pkgfuncs.inc.php 34.2 KB
Newer Older
1
<?php
2
include_once("config.inc.php");
eric's avatar
eric committed
3

4
5
6
# Make sure this visitor can delete the requested package comment
# They can delete if they were the comment submitter, or if they are a TU/Dev
#
7
function canDeleteComment($comment_id=0, $atype="", $uid=0, $dbh=NULL) {
8
9
10
11
	if ($atype == "Trusted User" || $atype == "Developer") {
		# A TU/Dev can delete any comment
		return TRUE;
	}
12
13
14
	if(!$dbh) {
		$dbh = db_connect();
	}
15
16
17
18
	$q = "SELECT COUNT(ID) AS CNT ";
	$q.= "FROM PackageComments ";
	$q.= "WHERE ID = " . intval($comment_id);
	$q.= " AND UsersID = " . $uid;
canyonknight's avatar
canyonknight committed
19
	$result = $dbh->query($q);
20
	if ($result != NULL) {
canyonknight's avatar
canyonknight committed
21
		$row = $result->fetch(PDO::FETCH_ASSOC);
22
23
24
25
26
27
		if ($row['CNT'] > 0) {
			return TRUE;
		}
	}
	return FALSE;
}
eric's avatar
eric committed
28

29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Make sure this visitor can delete the requested package comment
# They can delete if they were the comment submitter, or if they are a TU/Dev
#
function canDeleteCommentArray($comment, $atype="", $uid=0) {
	if ($atype == "Trusted User" || $atype == "Developer") {
		# A TU/Dev can delete any comment
		return TRUE;
	} else if ($comment['UsersID'] == $uid) {
		# User's own comment
		return TRUE;
	}
	return FALSE;
}

eric's avatar
eric committed
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# see if this Users.ID can manage the package
#
function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) {
	if (!$uid) {return 0;}

	# The uid of the TU/Dev that manages the package
	#
	if ($uid == $AURMUID) {return 1;}

	# If the package isn't maintained by a TU/Dev, is this the user-maintainer?
	#
	if ($uid == $MUID && !$managed) {return 1;}

	# If the package isn't maintained by a TU/Dev, is this the user-submitter?
	#
	if ($uid == $SUID && !$managed) {return 1;}

	# otherwise, no right to manage this package
	#
	return 0;
}

65
66
67
68
69
70
71
72
73
74
75
76
# Check if the current user can submit blacklisted packages.
#
function canSubmitBlacklisted($atype = "") {
	if ($atype == "Trusted User" || $atype == "Developer") {
		# Only TUs/Devs can submit blacklisted packages.
		return TRUE;
	}
	else {
		return FALSE;
	}
}

eric's avatar
eric committed
77
78
# grab the current list of PackageCategories
#
79
function pkgCategories($dbh=NULL) {
eric's avatar
eric committed
80
	$cats = array();
81
82
83
	if(!$dbh) {
		$dbh = db_connect();
	}
84
	$q = "SELECT * FROM PackageCategories WHERE ID != 1 ";
eric's avatar
eric committed
85
	$q.= "ORDER BY Category ASC";
canyonknight's avatar
canyonknight committed
86
	$result = $dbh->query($q);
eric's avatar
eric committed
87
	if ($result) {
canyonknight's avatar
canyonknight committed
88
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
eric's avatar
eric committed
89
90
91
92
93
94
			$cats[$row[0]] = $row[1];
		}
	}
	return $cats;
}

95
96
# check to see if the package name exists
#
97
function pkgid_from_name($name="", $dbh=NULL) {
98
	if (!$name) {return NULL;}
99
100
101
	if(!$dbh) {
		$dbh = db_connect();
	}
102
	$q = "SELECT ID FROM Packages ";
canyonknight's avatar
canyonknight committed
103
104
105
106
107
108
	$q.= "WHERE Name = " . $dbh->quote($name);
	$result = $dbh->query($q);
	if (!$result) {
		return;
	}
	$row = $result->fetch(PDO::FETCH_NUM);
109
110
111
	return $row[0];
}

