pkgfuncs.inc.php 39.3 KB
Newer Older
1
<?php
2
include_once("config.inc.php");
eric's avatar
eric committed
3

4
5
6
7
8
9
10
11
12
13
14
15
/**
 * Determine if the user can delete a specific package comment
 *
 * Only the comment submitter, Trusted Users, and Developers can delete
 * comments. This function is used for the backend side of comment deletion.
 *
 * @param string $comment_id The comment ID in the database
 * @param string $atype The account type of the user trying to delete a comment
 * @param string|int $uid The user ID of the individual trying to delete a comment
 *
 * @return bool True if the user can delete the comment, otherwise false
 */
16
function canDeleteComment($comment_id=0, $atype="", $uid=0) {
17
18
19
20
	if ($atype == "Trusted User" || $atype == "Developer") {
		# A TU/Dev can delete any comment
		return TRUE;
	}
21
	if(!$dbh) {
22
		$dbh = DB::connect();
23
	}
24
25
26
27
	$q = "SELECT COUNT(ID) AS CNT ";
	$q.= "FROM PackageComments ";
	$q.= "WHERE ID = " . intval($comment_id);
	$q.= " AND UsersID = " . $uid;
canyonknight's avatar
canyonknight committed
28
	$result = $dbh->query($q);
29
	if ($result != NULL) {
canyonknight's avatar
canyonknight committed
30
		$row = $result->fetch(PDO::FETCH_ASSOC);
31
32
33
34
35
36
		if ($row['CNT'] > 0) {
			return TRUE;
		}
	}
	return FALSE;
}
eric's avatar
eric committed
37

38
39
40
41
42
43
44
45
46
47
48
49
/**
 * Determine if the user can delete a specific package comment using an array
 *
 * Only the comment submitter, Trusted Users, and Developers can delete
 * comments. This function is used for the frontend side of comment deletion.
 *
 * @param array $comment All database information relating a specific comment
 * @param string $atype The account type of the user trying to delete a comment
 * @param string|int $uid The user ID of the individual trying to delete a comment
 *
 * @return bool True if the user can delete the comment, otherwise false
 */
50
51
52
53
54
55
56
57
58
59
60
function canDeleteCommentArray($comment, $atype="", $uid=0) {
	if ($atype == "Trusted User" || $atype == "Developer") {
		# A TU/Dev can delete any comment
		return TRUE;
	} else if ($comment['UsersID'] == $uid) {
		# User's own comment
		return TRUE;
	}
	return FALSE;
}

61
62
63
64
65
66
67
68
69
70
/**
 * Determine if the visitor can submit blacklisted packages.
 *
 * Only Trusted Users and Developers can delete blacklisted packages. Packages
 * are blacklisted if they are include in the official repositories.
 *
 * @param string $atype The account type of the user
 *
 * @return bool True if the user can submit blacklisted packages, otherwise false
 */
71
72
73
74
75
76
77
78
79
80
function canSubmitBlacklisted($atype = "") {
	if ($atype == "Trusted User" || $atype == "Developer") {
		# Only TUs/Devs can submit blacklisted packages.
		return TRUE;
	}
	else {
		return FALSE;
	}
}

81
82
83
84
85
86
87
/**
 * Get all package categories stored in the database
 *
 * @param \PDO An already established database connection
 *
 * @return array All package categories
 */
88
function pkgCategories() {
eric's avatar
eric committed
89
	$cats = array();
90
	if(!$dbh) {
91
		$dbh = DB::connect();
92
	}
93
	$q = "SELECT * FROM PackageCategories WHERE ID != 1 ";
eric's avatar
eric committed
94
	$q.= "ORDER BY Category ASC";
canyonknight's avatar
canyonknight committed
95
	$result = $dbh->query($q);
eric's avatar
eric committed
96
	if ($result) {
canyonknight's avatar
canyonknight committed
97
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
eric's avatar
eric committed
98
99
100
101
102
103
			$cats[$row[0]] = $row[1];
		}
	}
	return $cats;
}

104
105
106
107
108
109
110
/**
 * Check to see if the package name already exists in the database
 *
 * @param string $name The package name to check
 *
 * @return string|void Package name if it already exists
 */
111
function pkgid_from_name($name="") {
112
	if (!$name) {return NULL;}
113
	if(!$dbh) {
114
		$dbh = DB::connect();
115
	}
116
	$q = "SELECT ID FROM Packages ";
canyonknight's avatar
canyonknight committed
117
118
119
120
121
122
	$q.= "WHERE Name = " . $dbh->quote($name);
	$result = $dbh->query($q);
	if (!$result) {
		return;
	}
	$row = $result->fetch(PDO::FETCH_NUM);
123
124
125
	return $row[0];
}

