- Jan 30, 2020
-
-
Lukas Fleischer authored
Rollback an accidental change that sneaked into commit daee20c6 (Require current password when setting a new one, 2020-01-30). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Oct 05, 2019
-
-
Lukas Fleischer authored
With the previous implementation, unlucky users could have their CAPTCHA be invalidated by a single account creation while filling out their account registration form. Make this more robust by allowing up to five account registrations before rejecting a CAPTCHA salt. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Add a CAPTCHA to protect against automated account creation. The CAPTCHA changes whenever three new accounts are registered. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Aug 06, 2018
-
-
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Dec 03, 2017
-
-
Lukas Fleischer authored
Since commit 4efba18f (Only allow valid HTTP(s) URLs as home page, 2017-11-05), the home page field in the account settings must be a valid URL. However, this new check prevents from leaving the field empty. Keep the check in place but skip it if the home page field is left empty. Fixes FS#56550. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Nov 05, 2017
-
-
Lukas Fleischer authored
The home page specified in the account settings is converted to a clickable link on the user's profile. Make sure it is a valid URL which uses the http or https scheme. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Aug 01, 2017
-
-
Lukas Fleischer authored
When removing an account, remove the user from all last packager fields before deletion to make sure that no package bases are deleted, even if propagation constraints are missing. Fixes FS#53956. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Apr 30, 2017
-
-
Lukas Fleischer authored
This allows for adding Terms of Service documents to the database that registered users need to accept before using the AUR. A revision field can be used to indicate whether a document was updated. If it is increased, all users are again asked to accept the new terms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Apr 18, 2017
-
-
Lukas Fleischer authored
Instead of unconditionally calling fetch on the return value of query(), error out early if the value evaluates to false. Also, make sure that the results array is always initialized, even if the result set is empty. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Feb 27, 2017
-
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
The $salt variable is no longer needed as of 29a48708 (Use bcrypt to hash passwords, 2017-02-24). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Fixes a regression introduced in 608c4830 (Add user set timezones, 2017-01-20). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Feb 24, 2017
-
-
Lukas Fleischer authored
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Jan 25, 2017
-
-
Lukas Fleischer authored
Inspired by commit 32c8d0c3 (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Jan 20, 2017
-
-
Currently, when a user edits their language setting from the edit user form, the changes aren't reflected until the user either lets the original cookie expire, deletes the cookie manually, or changes the language a second time via the dropdown menu on the top of the page. This patch makes the language cookie get updated when it is changed from the edit user form. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Nov 10, 2016
-
-
UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in the web interface is changed to use PHP's time() function. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Jun 08, 2016
-
-
Lukas Fleischer authored
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Mar 13, 2016
-
-
Lukas Fleischer authored
Directly store the information contained in $_SERVER['REMOTE_ADDR'] instead of using ip2long() which does not support IPv6 addresses. Note that the LastLoginIPAddress field is designed to be used by the administrator on rare occasions only (e.g. to fight spam) and is not displayed anywhere. Fixes FS#48557. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Feb 21, 2016
-
-
Lukas Fleischer authored
Add a new option that makes it possible to subscribe to package ownership changes (adoption/disownment). Fixes FS#15412. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Feb 07, 2016
-
-
Lukas Fleischer authored
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
As a preparatory step to adding support for package notifications on events other than comments, rename the database table accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Dec 13, 2015
-
-
Lukas Fleischer authored
Directly retrieve comments from the database instead of additionally passing them via stdin. Fixes FS#46742. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Nov 14, 2015
-
-
Lukas Fleischer authored
Add a configuration option to set the path of the notification script. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Sep 20, 2015
-
-
Implements FS#42343. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Sep 11, 2015
-
-
Lukas Fleischer authored
Accept both user names and email addresses in the login prompt. Suggested-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
This helper function was almost 100% identical to uid_from_username(). Switch to using uid_from_username(), which has a much better name and implementation, everywhere. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Aug 08, 2015
-
-
Don't print messages (and the account form) in process_account_form() anymore, but return them to the caller. When updating accounts, this function will be called before the headers are written. If a username has been changed by process_account_form(), the headers now show the updated username from the database in the 'My Account' link. Clicking on it immediately after changing a username will no longer lead to a non-existing URL. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Use a Python script for sending notification emails. The notification action and additional parameters are passed via command line arguments. For comment and package request notifications, the text is passed via stdin. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Jun 29, 2015
-
-
Lukas Fleischer authored
`ssh-keygen -l` returns more than four tokens when there is whitespace in the key comment. Fixes FS#45488. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Jun 27, 2015
-
-
This commit changes the messages printed when changing the accound details so that it only prints that no changes were made if either the account change SQL query or the account_set_ssh_keys call failed. Reported-by: Alexis Chotard <alexis.horgix.chotard@gmail.com> Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Attaching more than one SSH public key to the same account is useful, e.g. if one uses different machines to access the AUR SSH interface. Multiple keys can now be specified by adding multiple lines to the text area on the account edit form. Implements FS#45469. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
-
After the user was authenticated a redirect to the site which linked the user to the login page is done. This fixes FS#32481. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- May 31, 2015
-
-
Lukas Fleischer authored
Use NULL instead of an empty string if the SSH public key field is left empty. Additionally, do not check for duplicate keys in that case. Fixes FS#45109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-
- Dec 27, 2014
-
-
Lukas Fleischer authored
Users can now add an SSH public key on the account edit page. This will later be used to authenticate users via SSH. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Dec 13, 2014
-
-
Lukas Fleischer authored
Refactor some of the URI generation code to avoid double slashes in absolute URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-