112
113
# grab package dependencies
#
114
function package_dependencies($pkgid, $dbh=NULL) {
115
	$deps = array();
116
117
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
118
119
120
		if(!$dbh) {
			$dbh = db_connect();
		}
Dan McGee's avatar
Dan McGee committed
121
122
123
124
		$q = "SELECT pd.DepName, pd.DepCondition, p.ID FROM PackageDepends pd ";
		$q.= "LEFT JOIN Packages p ON pd.DepName = p.Name ";
		$q.= "WHERE pd.PackageID = ". $pkgid . " ";
		$q.= "ORDER BY pd.DepName";
canyonknight's avatar
canyonknight committed
125
126
127
128
129
		$result = $dbh->query($q);
		if (!$result) {
			return array();
		}
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
130
131
132
133
134
135
			$deps[] = $row;
		}
	}
	return $deps;
}

136
function package_required($name="", $dbh=NULL) {
137
	$deps = array();
Dan McGee's avatar
Dan McGee committed
138
	if ($name != "") {
139
140
141
		if(!$dbh) {
			$dbh = db_connect();
		}
Dan McGee's avatar
Dan McGee committed
142
143
		$q = "SELECT p.Name, PackageID FROM PackageDepends pd ";
		$q.= "JOIN Packages p ON pd.PackageID = p.ID ";
canyonknight's avatar
canyonknight committed
144
		$q.= "WHERE DepName = " . $dbh->quote($name) . " ";
Dan McGee's avatar
Dan McGee committed
145
		$q.= "ORDER BY p.Name";
canyonknight's avatar
canyonknight committed
146
		$result = $dbh->query($q);
147
		if (!$result) {return array();}
canyonknight's avatar
canyonknight committed
148
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
149
150
151
152
153
154
			$deps[] = $row;
		}
	}
	return $deps;
}

155
# Return the number of comments for a specified package
156
function package_comments_count($pkgid, $dbh=NULL) {
canyonknight's avatar
canyonknight committed
157
158
159
160
	if (!$dbh) {
		$dbh = db_connect();
	}

161
162
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
163
164
165
		if(!$dbh) {
			$dbh = db_connect();
		}
166
		$q = "SELECT COUNT(*) FROM PackageComments ";
167
		$q.= "WHERE PackageID = " . $pkgid;
168
		$q.= " AND DelUsersID IS NULL";
169
	}
canyonknight's avatar
canyonknight committed
170
	$result = $dbh->query($q);
171
172
173
174
175

	if (!$result) {
		return;
	}

canyonknight's avatar
canyonknight committed
176
177
	$row = $result->fetch(PDO::FETCH_NUM);
	return $row[0];
178
179
180
}

# Return an array of package comments
181
function package_comments($pkgid, $dbh=NULL) {
eric's avatar
eric committed
182
	$comments = array();
183
184
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
185
186
187
		if(!$dbh) {
			$dbh = db_connect();
		}
188
		$q = "SELECT PackageComments.ID, UserName, UsersID, Comments, CommentTS ";
eric's avatar
eric committed
189
190
		$q.= "FROM PackageComments, Users ";
		$q.= "WHERE PackageComments.UsersID = Users.ID";
191
		$q.= " AND PackageID = " . $pkgid;
192
		$q.= " AND DelUsersID IS NULL"; # only display non-deleted comments
193
		$q.= " ORDER BY CommentTS DESC";
194
195
196
197
198

		if (!isset($_GET['comments'])) {
			$q.= " LIMIT 10";
		}

canyonknight's avatar
canyonknight committed
199
		$result = $dbh->query($q);
Loui Chang's avatar
Loui Chang committed
200
201
202
203
204

		if (!$result) {
			return;
		}

canyonknight's avatar
canyonknight committed
205
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
eric's avatar
eric committed
206
207
208
209
210
211
			$comments[] = $row;
		}
	}
	return $comments;
}

212
213
214
# Add a comment to a package page and send out appropriate notifications
# TODO: Move notification logic to separate function where it belongs
function add_package_comment($pkgid, $uid, $comment, $dbh=NULL) {
215
216
	global $AUR_LOCATION;

217
218
219
220
	if(!$dbh) {
		$dbh = db_connect();
	}

canyonknight's avatar
canyonknight committed
221
222
223
224
225
	$q = "INSERT INTO PackageComments ";
	$q.= "(PackageID, UsersID, Comments, CommentTS) VALUES (";
	$q.= intval($pkgid) . ", " . $uid . ", ";
	$q.= $dbh->quote($comment) . ", UNIX_TIMESTAMP())";
	$dbh->exec($q);
226
227