126
127
128
129
130
131
132
/**
 * Get package dependencies for a specific package
 *
 * @param int $pkgid The package to get dependencies for
 *
 * @return array All package dependencies for the package
 */
133
function package_dependencies($pkgid) {
134
	$deps = array();
135
136
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
137
		if(!$dbh) {
138
			$dbh = DB::connect();
139
		}
Dan McGee's avatar
Dan McGee committed
140
141
142
143
		$q = "SELECT pd.DepName, pd.DepCondition, p.ID FROM PackageDepends pd ";
		$q.= "LEFT JOIN Packages p ON pd.DepName = p.Name ";
		$q.= "WHERE pd.PackageID = ". $pkgid . " ";
		$q.= "ORDER BY pd.DepName";
canyonknight's avatar
canyonknight committed
144
145
146
147
148
		$result = $dbh->query($q);
		if (!$result) {
			return array();
		}
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
149
150
151
152
153
154
			$deps[] = $row;
		}
	}
	return $deps;
}

155
156
157
158
159
160
161
/**
 * Determine packages that depend on a package
 *
 * @param string $name The package name for the dependency search
 *
 * @return array All packages that depend on the specified package name
 */
162
function package_required($name="") {
163
	$deps = array();
Dan McGee's avatar
Dan McGee committed
164
	if ($name != "") {
165
		if(!$dbh) {
166
			$dbh = DB::connect();
167
		}
168
		$q = "SELECT DISTINCT p.Name, PackageID FROM PackageDepends pd ";
Dan McGee's avatar
Dan McGee committed
169
		$q.= "JOIN Packages p ON pd.PackageID = p.ID ";
canyonknight's avatar
canyonknight committed
170
		$q.= "WHERE DepName = " . $dbh->quote($name) . " ";
Dan McGee's avatar
Dan McGee committed
171
		$q.= "ORDER BY p.Name";
canyonknight's avatar
canyonknight committed
172
		$result = $dbh->query($q);
173
		if (!$result) {return array();}
canyonknight's avatar
canyonknight committed
174
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
175
176
177
178
179
180
			$deps[] = $row;
		}
	}
	return $deps;
}

181
182
183
184
185
186
187
/**
 * Get the number of non-deleted comments for a specific package
 *
 * @param string $pkgid The package ID to get comment count for
 *
 * @return string The number of comments left for a specific package
 */
188
function package_comments_count($pkgid) {
canyonknight's avatar
canyonknight committed
189
	if (!$dbh) {
190
		$dbh = DB::connect();
canyonknight's avatar
canyonknight committed
191
192
	}

193
194
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
195
		if(!$dbh) {
196
			$dbh = DB::connect();
197
		}
198
		$q = "SELECT COUNT(*) FROM PackageComments ";
199
		$q.= "WHERE PackageID = " . $pkgid;
200
		$q.= " AND DelUsersID IS NULL";
201
	}
canyonknight's avatar
canyonknight committed
202
	$result = $dbh->query($q);
203
204
205
206
207

	if (!$result) {
		return;
	}

canyonknight's avatar
canyonknight committed
208
209
	$row = $result->fetch(PDO::FETCH_NUM);
	return $row[0];
210
211
}

212
213
214
215
216
217
218
/**
 * Get all package comment information for a specific package
 *
 * @param int $pkgid The package ID to get comments for
 *
 * @return array All package comment information for a specific package
 */
219
function package_comments($pkgid) {
eric's avatar
eric committed
220
	$comments = array();
221
222
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
223
		if(!$dbh) {
224
			$dbh = DB::connect();
225
		}
226
		$q = "SELECT PackageComments.ID, UserName, UsersID, Comments, CommentTS ";
eric's avatar
eric committed
227
228
		$q.= "FROM PackageComments, Users ";
		$q.= "WHERE PackageComments.UsersID = Users.ID";
229
		$q.= " AND PackageID = " . $pkgid;
230
		$q.= " AND DelUsersID IS NULL"; # only display non-deleted comments
231
		$q.= " ORDER BY CommentTS DESC";
232
233
234
235
236

		if (!isset($_GET['comments'])) {
			$q.= " LIMIT 10";
		}

canyonknight's avatar
canyonknight committed
237
		$result = $dbh->query($q);
Loui Chang's avatar
Loui Chang committed
238
239
240
241
242

		if (!$result) {
			return;
		}

canyonknight's avatar
canyonknight committed
243
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
eric's avatar
eric committed
244
245
246
247
248
249
			$comments[] = $row;
		}
	}
	return $comments;
}

250
251
252
253
254
255
256
257
258
259
/**
 * Add a comment to a package page and send out appropriate notifications
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @param string $pkgid The package ID to add the comment on
 * @param string $uid The user ID of the individual who left the comment
 * @param string $comment The comment left on a package page
 *
 * @return void
 */
260
function add_package_comment($pkgid, $uid, $comment) {
261
262
	global $AUR_LOCATION;

263
	if(!$dbh) {
264
		$dbh = DB::connect();
265
266
	}

canyonknight's avatar
canyonknight committed
267
268
269
270
271
	$q = "INSERT INTO PackageComments ";
	$q.= "(PackageID, UsersID, Comments, CommentTS) VALUES (";
	$q.= intval($pkgid) . ", " . $uid . ", ";
	$q.= $dbh->quote($comment) . ", UNIX_TIMESTAMP())";
	$dbh->exec($q);
272

