTED_LANGS; $error = ''; $message = ''; if (is_ipbanned()) { $error = __('Account registration has been disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.'); } $dbh = DB::connect(); if (isset($_COOKIE['AURSID'])) { $editor_user = uid_from_sid($_COOKIE['AURSID']); } else { $editor_user = null; } if (empty($E) || empty($U)) { $error = __("Missing a required field."); } if ($TYPE != "new" && !$UID) { $error = __("Missing User ID"); } if (!$error && !valid_username($U)) { $length_min = config_get_int('options', 'username_min_len'); $length_max = config_get_int('options', 'username_max_len'); $error = __("The username is invalid.") . "<ul>\n" . "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max) . "</li>" . "<li>" . __("Start and end with a letter or number") . "</li>" . "<li>" . __("Can contain only one period, underscore or hyphen.") . "</li>\n</ul>"; } if (!$error && $P && $C && $P != $C) { $error = __("Password fields do not match."); } if (!$error && $P != '' && !good_passwd($P)) { $length_min = config_get_int('options', 'passwd_min_len'); $error = __("Your password must be at least %s characters.", $length_min); } if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); } if (!$error && $K != '' && !valid_pgp_fingerprint($K)) { $error = __("The PGP key fingerprint is invalid."); } if (!$error && !empty($PK)) { $ssh_keys = array_filter(array_map('trim', explode("\n", $PK))); $ssh_fingerprints = array(); foreach ($ssh_keys as &$ssh_key) { if (!valid_ssh_pubkey($ssh_key)) { $error = __("The SSH public key is invalid."); break; } $ssh_fingerprint = ssh_key_fingerprint($ssh_key); if (!$ssh_fingerprint) { $error = __("The SSH public key is invalid."); break; } $tokens = explode(" ", $ssh_key); $ssh_key = $tokens[0] . " " . $tokens[1]; $ssh_fingerprints[] = $ssh_fingerprint; } /* * Destroy last reference to prevent accidentally overwriting * an array element. */ unset($ssh_key); } if (isset($_COOKIE['AURSID'])) { $atype = account_from_sid($_COOKIE['AURSID']); if ($atype == "User" && $T > 1 || $atype == "Trusted User" && $T > 2) { $error = __("Cannot increase account permissions."); } } if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { $error = __("Language is not currently supported."); } if (!$error) { /* * Check whether the user name is available. * TODO: Fix race condition. */ $q = "SELECT COUNT(*) AS CNT FROM Users "; $q .= "WHERE Username = "******"edit") { $q .= " AND ID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0]) { $error = __("The username, %s%s%s, is already in use.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } } if (!$error) { /* * Check whether the e-mail address is available. * TODO: Fix race condition. */ $q = "SELECT COUNT(*) AS CNT FROM Users "; $q .= "WHERE Email = " . $dbh->quote($E); if ($TYPE == "edit") { $q .= " AND ID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0]) { $error = __("The address, %s%s%s, is already in use.", "<strong>", htmlspecialchars($E, ENT_QUOTES), "</strong>"); } } if (!$error && count($ssh_keys) > 0) { /* * Check whether any of the SSH public keys is already in use. * TODO: Fix race condition. */ $q = "SELECT Fingerprint FROM SSHPubKeys "; $q .= "WHERE Fingerprint IN ("; $q .= implode(',', array_map(array($dbh, 'quote'), $ssh_fingerprints)); $q .= ")"; if ($TYPE == "edit") { $q .= " AND UserID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row) { $error = __("The SSH public key, %s%s%s, is already in use.", "<strong>", htmlspecialchars($row[0], ENT_QUOTES), "</strong>"); } } if ($error) { $message = "<ul class='errorlist'><li>" . $error . "</li></ul>\n"; return array(false, $message); } if ($TYPE == "new") { /* Create an unprivileged user. */ $salt = generate_salt(); if (empty($P)) { $send_resetkey = true; $email = $E; } else { $send_resetkey = false; $P = salted_hash($P, $salt); } $U = $dbh->quote($U); $E = $dbh->quote($E); $P = $dbh->quote($P); $salt = $dbh->quote($salt); $R = $dbh->quote($R); $L = $dbh->quote($L); $I = $dbh->quote($I); $K = $dbh->quote(str_replace(" ", "", $K)); $q = "INSERT INTO Users (AccountTypeID, Suspended, "; $q .