All DB code currently uses the quickly aging mysql_* functions. These
functions are strongly discouraged and may eventually be deprecated.

Transition all code to utilize the PDO data access abstraction layer. PDO
allows for consistent query code across multiple databases. This could
potentially allow for someone to use a database other than MySQL with
minimal code changes.

All functions and behaviors are reproduced as faithfully as possible with
PDO equivalents and some changes in code.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This needs to be available on every page since it is needed for
get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if
the virtual path feature is disabled.

Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

* Move DB code in rss.php to new function in aur.inc.php
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

* Move DB code in pkgsubmit.php to new functions in  aur.inc.php and
pkgfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Do not show the login form on every page. Move it to a separate login
page and add a link to the navigation bar. Also, add a logout link for
logged-in users.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: canyonknight <canyonknight@gmail.com>

Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.

Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Always put the opening brace on the same line as the beginning of the
function declaration.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

this can be used as an intermediate 'patch' util there is a validation
system in place.

the extra check is to verify that the domain part of a correctly
formatted email address is existing and in use. this will not at all
stop spammers since they can use bogus emails with valid domain parts

Lukas: Minor formatting changes.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This should be set to something like 'http://localhost' for development
or 'https://aur.archlinux.org

' in production. It ensures all links in
the site stay in the development site and there is no sudden jump from
development to production environments.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.

Note that we already fixed this for the RPC interface in commit
da2ebb66

 but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>

Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Conflicts:

	web/lib/aur.inc.php

Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.

Note that we already fixed this for the RPC interface in commit
da2ebb66

 but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>

Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.

This is a rebased version of a patch by elij submitted about half a year
ago.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This has no real business being here, and is a pain to update when new
languages are shipped. Move it and the set_lang() function to
translator.inc.php instead so it doesn't overwhelm the user-configurable
settings file with static stuff.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

As discussed on the mailing list, enable "secure" and "httponly" for
session cookies to prevent them from being transferred over insecure
connections.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

If this is enabled, do not show the login form and display a note
suggesting to switch to a secure connection if a user accesses the site
via HTTP.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This prevents needless calls to db_connect() if we already have a
reference to a handle we can pass into a function. Although the current
underlying implementation using mysql_connect() will return the same
connection if all parameters are the same, this might not be true if we
switch to a more modern (e.g. PDO) interface.

In the face of safe transactions, it is extremely important all actions
are being taken over the same connection to the database.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

We shouldn't require this as it is a new config parameter and it causes
PHP warnings to be spewed everywhere.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

There was too much voodoo going on in new_sid(). Just use uniqid() with
a random seed and the optional entropy parameter to generate MD5 input.

Use the remote IP address as a salt to reduce the chance of two clients
getting the same ID if they login at exactly the same time.

Thanks-to: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Use PHP's filter extension to validate mail addresses. The filter
extension is enabled by default as of PHP 5.2.0.

Thanks-to: Florian Pritz <bluewind@xinu.at>
Thanks-to: Cédric Girard <girard.cedric@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Provie a mechanism to specify cache type from NONE, APC, or MEMCACHE
based on a config variable.

If MEMCACHE type is selected, a list of servers can be specified to
provide multiserver support. Note that php-memcaced is required for
MEMCACHE support.

Lukas: Minor commenting style fixes.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Lukas: Add note to "UPGRADING".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

- move apc cache code to aur.inc (centralize)
- refactor the apc usage in stats.inc to utilize new code in aur.inc

Lukas: Small commenting style and spelling changes.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

add a hook to db_query to log all sql queries when SQL_DEBUG is set
Additionally, provide better logging for sql error situations (provide
backtrace as well as error message).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Ensure we are not quoting these values in any of our SQL queries.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Instead, we just store dependencies directly in the PackageDepends
table. Since we don't use this info anywhere besides the package details
page, there is little value in precalculating what is in the AUR vs.
what is not.

An upgrade path is provided via several SQL statements in the UPGRADING
document. There should be no user-visible change from this, but the DB
schema gets a bit more sane and we no longer have loads of junk packages
in our tables that are never shown to the end user. This should also
help the MySQL query planner in several cases as we no longer have to be
careful to exclude dummy packages on every query.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

With our use of strtotime() in stats.inc, we are "required" to do so or at
least the emitted warning tells us it is a good idea.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

* Remove comment that is mostly bogus- the domain is automatically set.
* When logging out, don't delete the language cookie.
* Make the language cookie persistent.
* Use the minimal time possible to expire cookies; no need to compute
  anything.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

We should not rely on the default server setting staying the same
forever.

Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

-- Loui Chang
Change is_tu to check_user_privileges
Change div#archdev-navbar style

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

To upgrade existing databases:

ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';

Signed-off-by: Loui Chang <louipc.ist@gmail.com>