273
        # TODO: Move notification logic to separate function where it belongs
274
	# Send email notifications
canyonknight's avatar
canyonknight committed
275
276
277
278
279
280
	$q = "SELECT CommentNotify.*, Users.Email ";
	$q.= "FROM CommentNotify, Users ";
	$q.= "WHERE Users.ID = CommentNotify.UserID ";
	$q.= "AND CommentNotify.UserID != " . $uid . " ";
	$q.= "AND CommentNotify.PkgID = " . intval($pkgid);
	$result = $dbh->query($q);
281
282
	$bcc = array();

canyonknight's avatar
canyonknight committed
283
284
	if ($result) {
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
285
286
287
			array_push($bcc, $row['Email']);
		}

canyonknight's avatar
canyonknight committed
288
289
290
291
292
		$q = "SELECT Packages.* ";
		$q.= "FROM Packages ";
		$q.= "WHERE Packages.ID = " . intval($pkgid);
		$result = $dbh->query($q);
		$row = $result->fetch(PDO::FETCH_ASSOC);
293
294
295
296
297

		# TODO: native language emails for users, based on their prefs
		# Simply making these strings translatable won't work, users would be
		# getting emails in the language that the user who posted the comment was in
		$body =
298
		'from ' . $AUR_LOCATION . get_pkg_uri($row['Name']) . "\n"
299
		. username_from_sid($_COOKIE['AURSID']) . " wrote:\n\n"
300
301
302
303
304
305
306
307
308
		. $comment
		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
		$body = wordwrap($body, 70);
		$bcc = implode(', ', $bcc);
		$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n";
		@mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers);
	}
}

309
310
311
312
313
314
315
/**
 * Get all package sources for a specific package
 *
 * @param string $pkgid The package ID to get the sources for
 *
 * @return array All sources associated with a specific package
 */
316
function package_sources($pkgid) {
317
	$sources = array();
318
319
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
320
		if(!$dbh) {
321
			$dbh = DB::connect();
322
		}
323
		$q = "SELECT Source FROM PackageSources ";
324
		$q.= "WHERE PackageID = " . $pkgid;
325
		$q.= " ORDER BY Source";
canyonknight's avatar
canyonknight committed
326
327
328
329
330
		$result = $dbh->query($q);
		if (!$result) {
			return array();
		}
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
331
332
333
334
335
336
			$sources[] = $row[0];
		}
	}
	return $sources;
}

337
338
339
340
341
342
343
/**
 * Get a list of all packages a logged-in user has voted for
 *
 * @param string $sid The session ID of the visitor
 *
 * @return array All packages the visitor has voted for
 */
344
function pkgvotes_from_sid($sid="") {
345
346
	$pkgs = array();
	if (!$sid) {return $pkgs;}
347
	if(!$dbh) {
348
		$dbh = DB::connect();
349
	}
350
351
352
353
	$q = "SELECT PackageID ";
	$q.= "FROM PackageVotes, Users, Sessions ";
	$q.= "WHERE Users.ID = Sessions.UsersID ";
	$q.= "AND Users.ID = PackageVotes.UsersID ";
canyonknight's avatar
canyonknight committed
354
355
	$q.= "AND Sessions.SessionID = " . $dbh->quote($sid);
	$result = $dbh->query($q);
356
	if ($result) {
canyonknight's avatar
canyonknight committed
357
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
358
359
360
361
362
363
			$pkgs[$row[0]] = 1;
		}
	}
	return $pkgs;
}

364
365
366
367
368
369
370
/**
 * Determine package names from package IDs
 *
 * @param string|array $pkgids The package IDs to get names for
 *
 * @return array|string All names if multiple package IDs, otherwise package name
 */
371
function pkgname_from_id($pkgids) {
372
373
374
	if (is_array($pkgids)) {
		$pkgids = sanitize_ids($pkgids);
		$names = array();
375
		if(!$dbh) {
376
			$dbh = DB::connect();
377
		}
canyonknight's avatar
canyonknight committed
378
379
380
381
382
		$q = "SELECT Name FROM Packages WHERE ID IN (";
		$q.= implode(",", $pkgids) . ")";
		$result = $dbh->query($q);
		if ($result) {
			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
383
384
385
386
387
388
389
				$names[] = $row['Name'];
			}
		}
		return $names;
	}
	elseif ($pkgids > 0) {
		if(!$dbh) {
390
			$dbh = DB::connect();
391
392
		}
		$q = "SELECT Name FROM Packages WHERE ID = " . $pkgids;
canyonknight's avatar
canyonknight committed
393
394
395
		$result = $dbh->query($q);
		if ($result) {
			$name = $result->fetch(PDO::FETCH_NUM);
396
		}
canyonknight's avatar
canyonknight committed
397
		return $name[0];
398
399
400
	}
	else {
		return NULL;
401
402
403
	}
}