= "InactivityTS, Username, Email, Passwd, Salt, "; $q .= "RealName, LangPreference, IRCNick, PGPKey) "; $q .= "VALUES (1, 0, 0, {$U}, {$E}, {$P}, {$salt}, {$R}, {$L}, "; $q .= "{$I}, {$K})"; $result = $dbh->exec($q); if (!$result) { $message = __("Error trying to create account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); return array(false, $message); } $uid = $dbh->lastInsertId(); account_set_ssh_keys($uid, $ssh_keys, $ssh_fingerprints); $message = __("The account, %s%s%s, has been successfully created.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); $message .= "<p>\n"; if ($send_resetkey) { send_resetkey($email, true); $message .= __("A password reset key has been sent to your e-mail address."); $message .= "</p>\n"; } else { $message .= __("Click on the Login link above to use your account."); $message .= "</p>\n"; } } else { /* Modify an existing account. */ $q = "SELECT InactivityTS FROM Users WHERE "; $q .= "ID = " . intval($UID); $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0] && $J) { $inactivity_ts = $row[0]; } elseif ($J) { $inactivity_ts = time(); } else { $inactivity_ts = 0; } $q = "UPDATE Users SET "; $q .= "Username = "******", AccountTypeID = " . intval($T); } if ($S) { /* Ensure suspended users can't keep an active session */ delete_user_sessions($UID); $q .= ", Suspended = 1"; } else { $q .= ", Suspended = 0"; } $q .= ", Email = " . $dbh->quote($E); if ($H) { $q .= ", HideEmail = 1"; } else { $q .= ", HideEmail = 0"; } if ($P) { $salt = generate_salt(); $hash = salted_hash($P, $salt); $q .= ", Passwd = '{$hash}', Salt = '{$salt}'"; } $q .= ", RealName = " . $dbh->quote($R); $q .= ", LangPreference = " . $dbh->quote($L); $q .= ", IRCNick = " . $dbh->quote($I); $q .= ", PGPKey = " . $dbh->quote(str_replace(" ", "", $K)); $q .= ", InactivityTS = " . $inactivity_ts; $q .= " WHERE ID = " . intval($UID); $result = $dbh->exec($q); $ssh_key_result = account_set_ssh_keys($UID, $ssh_keys, $ssh_fingerprints); if ($result === false || $ssh_key_result === false) { $message = __("No changes were made to the account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } else { $message = __("The account, %s%s%s, has been successfully modified.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } } return array(true, $message); }
<div id="pkg-updates" class="widget box"> <?php updates_table(); ?> </div> <div id="pkg-stats" class="widget box"> <?php general_stats_table(); ?> </div> <?php if (!empty($_COOKIE["AURSID"])) { ?> <div id="pkg-stats" class="widget box"> <?php user_table(uid_from_sid($_COOKIE["AURSID"])); ?> </div> <?php } ?> </div> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> <script type="text/javascript" src="/js/bootstrap-typeahead.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $('#pkgsearch-field').typeahead({ source: function(query, callback) { $.getJSON('<?php echo get_uri('/rpc');
if ($canvote == 1) { if (isset($_POST['doVote'])) { if (isset($_POST['voteYes'])) { $myvote = "Yes"; } else { if (isset($_POST['voteNo'])) { $myvote = "No"; } else { if (isset($_POST['voteAbstain'])) { $myvote = "Abstain"; } } } $qvote = "UPDATE TU_VoteInfo SET " . $myvote . " = " . ($row[$myvote] + 1) . " WHERE ID = " . $row['ID']; db_query($qvote, $dbh); $qvote = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . $row['ID'] . ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; db_query($qvote, $dbh); # Can't vote anymore # $canvote = 0; $errorvote = __("You've already voted for this proposal."); # Update if they voted $hasvoted = mysql_num_rows(db_query($qvoted, $dbh)); $results = db_query($q, $dbh); $row = mysql_fetch_assoc($results); } } include "tu_details.php"; } } else { print __("Vote ID not valid.");
