Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.

Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.

Fixes FS#52297.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Inspired by commit 32c8d0c3

 (Store last login address as plain text,
2016-03-13).

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Mark Weiman authored Jan 20, 2017 and Lukas Fleischer committed Jan 20, 2017

Currently, when a user edits their language setting from the edit user form,
the changes aren't reflected until the user either lets the original cookie
expire, deletes the cookie manually, or changes the language a second time via
the dropdown menu on the top of the page. This patch makes the language cookie
get updated when it is changed from the edit user form.

Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Mark Weiman authored Jan 20, 2017 and Lukas Fleischer committed Jan 20, 2017

Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.

Implements FS#48729.

Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Mark Weiman authored Nov 09, 2016 and Lukas Fleischer committed Nov 10, 2016

UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in
the web interface is changed to use PHP's time() function.

Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Allow users to add a link to their homepage to their profile.

Implements FS#22774.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.

Fixes FS#48557.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Add a new option that makes it possible to subscribe to package
ownership changes (adoption/disownment).

Fixes FS#15412.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.

Implements FS#30109.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Add a configuration option to the account edit page that allows for
globally enabling/disabling package base comment notifications.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

As a preparatory step to adding support for package notifications on
events other than comments, rename the database table accordingly.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Directly retrieve comments from the database instead of additionally
passing them via stdin.

Fixes FS#46742.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Add a configuration option to set the path of the notification script.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Marcel Korpel authored Sep 20, 2015 and Lukas Fleischer committed Sep 20, 2015

Implements FS#42343.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Accept both user names and email addresses in the login prompt.

Suggested-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

This helper function was almost 100% identical to uid_from_username().
Switch to using uid_from_username(), which has a much better name and
implementation, everywhere.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Marcel Korpel authored Jul 19, 2015 and Lukas Fleischer committed Aug 08, 2015

Don't print messages (and the account form) in process_account_form()
anymore, but return them to the caller. When updating accounts, this
function will be called before the headers are written.

If a username has been changed by process_account_form(), the headers
now show the updated username from the database in the 'My Account'
link. Clicking on it immediately after changing a username will no
longer lead to a non-existing URL.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Marcel Korpel authored Jul 19, 2015 and Lukas Fleischer committed Aug 08, 2015

This fixes a bug where the new user name input by the user was
invalid, causing the account deletion link and the form action to be
wrong.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Use a Python script for sending notification emails. The notification
action and additional parameters are passed via command line arguments.
For comment and package request notifications, the text is passed via
stdin.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

`ssh-keygen -l` returns more than four tokens when there is whitespace
in the key comment.

Fixes FS#45488.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Johannes Löthberg authored Jun 27, 2015 and Lukas Fleischer committed Jun 27, 2015

This commit changes the messages printed when changing the accound
details so that it only prints that no changes were made if either the
account change SQL query or the account_set_ssh_keys call failed.

Reported-by: Alexis Chotard <alexis.horgix.chotard@gmail.com>
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Attaching more than one SSH public key to the same account is useful,
e.g. if one uses different machines to access the AUR SSH interface.
Multiple keys can now be specified by adding multiple lines to the text
area on the account edit form.

Implements FS#45469.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>

Gordian Edenhofer authored Jun 18, 2015 and Lukas Fleischer committed Jun 27, 2015

After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Use NULL instead of an empty string if the SSH public key field is left
empty. Additionally, do not check for duplicate keys in that case.

Fixes FS#45109.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Users can now add an SSH public key on the account edit page. This will
later be used to authenticate users via SSH.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Refactor some of the URI generation code to avoid double slashes in
absolute URIs.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Replace web/lib/config.inc.php with an INI-style configuration file.
This allows us to get rid of several globals and makes it easier to use
the same configuration file in external scripts.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Fixes FS#41860.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This reflects the changes in 3610f3c6

.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Add a check to remove a notice which is displayed after registration
since commit 03c6304e

 (Rework permission handling, 2014-07-15).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Fixes a regression introduced in 03c6304e

 (Rework permission handling,
2014-07-15).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Explicitly clean up all references before deleting a user.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

This group has full permissions on everything.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Prevent Trusted Users and developers from accidentally using a name that
contains invalid characters. Also, remove user_is_privileged() which is
no longer needed after this change.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Return null instead of the string "None" in username_from_id(),
uid_from_email() and uid_from_username().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>