404
405
406
407
408
409
410
/**
 * Determine if a package name is on the database blacklist
 *
 * @param string $name The package name to check
 *
 * @return bool True if the name is blacklisted, otherwise false
 */
411
function pkgname_is_blacklisted($name) {
412
	if(!$dbh) {
413
		$dbh = DB::connect();
414
	}
canyonknight's avatar
canyonknight committed
415
416
417
	$q = "SELECT COUNT(*) FROM PackageBlacklist ";
	$q.= "WHERE Name = " . $dbh->quote($name);
	$result = $dbh->query($q);
418
419

	if (!$result) return false;
420
	return ($result->fetchColumn() > 0);
421
422
}

423
/**
424
 * Get the package details
425
 *
426
 * @param string $id The package ID to get description for
427
 *
428
429
 * @return array The package's details OR error message
 **/
430
function get_package_details($id=0) {
431
	if(!$dbh) {
432
		$dbh = DB::connect();
433
434
	}

435
436
437
	$q = "SELECT Packages.*,Category ";
	$q.= "FROM Packages,PackageCategories ";
	$q.= "WHERE Packages.CategoryID = PackageCategories.ID ";
Loui Chang's avatar
Loui Chang committed
438
	$q.= "AND Packages.ID = " . intval($id);
canyonknight's avatar
canyonknight committed
439
	$result = $dbh->query($q);
eric's avatar
eric committed
440

441
442
	$row = array();

canyonknight's avatar
canyonknight committed
443
	if (!$result) {
444
		$row['error'] = __("Error retrieving package details.");
445
446
	}
	else {
canyonknight's avatar
canyonknight committed
447
		$row = $result->fetch(PDO::FETCH_ASSOC);
eric's avatar
eric committed
448
		if (empty($row)) {
449
			$row['error'] = __("Package details could not be found.");
450
		}
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
	}

	return $row;
}

/**
 * Display the package details page
 *
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
 * @global bool $USE_VIRTUAL_URLS True if using URL rewriting, otherwise false
 * @param string $id The package ID to get details page for
 * @param array $row Package details retrieved by get_package_details
 * @param string $SID The session ID of the visitor
 *
 * @return void
 */
467
function display_package_details($id=0, $row, $SID="") {
468
469
470
471
	global $AUR_LOCATION;
	global $USE_VIRTUAL_URLS;

	if(!$dbh) {
472
		$dbh = DB::connect();
473
	}
474

475
476
477
478
479
480
481
482
483
484
	if (isset($row['error'])) {
		print "<p>" . $row['error'] . "</p>\n";
	}
	else {
		include('pkg_details.php');

		# Actions Bar
		if ($SID) {
			include('actions_form.php');
			if (isset($_REQUEST['comment']) && check_token()) {
485
486
				$uid = uid_from_sid($SID);
				add_package_comment($id, $uid, $_REQUEST['comment']);
eric's avatar
eric committed
487
			}
488
489
490
491
			include('pkg_comment_form.php');
		}

		# Print Comments
492
		$comments = package_comments($id);
493
494
		if (!empty($comments)) {
			include('pkg_comments.php');
eric's avatar
eric committed
495
496
497
498
499
		}
	}
}


Simo Leone's avatar
Simo Leone committed
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
/* pkg_search_page(SID)
 * outputs the body of search/search results page
 *
 * parameters:
 *  SID - current Session ID
 * preconditions:
 *  package search page has been accessed
 *  request variables have not been sanitized
 *
 *  request vars:
 *    O  - starting result number
 *    PP - number of search hits per page
 *    C  - package category ID number
 *    K  - package search string
 *    SO - search hit sort order:
 *          values: a - ascending
 *                  d - descending
 *    SB - sort search hits by:
518
 *          values: c - package category
Simo Leone's avatar
Simo Leone committed
519
520
521
522
 *                  n - package name
 *                  v - number of votes
 *                  m - maintainer username
 *    SeB- property that search string (K) represents
Andrea Scarpino's avatar
Andrea Scarpino committed
523
524
 *          values: n  - package name
 *                  nd - package name & description
525
 *                  x  - package name (exact match)
Simo Leone's avatar
Simo Leone committed
526
527
528
529
530
531
532
533
534
535
536
537
538
539
 *                  m  - package maintainer's username
 *                  s  - package submitter's username
 *    do_Orphans    - boolean. whether to search packages
 *                     without a maintainer
 *
 *
 *    These two are actually handled in packages.php.
 *
 *    IDs- integer array of ticked packages' IDs
 *    action - action to be taken on ticked packages
 *             values: do_Flag   - Flag out-of-date
 *                     do_UnFlag - Remove out-of-date flag
 *                     do_Adopt  - Adopt
 *                     do_Disown - Disown
540
 *                     do_Delete - Delete (requires confirm_Delete to be set)
541
542
 *                     do_Notify - Enable notification
 *                     do_UnNotify - Disable notification
Simo Leone's avatar
Simo Leone committed
543
 */
544
function pkg_search_page($SID="") {
545
	if(!$dbh) {
546
		$dbh = DB::connect();
547
	}
Loui Chang's avatar
Loui Chang committed
548
549
550
551
552