<?php $pkgbuild_uri = sprintf(config_get('options', 'pkgbuild_uri'), urlencode($row['Name'])); $log_uri = sprintf(config_get('options', 'log_uri'), urlencode($row['Name'])); $snapshot_uri = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['Name'])); $git_clone_uri_anon = sprintf(config_get('options', 'git_clone_uri_anon'), htmlspecialchars($row['Name'])); $git_clone_uri_priv = sprintf(config_get('options', 'git_clone_uri_priv'), htmlspecialchars($row['Name'])); $uid = uid_from_sid($SID); $base_id = intval($row['ID']); $keywords = pkgbase_get_keywords($base_id); $submitter = username_from_id($row["SubmitterUID"]); $maintainer = username_from_id($row["MaintainerUID"]); $comaintainers = pkgbase_get_comaintainers($base_id); $packager = username_from_id($row["PackagerUID"]); if ($row["MaintainerUID"] !== NULL) { $maintainers = array_merge(array($row["MaintainerUID"]), pkgbase_get_comaintainer_uids(array($base_id))); } else { $maintainers = array(); } $unflaggers = array_merge($maintainers, array($row["FlaggerUID"])); $votes = $row['NumVotes']; $popularity = $row['Popularity']; # In case of wanting to put a custom message $msg = __('unknown'); # Print the timestamps for last updates $updated_time = $row["ModifiedTS"] == 0 ? $msg : gmdate("Y-m-d H:i", intval($row["ModifiedTS"])); $submitted_time = $row["SubmittedTS"] == 0 ? $msg : gmdate("Y-m-d H:i", intval($row["SubmittedTS"])); $out_of_date_time = $row["OutOfDateTS"] == 0 ? $msg : gmdate("Y-m-d", intval($row["OutOfDateTS"])); $pkgs = pkgbase_get_pkgnames($base_id); $base_uri = get_pkgbase_uri($row['Name']); ?>
} elseif (current_action("do_Notify")) { list($ret, $output) = pkgbase_notify($ids); } elseif (current_action("do_UnNotify")) { list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { list($ret, $output) = pkgbase_delete_comment(); } elseif (current_action("do_SetKeywords")) { list($ret, $output) = pkgbase_set_keywords($base_id, preg_split("/[\\s,;]+/", $_POST['keywords'], -1, PREG_SPLIT_NO_EMPTY)); } elseif (current_action("do_FileRequest")) { list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']); } elseif (current_action("do_CloseRequest")) { list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']); } elseif (current_action("do_EditComaintainers")) { list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users'])); } elseif (current_action("do_AddComment")) { $uid = uid_from_sid($_COOKIE["AURSID"]); list($ret, $output) = pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); $fragment = '#news'; } elseif (current_action("do_EditComment")) { list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']); if ($ret && isset($_POST["comment_id"])) { $fragment = '#comment-' . intval($_POST["comment_id"]); } } if ($ret) { if (current_action("do_CloseRequest") || current_action("do_Delete") && $_POST['via']) { /* Redirect back to package request page on success. */ header('Location: ' . get_pkgreq_route()); exit; } if (isset($base_id)) {
} else { if (isset($_POST['voteNo'])) { $myvote = "No"; } else { if (isset($_POST['voteAbstain'])) { $myvote = "Abstain"; } } } cast_proposal_vote($row['ID'], uid_from_sid($_COOKIE["AURSID"]), $myvote, $row[$myvote] + 1); # Can't vote anymore # $canvote = 0; $errorvote = __("You've already voted for this proposal."); # Update if they voted if (tu_voted($row['ID'], uid_from_sid($_COOKIE["AURSID"]))) { $hasvoted = 1; } $row = vote_details($_GET['id']); } } include "tu_details.php"; } } else { print __("Vote ID not valid."); } } else { $limit = $pp; if (isset($_GET['off'])) { $offset = $_GET['off']; }
