Commits · e6ecdcc835e9a612e5c5842867c01f0efdceb789 · Arch Linux / aurweb

24 Oct, 2011 2 commits

Require DB handle for most user account functions · e6ecdcc8

Dan McGee authored Oct 21, 2011



This affects login the most, where we save about 4 calls to db_connect()
by passing a single handle into functions where necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

e6ecdcc8

Remove a boatload of inline table styles · 8dc7b379

Dan McGee authored Oct 21, 2011



Replacing with CSS styles where appropriate. A previously unused CSS
style is tweaked in the stylesheet to match most of what was done via
non-CSS styling.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

8dc7b379

20 Aug, 2011 1 commit

Use "%s" instead of "%h" in format strings · ee4b3980

Lukas Fleischer authored Aug 15, 2011



Use the standard string type specifier instead of "%h" in format
strings. Both specifiers are treated equally in __() so we shouldn't
break anything here. This also allows us to replace the hacky
substitution algorithm in __() by vsprintf().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

ee4b3980

11 Aug, 2011 1 commit

Use secure and httponly session cookies · 00e4e029

Lukas Fleischer authored Aug 11, 2011



As discussed on the mailing list, enable "secure" and "httponly" for
session cookies to prevent them from being transferred over insecure
connections.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

00e4e029

22 Jun, 2011 1 commit
- rename *.inc files to *.inc.php and adjust imports and references · 888db089
  elij authored May 29, 2011
```
Lukas: Add note to "UPGRADING".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
```
  888db089
17 May, 2011 2 commits

fix case where user does not exist · 3e81712f

elij authored May 10, 2011



the query was being performed when $id was not set, resulting in an
invalid sql query being performed.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

3e81712f

test return value from db_query before assuming it is valid · 0898f144

elij authored May 11, 2011



make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

0898f144

27 Apr, 2011 2 commits

SQL: treat all UID/ID values as numbers, not strings · 3609cf14

Dan McGee authored Apr 25, 2011



Ensure we are not quoting these values in any of our SQL queries.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

3609cf14

SQL: use standard LIMIT/OFFSET syntax · fcda6671

Dan McGee authored Apr 25, 2011



Increases compatibility with standard SQL dialect.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

fcda6671

13 Apr, 2011 2 commits

Pass array_map() callback function properly. · 56de32c0

Lukas Fleischer authored Apr 13, 2011



PHP requires callback functions to be passed as strings. Fix this to
supress PHP notices.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

56de32c0

Remove "New Package Notify" option from user account settings. · eef5353b

Lukas Fleischer authored Apr 13, 2011



Do this in preparation for the upcoming notification script removal.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

eef5353b

11 Mar, 2011 1 commit

Fix broken XHTML. · 7f9e498e

Lukas Fleischer authored Mar 11, 2011

Fix a lot of invalid XHTML in the templates and actions. There might
still be some legacy code left, but this should cover most of it.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

7f9e498e

10 Mar, 2011 1 commit

More PHP Notice undefined fixups · 80401c6a

Dan McGee authored Mar 02, 2011



Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

80401c6a

04 Mar, 2011 2 commits

Fix PHP notices in account pages · cdc01130

Dan McGee authored Mar 01, 2011



Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

cdc01130

Ensure users can be deleted when foreign keys are present · f9eba123

Dan McGee authored Mar 01, 2011

This change is necessary to prevent this:
mysql> delete from Users where ID = 112;
ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`aur`.`Packages`, CONSTRAINT `Packages_ibfk_2` FOREIGN KEY (`SubmitterUID`) REFERENCES `Users` (`ID`) ON DELETE NO ACTION)

As a bonus, due to foreign keys, orphaning of packages will be
automatic.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

f9eba123

23 Feb, 2011 1 commit
- Add a per-user session limit (fixes FS#12898). · f961ffd9
  Lukas Fleischer authored Feb 22, 2011
```
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
```
  f961ffd9
21 Feb, 2011 1 commit
- Make persistent cookie timeout configurable via "config.inc" (FS#22994). · 52dfa9ca
  Lukas Fleischer authored Feb 21, 2011
```
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
```
  52dfa9ca
09 Oct, 2010 1 commit
- acctfuncs: Make message translatable. · 7933bbb5
  Loui Chang authored Oct 09, 2010
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  7933bbb5
02 Oct, 2010 1 commit
- Fixing XSS vulnerability · 9822b2e9
  Viktor Leonhardt authored Oct 02, 2010
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  9822b2e9
17 Apr, 2010 1 commit

Support for storing salted passwords · 290c4360

Denis authored Apr 05, 2010



To upgrade existing databases:

ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

290c4360

21 Feb, 2010 1 commit
- acctfuncs: Fix some whitespace and formatting. · 61d03581
  Loui Chang authored Feb 21, 2010
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  61d03581
25 Jun, 2009 1 commit
- Remove excess whitespace. · 610733ea
  Loui Chang authored Jun 25, 2009
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  610733ea
19 Jan, 2009 1 commit
- Use new conglomerated translation files. · 2ee32763
  Loui Chang authored Jan 19, 2009
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  2ee32763
31 Dec, 2008 1 commit
- Get db connection for accounts search results. · 1529020e
  Loui Chang authored Dec 31, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  1529020e
22 Dec, 2008 1 commit

Really make all web paths relative. · ae1c424c

Loui Chang authored Dec 21, 2008



I forgot about the forms.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>

ae1c424c

21 Dec, 2008 2 commits

Introduce function include_lang for translations. · 78c2b5c6

Loui Chang authored Dec 21, 2008



This includes only the requested language for each page and
makes top level language include files obsolete.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

78c2b5c6

Make all web paths relative. · cfeb080d

Loui Chang authored Dec 20, 2008



The site no longer needs to be hosted from the
root of a domain, or virtual host.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>

cfeb080d

12 Dec, 2008 1 commit
- Quell missing argument warning in clear_expired_sessions(). · 2188d2a4
  Loui Chang authored Dec 12, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  2188d2a4
25 Nov, 2008 1 commit
- Make remembered sessions actually save themselves. · 692cc1e9
  Loui Chang authored Nov 17, 2008
```
Also clean up a notice in index.php

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  692cc1e9
13 Nov, 2008 1 commit
- Clear out old expired sessions on log out. · cf2a82fe
  Loui Chang authored Nov 13, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  cf2a82fe
08 Jul, 2008 1 commit
- Remember user between sessions. · 2feee92a
  Andrea Scarpino authored Jul 08, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  2feee92a
17 Jun, 2008 1 commit
- Remove all vim mode lines. Add HACKING file. · 3a427256
  Loui Chang authored Jun 17, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
  3a427256
07 Jun, 2008 1 commit

Fix logging in from package page · 435e2c6c

Callan Barrett authored Jun 07, 2008



Patch by: BaSh <bash.lnx@gmail.com>

Adds query string to url when logging in

Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>

435e2c6c

04 Apr, 2008 1 commit

Fix some string translation problems in acctfuncs · 77a2564b

Loui Chang authored Mar 26, 2008



update a few others to new usage

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>

77a2564b

23 Mar, 2008 2 commits

Changed valid_passwd() to check for non-empty password instead of good_passwd() · 0e32c864
Loui Chang authored Feb 08, 2008
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>
```
0e32c864

Put login into its own function. · a5a8895f

Loui Chang authored Feb 06, 2008



Utilise login form template.
Also cleaned up a couple notices.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>

a5a8895f

20 Jan, 2008 4 commits

Several functions added to web/lib/acctfuncs.inc Weeere back! · e9de4595

Loui Chang authored Oct 04, 2007



try_login() to login users

valid_username() checks if a new username fits criteria

valid_user() checks if the user exists in the database

good_passwd() only checks for minimum password length for now.
can be later expanded to tell a user to make a stronger password.

valid_passwd() checks if the password for the specified user is correct

user_suspended() checks if the user is suspended (or not)

user_delete() deletes a user (it doesn't orphan PKGs yet though)

user_is_privileged() returns privilege level User (0) TU (2) Dev (3) of
user ID. 0 is used for a regular user for ease in conditionals.

Also:	Enforce proper usernames on account creation or editing
	Fix bug where $SUPPORTED_LANGS needs to be reset on account creation
	Fix bug where an account could be created with an empty passwd
	Display (required) beside password fields on account creation
	Enforce good_passwd() on account creation

	TUs and Devs can edit a user to have a username that doesn't conform to
	the standard valid_username(). This is to allow them to edit old
	accounts without messing up the user name.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

e9de4595

Revert "Several functions added to web/lib/acctfuncs.inc" · c404c278

Loui Chang authored Sep 30, 2007

This has a couple of bugs I just discovered arrgh. We shall return
This reverts commit 5e7e9f1b21d8803c718ac8551f8e0e25709fcd6f.

c404c278

Several functions added to web/lib/acctfuncs.inc · 6b3e9028

Loui Chang authored Sep 27, 2007



try_login() to login users

valid_username() checks if a new username fits criteria

valid_user() checks if the user exists in the database

good_passwd() only checks for minimum password length for now.
can be later expanded to tell a user to make a stronger password.

valid_passwd() checks if the password for the specified user is correct

user_suspended() checks if the user is suspended (or not)

user_delete() deletes a user

Also:	Enforce proper usernames on account creation
	Fix bug where $SUPPORTED_LANGS needs to be reset on account creation
	Fix bug where an account could be created with an empty passwd
	Display (required) beside password fields on account creation
	Enforce good_passwd() on account creation

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

6b3e9028

search_accounts_form() output is put into a template · 8f7fb2b1
Loui Chang authored Sep 27, 2007
```
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
```
8f7fb2b1