	// get commonly used variables...
	// TODO: REDUCE DB HITS.
	// grab info for user if they're logged in
	if ($SID)
553
		$myuid = uid_from_sid($SID);
Loui Chang's avatar
Loui Chang committed
554
	// get a list of package categories
555
	$cats = pkgCategories($dbh); //meow
Loui Chang's avatar
Loui Chang committed
556
557
558
559
560
561
562
563
564
565
566
567
568
569

	// sanitize paging variables
	//
	if (isset($_GET['O'])) {
		$_GET['O'] = intval($_GET['O']);
		if ($_GET['O'] < 0)
			$_GET['O'] = 0;
	}
	else {
		$_GET['O'] = 0;
	}

	if (isset($_GET["PP"])) {
		$_GET["PP"] = intval($_GET["PP"]);
570
571
572
573
		if ($_GET["PP"] < 50)
			$_GET["PP"] = 50;
		else if ($_GET["PP"] > 250)
			$_GET["PP"] = 250;
Loui Chang's avatar
Loui Chang committed
574
575
	}
	else {
576
		$_GET["PP"] = 50;
Loui Chang's avatar
Loui Chang committed
577
578
579
580
581
582
583
584
	}

	// FIXME: pull out DB-related code. all of it.
	//        this one's worth a choco-chip cookie,
	//        one of those nice big soft ones

	// build the package search query
	//
585
	$q_select = "SELECT ";
Loui Chang's avatar
Loui Chang committed
586
	if ($SID) {
587
		$q_select .= "CommentNotify.UserID AS Notify,
588
			   PackageVotes.UsersID AS Voted, ";
Loui Chang's avatar
Loui Chang committed
589
	}
590
	$q_select .= "Users.Username AS Maintainer,
Loui Chang's avatar
Loui Chang committed
591
592
	PackageCategories.Category,
	Packages.Name, Packages.Version, Packages.Description, Packages.NumVotes,
593
	Packages.ID, Packages.OutOfDateTS ";
Loui Chang's avatar
Loui Chang committed
594

595
	$q_from = "FROM Packages
596
597
598
	LEFT JOIN Users ON (Packages.MaintainerUID = Users.ID)
	LEFT JOIN PackageCategories
	ON (Packages.CategoryID = PackageCategories.ID) ";
Loui Chang's avatar
Loui Chang committed
599
	if ($SID) {
600
601
		# this portion is not needed for the total row count query
		$q_from_extra = "LEFT JOIN PackageVotes
Loui Chang's avatar
Loui Chang committed
602
603
604
		ON (Packages.ID = PackageVotes.PackageID AND PackageVotes.UsersID = $myuid)
		LEFT JOIN CommentNotify
		ON (Packages.ID = CommentNotify.PkgID AND CommentNotify.UserID = $myuid) ";
605
606
	} else {
		$q_from_extra = "";
Loui Chang's avatar
Loui Chang committed
607
608
	}

Dan McGee's avatar
Dan McGee committed
609
	$q_where = "WHERE 1 = 1 ";
610
611
	// TODO: possibly do string matching on category
	//       to make request variable values more sensible
612
	if (isset($_GET["C"]) && intval($_GET["C"])) {
613
		$q_where .= "AND Packages.CategoryID = ".intval($_GET["C"])." ";
Loui Chang's avatar
Loui Chang committed
614
615
	}

616
	if (isset($_GET['K'])) {
Loui Chang's avatar
Loui Chang committed
617
		# Search by maintainer
618
		if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
canyonknight's avatar
canyonknight committed
619
			$q_where .= "AND Users.Username = " . $dbh->quote($_GET['K']) . " ";
Loui Chang's avatar
Loui Chang committed
620
		}
Andrea Scarpino's avatar
Andrea Scarpino committed
621
		# Search by submitter
622
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") {
623
			$q_where .= "AND SubmitterUID = ".uid_from_username($_GET['K'])." ";
Loui Chang's avatar
Loui Chang committed
624
		}
625
		# Search by name
626
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") {
canyonknight's avatar
canyonknight committed
627
628
			$K = "%" . addcslashes($_GET['K'], '%_') . "%";
			$q_where .= "AND (Name LIKE " . $dbh->quote($K) . ") ";
Andrea Scarpino's avatar
Andrea Scarpino committed
629
		}
630
631
		# Search by name (exact match)
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "x") {
canyonknight's avatar
canyonknight committed
632
			$q_where .= "AND (Name = " . $dbh->quote($_GET['K']) . ") ";
633
		}
Andrea Scarpino's avatar
Andrea Scarpino committed
634
		# Search by name and description (Default)
Loui Chang's avatar
Loui Chang committed
635
		else {
canyonknight's avatar
canyonknight committed
636
637
638
			$K = "%" . addcslashes($_GET['K'], '%_') . "%";
			$q_where .= "AND (Name LIKE " . $dbh->quote($K) . " OR ";
			$q_where .= "Description LIKE " . $dbh->quote($K) . ") ";
Loui Chang's avatar
Loui Chang committed
639
640
641
		}
	}