/** * Determine if a user has permission to submit a package * * @param string $name Name of the package to be submitted * @param string $sid User's session ID * * @return int 0 if the user can't submit, 1 if the user can submit */ function can_submit_pkgbase($name = "", $sid = "") { if (!$name || !$sid) { return 0; } $dbh = DB::connect(); $q = "SELECT MaintainerUID "; $q .= "FROM PackageBases WHERE Name = " . $dbh->quote($name); $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if (!$row[0]) { return 1; } $my_uid = uid_from_sid($sid); if ($row[0] === NULL || $row[0] == $my_uid) { return 1; } return 0; }
$len = 60 * 60 * 24 * $_POST['length']; } } } else { $len = 60 * 60 * 24 * 7; } if (empty($_POST['agenda'])) { $error .= __("Proposal cannot be empty."); } } if (!empty($_POST['addVote']) && empty($error)) { $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; $q .= "('" . mysql_real_escape_string($_POST['agenda']) . "', "; $q .= "'" . mysql_real_escape_string($_POST['user']) . "', "; $q .= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len); $q .= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; db_query($q, $dbh); print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n"; } else { ?> <?php if (!empty($error)) { ?> <p style="color: red;" class="pkgoutput"><?php print $error; ?> </p> <?php } ?>
# Add a comment to this package if (isset($_REQUEST['comment'])) { # Insert the comment $dbh = db_connect(); $q = 'INSERT INTO PackageComments '; $q .= '(PackageID, UsersID, Comments, CommentTS) VALUES ('; $q .= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', '; $q .= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', "; $q .= 'UNIX_TIMESTAMP())'; db_query($q, $dbh); # Send email notifications $q = 'SELECT CommentNotify.*, Users.Email '; $q .= 'FROM CommentNotify, Users '; $q .= 'WHERE Users.ID = CommentNotify.UserID '; $q .= 'AND CommentNotify.UserID != ' . uid_from_sid($_COOKIE['AURSID']) . ' '; $q .= 'AND CommentNotify.PkgID = ' . intval($_REQUEST['ID']); $result = db_query($q, $dbh); $bcc = array(); if (mysql_num_rows($result)) { while ($row = mysql_fetch_assoc($result)) { array_push($bcc, $row['Email']); } $q = 'SELECT Packages.Name '; $q .= 'FROM Packages '; $q .= 'WHERE Packages.ID = ' . intval($_REQUEST['ID']); $result = db_query($q, $dbh); $row = mysql_fetch_assoc($result); # TODO: native language emails for users, based on their prefs # Simply making these strings translatable won't work, users would be # getting emails in the language that the user who posted the comment was in
function pkg_search_page($SID = "") { $dbh = DB::connect(); /* * Get commonly used variables. * TODO: Reduce the number of database queries! */ if ($SID) { $myuid = uid_from_sid($SID); } /* Sanitize paging variables. */ if (isset($_GET['O'])) { $_GET['O'] = max(intval($_GET['O']), 0); } else { $_GET['O'] = 0; } if (isset($_GET["PP"])) { $_GET["PP"] = bound(intval($_GET["PP"]), 50, 250); } else { $_GET["PP"] = 50; } /* * FIXME: Pull out DB-related code. All of it! This one's worth a * choco-chip cookie, one of those nice big soft ones. */ /* Build the package search query. */ $q_select = "SELECT "; if ($SID) { $q_select .= "CommentNotify.UserID AS Notify,\n\t\t\t PackageVotes.UsersID AS Voted, "; } $q_select .= "Users.Username AS Maintainer,\n\tPackages.Name, Packages.Version, Packages.Description,\n\tPackageBases.NumVotes, PackageBases.Popularity, Packages.ID,\n\tPackages.PackageBaseID, PackageBases.OutOfDateTS "; $q_from = "FROM Packages\n\tLEFT JOIN PackageBases ON (PackageBases.ID = Packages.PackageBaseID)\n\tLEFT JOIN Users ON (PackageBases.MaintainerUID = Users.ID) "; if ($SID) { /* This is not needed for the total row count query. */ $q_from_extra = "LEFT JOIN PackageVotes\n\t\tON (PackageBases.ID = PackageVotes.PackageBaseID AND PackageVotes.UsersID = {$myuid})\n\t\tLEFT JOIN CommentNotify\n\t\tON (PackageBases.ID = CommentNotify.PackageBaseID AND CommentNotify.UserID = {$myuid}) "; } else { $q_from_extra = ""; } $q_where = 'WHERE PackageBases.PackagerUID IS NOT NULL '; if (isset($_GET['K'])) { if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { /* Search by maintainer. */ $q_where .