642
	if (isset($_GET["do_Orphans"])) {
643
		$q_where .= "AND MaintainerUID IS NULL ";
Loui Chang's avatar
Loui Chang committed
644
	}
645

646
	if (isset($_GET['outdated'])) {
647
		if ($_GET['outdated'] == 'on') {
648
			$q_where .= "AND OutOfDateTS IS NOT NULL ";
649
650
		}
		elseif ($_GET['outdated'] == 'off') {
651
			$q_where .= "AND OutOfDateTS IS NULL ";
652
		}
653
654
	}

655
	$order = (isset($_GET["SO"]) && $_GET["SO"] == 'd') ? 'DESC' : 'ASC';
Loui Chang's avatar
Loui Chang committed
656

657
	$q_sort = "ORDER BY Name ".$order." ";
658
659
	$sort_by = isset($_GET["SB"]) ? $_GET["SB"] : '';
	switch ($sort_by) {
Loui Chang's avatar
Loui Chang committed
660
	case 'c':
661
		$q_sort = "ORDER BY CategoryID ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
662
663
		break;
	case 'v':
664
		$q_sort = "ORDER BY NumVotes ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
665
		break;
666
667
	case 'w':
		if ($SID) {
668
			$q_sort = "ORDER BY Voted ".$order.", Name ASC ";
669
670
671
672
		}
		break;
	case 'o':
		if ($SID) {
673
			$q_sort = "ORDER BY Notify ".$order.", Name ASC ";
674
675
		}
		break;
Loui Chang's avatar
Loui Chang committed
676
	case 'm':
677
		$q_sort = "ORDER BY Maintainer ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
678
679
		break;
	case 'a':
680
		$q_sort = "ORDER BY ModifiedTS ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
681
682
683
684
685
		break;
	default:
		break;
	}

686
	$q_limit = "LIMIT ".$_GET["PP"]." OFFSET ".$_GET["O"];
687

688
689
	$q = $q_select . $q_from . $q_from_extra . $q_where . $q_sort . $q_limit;
	$q_total = "SELECT COUNT(*) " . $q_from . $q_where;
Loui Chang's avatar
Loui Chang committed
690

canyonknight's avatar
canyonknight committed
691
692
	$result = $dbh->query($q);
	$result_t = $dbh->query($q_total);
693
	if ($result_t) {
canyonknight's avatar
canyonknight committed
694
695
		$row = $result_t->fetch(PDO::FETCH_NUM);
		$total = $row[0];
696
697
698
699
	}
	else {
		$total = 0;
	}
Simo Leone's avatar
Simo Leone committed
700

701
	if ($result && $total > 0) {
702
703
		if (isset($_GET["SO"]) && $_GET["SO"] == "d"){
			$SO_next = "a";
Loui Chang's avatar
Loui Chang committed
704
705
		}
		else {
706
			$SO_next = "d";
Loui Chang's avatar
Loui Chang committed
707
		}
708
	}
Simo Leone's avatar
Simo Leone committed
709

710
	// figure out the results to use
Loui Chang's avatar
Loui Chang committed
711
	$first = $_GET['O'] + 1;
Simo Leone's avatar
Simo Leone committed
712

713
714
715
716
717
	# calculation of pagination links
	$per_page = ($_GET['PP'] > 0) ? $_GET['PP'] : 50;
	$current = ceil($first / $per_page);
	$pages = ceil($total / $per_page);
	$templ_pages = array();
718

719
	if ($current > 1) {
720
721
		$templ_pages['&laquo; ' . __('First')] = 0;
		$templ_pages['&lsaquo; ' . __('Previous')] = ($current - 2) * $per_page;
722
	}
723

724
725
	if ($current - 5 > 1)
		$templ_pages["..."] = false;
726

727
728
729
	for ($i = max($current - 5, 1); $i <= min($pages, $current + 5); $i++) {
		$templ_pages[$i] = ($i - 1) * $per_page;
	}
730

731
732
	if ($current + 5 < $pages)
		$templ_pages["... "] = false;
733

734
	if ($current < $pages) {
735
736
		$templ_pages[__('Next') . ' &rsaquo;'] = $current * $per_page;
		$templ_pages[__('Last') . ' &raquo;'] = ($pages - 1) * $per_page;
737
	}
Simo Leone's avatar
Simo Leone committed
738

739
	include('pkg_search_form.php');
740

canyonknight's avatar
canyonknight committed
741
742
743
744
	if ($result) {
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
			$searchresults[] = $row;
		}
745
746
	}

747
748
	include('pkg_search_results.php');

Loui Chang's avatar
Loui Chang committed
749
	return;
eric's avatar
eric committed
750
751
}

752
753
754
755
756
757
758
/**
 * Determine if a POST string has been sent by a visitor
 *
 * @param string $action String to check has been sent via POST
 *
 * @return bool True if the POST string was used, otherwise false
 */
Dan McGee's avatar
Dan McGee committed
759
760
761
762
763
function current_action($action) {
	return (isset($_POST['action']) && $_POST['action'] == $action) ||
		isset($_POST[$action]);
}

764
/**
765
766
767
768
769
 * Determine if sent IDs are valid integers
 *
 * @param array $ids IDs to validate
 *
 * @return array All sent IDs that are valid integers
770
771
772
773
774
775
776
777
778
779
780
781
 */
function sanitize_ids($ids) {
	$new_ids = array();
	foreach ($ids as $id) {
		$id = intval($id);
		if ($id > 0) {
			$new_ids[] = $id;
		}
	}
	return $new_ids;
}

782
/**
783
 * Flag package(s) as out-of-date
784
 *
785
 * @global string $AUR_LOCATION The AUR's URL used for notification e-mails
786
 * @param string $atype Account type, output of account_from_sid
787
 * @param array $ids Array of package IDs to flag/unflag
788
789
790
 *
 * @return string Translated success or error messages
 */
791
function pkg_flag($atype, $ids) {
Dan McGee's avatar
Dan McGee committed
792
793
	global $AUR_LOCATION;

794
	if (!$atype) {
795
		return __("You must be logged in before you can flag packages.");
796
797
	}

798
	$ids = sanitize_ids($ids);
799
	if (empty($ids)) {
800
		return __("You did not select any packages to flag.");
801
802
	}

803
	if(!$dbh) {
804
		$dbh = DB::connect();
805
	}
806

807
	$q = "UPDATE Packages SET";
808
	$q.= " OutOfDateTS = UNIX_TIMESTAMP()";
809
	$q.= " WHERE ID IN (" . implode(",", $ids) . ")";
810
	$q.= " AND OutOfDateTS IS NULL";
811
812
813

	$affected_pkgs = $dbh->exec($q);

814
	if ($affected_pkgs > 0) {
815
		# Notify of flagging by email
816
817
818
		$f_name = username_from_sid($_COOKIE['AURSID']);
		$f_email = email_from_sid($_COOKIE['AURSID']);
		$f_uid = uid_from_sid($_COOKIE['AURSID']);
819
820
		$q = "SELECT Packages.Name, Users.Email, Packages.ID ";
		$q.= "FROM Packages, Users ";
821
		$q.= "WHERE Packages.ID IN (" . implode(",", $ids) .") ";
822
823
		$q.= "AND Users.ID = Packages.MaintainerUID ";
		$q.= "AND Users.ID != " . $f_uid;
canyonknight's avatar
canyonknight committed
824
825
826
		$result = $dbh->query($q);
		if ($result) {
			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
827
				# construct email
828
				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . get_pkg_uri($row['Name']) . "\n\n[1] - " . $AUR_LOCATION . get_user_uri($f_name);
829
				$body = wordwrap($body, 70);
830
831
				$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n";
				@mail($row['Email'], "AUR Out-of-date Notification for ".$row['Name'], $body, $headers);
832
833
834
835
			}
		}
	}

836
837
838
839
840
841
842
843
844
845
846
	return __("The selected packages have been flagged out-of-date.");
}

/**
 * Unflag package(s) as out-of-date
 *
 * @param string $atype Account type, output of account_from_sid
 * @param array $ids Array of package IDs to flag/unflag
 *
 * @return string Translated success or error messages
 */
847
function pkg_unflag($atype, $ids) {
848
849
850
851
852
853
854
855
856
857
	if (!$atype) {
		return __("You must be logged in before you can unflag packages.");
	}

	$ids = sanitize_ids($ids);
	if (empty($ids)) {
		return __("You did not select any packages to unflag.");
	}

	if(!$dbh) {
858
		$dbh = DB::connect();
859
860
861
862
863
864
865
	}

	$q = "UPDATE Packages SET ";
	$q.= "OutOfDateTS = NULL ";
	$q.= "WHERE ID IN (" . implode(",", $ids) . ") ";

	if ($atype != "Trusted User" && $atype != "Developer") {
866
		$q.= "AND MaintainerUID = " . uid_from_sid($_COOKIE["AURSID"]);
867
868
869
870
871
	}

	$result = $dbh->exec($q);

	if ($result) {
872
873
874
		return __("The selected packages have been unflagged.");
	}
}
875

876
877
878
879
/**
 * Delete packages
 *
 * @param string $atype Account type, output of account_from_sid
880
 * @param array $ids Array of package IDs to delete
881
 * @param int $mergepkgid Package to merge the deleted ones into
882
883
884
 *
 * @return string Translated error or success message
 */
885
function pkg_delete ($atype, $ids, $mergepkgid) {
886
	if (!$atype) {
887
		return __("You must be logged in before you can delete packages.");
888
889
890
	}