= "AND Users.Username = "******" "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") { /* Search by submitter. */ $q_where .= "AND SubmitterUID = " . intval(uid_from_username($_GET['K'])) . " "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") { /* Search by name. */ $K = "%" . addcslashes($_GET['K'], '%_') . "%"; $q_where .= "AND (Packages.Name LIKE " . $dbh->quote($K) . ") "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "b") { /* Search by package base name. */ $K = "%" . addcslashes($_GET['K'], '%_') . "%"; $q_where .= "AND (PackageBases.Name LIKE " . $dbh->quote($K) . ") "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "k") { /* Search by keywords. */ $q_where .= construct_keyword_search($dbh, false); } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "N") { /* Search by name (exact match). */ $q_where .= "AND (Packages.Name = " . $dbh->quote($_GET['K']) . ") "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "B") { /* Search by package base name (exact match). */ $q_where .= "AND (PackageBases.Name = " . $dbh->quote($_GET['K']) . ") "; } else { /* Keyword search (default). */ $q_where .= construct_keyword_search($dbh, true); } } if (isset($_GET["do_Orphans"])) { $q_where .= "AND MaintainerUID IS NULL "; } if (isset($_GET['outdated'])) { if ($_GET['outdated'] == 'on') { $q_where .= "AND OutOfDateTS IS NOT NULL "; } elseif ($_GET['outdated'] == 'off') { $q_where .= "AND OutOfDateTS IS NULL "; } } $order = isset($_GET["SO"]) && $_GET["SO"] == 'd' ? 'DESC' : 'ASC'; $q_sort = "ORDER BY "; $sort_by = isset($_GET["SB"]) ? $_GET["SB"] : ''; switch ($sort_by) { case 'v': $q_sort .= "NumVotes " . $order . ", "; break; case 'p': $q_sort .= "Popularity " . $order . ", "; break; case 'w': if ($SID) { $q_sort .= "Voted " . $order . ", "; } break; case 'o': if ($SID) { $q_sort .= "Notify " . $order . ", "; } break; case 'm': $q_sort .= "Maintainer " . $order . ", "; break; case 'l': $q_sort .= "ModifiedTS " . $order . ", "; break; case 'a': /* For compatibility with old search links. */ $q_sort .= "-ModifiedTS " . $order . ", "; break; default: break; } $q_sort .= " Packages.Name " . $order . " "; $q_limit = "LIMIT " . $_GET["PP"] . " OFFSET " . $_GET["O"]; $q = $q_select . $q_from . $q_from_extra . $q_where . $q_sort . $q_limit; $q_total = "SELECT COUNT(*) " . $q_from . $q_where; $result = $dbh->query($q); $result_t = $dbh->query($q_total); if ($result_t) { $row = $result_t->fetch(PDO::FETCH_NUM); $total = $row[0]; } else { $total = 0; } if ($result && $total > 0) { if (isset($_GET["SO"]) && $_GET["SO"] == "d") { $SO_next = "a"; } else { $SO_next = "d"; } } /* Calculate the results to use. */ $first = $_GET['O'] + 1; /* Calculation of pagination links. */ $per_page = $_GET['PP'] > 0 ? $_GET['PP'] : 50; $current = ceil($first / $per_page); $pages = ceil($total / $per_page); $templ_pages = array(); if ($current > 1) { $templ_pages['« ' . __('First')] = 0; $templ_pages['‹ ' . __('Previous')] = ($current - 2) * $per_page; } if ($current - 5 > 1) { $templ_pages["..."] = false; } for ($i = max($current - 5, 1); $i <= min($pages, $current + 5); $i++) { $templ_pages[$i] = ($i - 1) * $per_page; } if ($current + 5 < $pages) { $templ_pages["... "] = false; } if ($current < $pages) { $templ_pages[__('Next') . ' ›'] = $current * $per_page; $templ_pages[__('Last') . ' »'] = ($pages - 1) * $per_page; } include 'pkg_search_form.php'; $searchresults = array(); if ($result) { while ($row = $result->fetch(PDO::FETCH_ASSOC)) { $searchresults[] = $row; } } include 'pkg_search_results.php'; return; }