	# If they're a TU or dev, can delete
891
892
	if ($atype != "Trusted User" && $atype != "Developer") {
		return __("You do have permission to delete packages.");
893
894
	}

895
	$ids = sanitize_ids($ids);
896
897
	if (empty($ids)) {
		return __("You did not select any packages to delete.");
898
899
	}

900
	if(!$dbh) {
901
		$dbh = DB::connect();
902
	}
903

904
	if ($mergepkgid) {
905
		$mergepkgname = pkgname_from_id($mergepkgid);
906
907
908
909
	}

	# Send email notifications
	foreach ($ids as $pkgid) {
canyonknight's avatar
canyonknight committed
910
911
912
913
914
915
		$q = "SELECT CommentNotify.*, Users.Email ";
		$q.= "FROM CommentNotify, Users ";
		$q.= "WHERE Users.ID = CommentNotify.UserID ";
		$q.= "AND CommentNotify.UserID != " . uid_from_sid($_COOKIE['AURSID']) . " ";
		$q.= "AND CommentNotify.PkgID = " . $pkgid;
		$result = $dbh->query($q);
916
917
		$bcc = array();

canyonknight's avatar
canyonknight committed
918
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
919
920
921
922
923
924
925
926
927
928
929
			array_push($bcc, $row['Email']);
		}
		if (!empty($bcc)) {
			$pkgname = pkgname_from_id($pkgid);

			# TODO: native language emails for users, based on their prefs
			# Simply making these strings translatable won't work, users would be
			# getting emails in the language that the user who posted the comment was in
			$body = "";
			if ($mergepkgid) {
				$body .= username_from_sid($_COOKIE['AURSID']) . " merged \"".$pkgname."\" into \"$mergepkgname\".\n\n";
930
				$body .= "You will no longer receive notifications about this package, please go to https://aur.archlinux.org" . get_pkg_uri($mergepkgname) . " and click the Notify button if you wish to recieve them again.";
931
932
933
934
935
936
937
			} else {
				$body .= username_from_sid($_COOKIE['AURSID']) . " deleted \"".$pkgname."\".\n\n";
				$body .= "You will no longer receive notifications about this package.";
			}
			$body = wordwrap($body, 70);
			$bcc = implode(', ', $bcc);
			$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n";
938
			@mail('undisclosed-recipients: ;', "AUR Package deleted: " . $pkgname, $body, $headers);
939
940
941
		}
	}

942
943
944
945
946
	if ($mergepkgid) {
		/* Merge comments */
		$q = "UPDATE PackageComments ";
		$q.= "SET PackageID = " . intval($mergepkgid) . " ";
		$q.= "WHERE PackageID IN (" . implode(",", $ids) . ")";
canyonknight's avatar
canyonknight committed
947
		$dbh->exec($q);
948
949
950
951
952
953
954
955
956
957
958

		/* Merge votes */
		foreach ($ids as $pkgid) {
			$q = "UPDATE PackageVotes ";
			$q.= "SET PackageID = " . intval($mergepkgid) . " ";
			$q.= "WHERE PackageID = " . $pkgid . " ";
			$q.= "AND UsersID NOT IN (";
			$q.= "SELECT * FROM (SELECT UsersID ";
			$q.= "FROM PackageVotes ";
			$q.= "WHERE PackageID = " . intval($mergepkgid);
			$q.= ") temp)";
canyonknight's avatar
canyonknight committed
959
			$dbh->exec($q);
960
961
962
963
964
965
		}

		$q = "UPDATE Packages ";
		$q.= "SET NumVotes = (SELECT COUNT(*) FROM PackageVotes ";
		$q.= "WHERE PackageID = " . intval($mergepkgid) . ") ";
		$q.= "WHERE ID = " . intval($mergepkgid);
canyonknight's avatar
canyonknight committed
966
		$dbh->exec($q);
967
968
	}

969
	$q = "DELETE FROM Packages WHERE ID IN (" . implode(",", $ids) . ")";
canyonknight's avatar
canyonknight committed
970
	$result = $dbh->exec($q);
971
972
973

	return __("The selected packages have been deleted.");
}
974

975
976
977
978
/**
 * Adopt or disown packages
 *
 * @param string $atype Account type, output of account_from_sid
979
 * @param array $ids Array of package IDs to adopt/disown
980
 * @param bool $action Adopts if true, disowns if false. Adopts by default
981
982
983
 *
 * @return string Translated error or success message
 */
984
function pkg_adopt ($atype, $ids, $action=true) {
985
986
987
988
989
990
991
992
	if (!$atype) {
		if ($action) {
			return __("You must be logged in before you can adopt packages.");
		} else {
			return __("You must be logged in before you can disown packages.");
		}
	}

993
	$ids = sanitize_ids($ids);
994
995
996
997
998
999
1000
	if (empty($ids)) {
		if ($action) {
			return __("You did not select any packages to adopt.");
		} else {
			return __("You did not select any packages to disown.");
		}
	}
For faster browsing, not all history is shown. View entire blame