/** * Edit a package comment * * @return array Tuple of success/failure indicator and error message */ function pkgbase_edit_comment($comment) { $uid = uid_from_sid($_COOKIE["AURSID"]); if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); } if (isset($_POST["comment_id"])) { $comment_id = $_POST["comment_id"]; } else { return array(false, __("Missing comment ID.")); } if (trim($comment) == '') { return array(false, __('Comment cannot be empty.')); } $dbh = DB::connect(); if (can_edit_comment($comment_id)) { $q = "UPDATE PackageComments "; $q .= "SET EditedUsersID = " . $uid . ", "; $q .= "Comments = " . $dbh->quote($comment) . ", "; $q .= "EditedTS = UNIX_TIMESTAMP() "; $q .= "WHERE ID = " . intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been edited.")); } else { return array(false, __("You are not allowed to edit this comment.")); } }
$result = db_query("SELECT PackageVotes.UsersID, PackageVotes.PackageID, Packages.Name, Packages.NumVotes FROM PackageVotes LEFT JOIN Packages ON (Packages.ID = PackageVotes.PackageID) WHERE PackageVotes.UsersID = {$userid} ORDER BY Name", $dbh); return $result; } if (isset($_COOKIE['AURSID'])) { $acc = account_from_sid($_COOKIE['AURSID']); } else { $acc = ""; } print "<div class = 'pgbox'>"; print "<div class = 'pgboxtitle'>"; print "<span class = 'f3'>" . __("Favourite Packages") . "</span>"; print "<div class = 'pgboxbody'>"; if (!$acc) { print __("You must be logged in before you can view favourite packages"); print "<br />\n"; for ($i = 0; $i < 3; $i++) { print "</div>"; } html_footer(AUR_VERSION); exit; } $pkgs = getPkgs(uid_from_sid($_COOKIE['AURSID'])); print "<ul>"; while ($row = mysql_fetch_object($pkgs)) { print "<li><a href=packages.php?ID={$row->PackageID}>{$row->Name}</a> - {$row->NumVotes}</li>"; } print "</ul>"; print "</div>"; print "</div>"; print "</div>"; html_footer(AUR_VERSION);
/** * Close a deletion/orphan request * * @param int $id The package request to close * @param string $reason Whether the request was accepted or rejected * @param string $comments Comments to be added to the notification email * @param boolean $auto_close (optional) Whether the request is auto-closed * * @return array Tuple of success/failure indicator and error message */ function pkgreq_close($id, $reason, $comments, $auto_close = false) { switch ($reason) { case 'accepted': $status = 2; break; case 'rejected': $status = 3; break; default: return array(false, __("Invalid reason.")); } $dbh = DB::connect(); $id = intval($id); $uid = uid_from_sid($_COOKIE["AURSID"]); if (!$auto_close && !has_credential(CRED_PKGREQ_CLOSE)) { return array(false, __("Only TUs and developers can close requests.")); } $q = "UPDATE PackageRequests SET Status = " . intval($status) . " "; $q .= "WHERE ID = " . intval($id); $dbh->exec($q); /* Send e-mail notifications. */ notify(array('request-close', $uid, $id, $reason), $comments); return array(true, __("Request closed successfully.")); }
print $row['Yes']; ?> </span></span></td> <td class='<?php print $c; ?> '><span class='f5'><span class='blue'><?php print $row['No']; ?> </span></span></td> <td class='<?php print $c; ?> '> <?php $q = "SELECT * FROM TU_Votes WHERE VoteID = " . $row['ID'] . " AND UserID = " . uid_from_sid($_COOKIE["AURSID"]); $hasvoted = mysql_num_rows(db_query($q, $dbh)); ?> <span class='f5'><span class='blue'> <?php if ($hasvoted == 0) { ?> <span style='color: red; font-weight: bold'><?php print __("No"); ?> </span> <?php } else { ?> <span style='color: green; font-weight: bold'><?php print __("Yes");