	# Send email notifications
canyonknight's avatar
canyonknight committed
228
229
230
231
232
233
	$q = "SELECT CommentNotify.*, Users.Email ";
	$q.= "FROM CommentNotify, Users ";
	$q.= "WHERE Users.ID = CommentNotify.UserID ";
	$q.= "AND CommentNotify.UserID != " . $uid . " ";
	$q.= "AND CommentNotify.PkgID = " . intval($pkgid);
	$result = $dbh->query($q);
234
235
	$bcc = array();

canyonknight's avatar
canyonknight committed
236
237
	if ($result) {
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
238
239
240
			array_push($bcc, $row['Email']);
		}

canyonknight's avatar
canyonknight committed
241
242
243
244
245
		$q = "SELECT Packages.* ";
		$q.= "FROM Packages ";
		$q.= "WHERE Packages.ID = " . intval($pkgid);
		$result = $dbh->query($q);
		$row = $result->fetch(PDO::FETCH_ASSOC);
246
247
248
249
250

		# TODO: native language emails for users, based on their prefs
		# Simply making these strings translatable won't work, users would be
		# getting emails in the language that the user who posted the comment was in
		$body =
251
		'from ' . $AUR_LOCATION . '/' . get_pkg_uri($row['Name']) . "\n"
252
253
254
255
256
257
258
259
260
261
		. username_from_sid($_COOKIE['AURSID'], $dbh) . " wrote:\n\n"
		. $comment
		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
		$body = wordwrap($body, 70);
		$bcc = implode(', ', $bcc);
		$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n";
		@mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers);
	}
}

262
263
# grab package sources
#
264
function package_sources($pkgid, $dbh=NULL) {
265
	$sources = array();
266
267
	$pkgid = intval($pkgid);
	if ($pkgid > 0) {
268
269
270
		if(!$dbh) {
			$dbh = db_connect();
		}
271
		$q = "SELECT Source FROM PackageSources ";
272
		$q.= "WHERE PackageID = " . $pkgid;
273
		$q.= " ORDER BY Source";
canyonknight's avatar
canyonknight committed
274
275
276
277
278
		$result = $dbh->query($q);
		if (!$result) {
			return array();
		}
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
279
280
281
282
283
284
			$sources[] = $row[0];
		}
	}
	return $sources;
}

285
286
287

# grab array of Package.IDs that I've voted for: $pkgs[1234] = 1, ...
#
288
function pkgvotes_from_sid($sid="", $dbh=NULL) {
289
290
	$pkgs = array();
	if (!$sid) {return $pkgs;}
291
292
293
	if(!$dbh) {
		$dbh = db_connect();
	}
294
295
296
297
	$q = "SELECT PackageID ";
	$q.= "FROM PackageVotes, Users, Sessions ";
	$q.= "WHERE Users.ID = Sessions.UsersID ";
	$q.= "AND Users.ID = PackageVotes.UsersID ";
canyonknight's avatar
canyonknight committed
298
299
	$q.= "AND Sessions.SessionID = " . $dbh->quote($sid);
	$result = $dbh->query($q);
300
	if ($result) {
canyonknight's avatar
canyonknight committed
301
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
302
303
304
305
306
307
			$pkgs[$row[0]] = 1;
		}
	}
	return $pkgs;
}

308
309
310
# array of package ids that you're being notified for
# *yoink*
#
311
function pkgnotify_from_sid($sid="", $dbh=NULL) {
312
313
	$pkgs = array();
	if (!$sid) {return $pkgs;}
314
315
316
	if(!$dbh) {
		$dbh = db_connect();
	}
317
318
319
320
	$q = "SELECT PkgID ";
	$q.= "FROM CommentNotify, Users, Sessions ";
	$q.= "WHERE Users.ID = Sessions.UsersID ";
	$q.= "AND Users.ID = CommentNotify.UserID ";
canyonknight's avatar
canyonknight committed
321
322
	$q.= "AND Sessions.SessionID = " . $dbh->quote($sid);
	$result = $dbh->query($q);
323
	if ($result) {
canyonknight's avatar
canyonknight committed
324
		while ($row = $result->fetch(PDO::FETCH_NUM)) {
325
326
327
328
329
			$pkgs[$row[0]] = 1;
		}
	}
	return $pkgs;
}
330

331
332
# get name of package based on pkgid
#
333
334
335
336
function pkgname_from_id($pkgids, $dbh=NULL) {
	if (is_array($pkgids)) {
		$pkgids = sanitize_ids($pkgids);
		$names = array();
337
338
339
		if(!$dbh) {
			$dbh = db_connect();
		}
canyonknight's avatar
canyonknight committed
340
341
342
343
344
		$q = "SELECT Name FROM Packages WHERE ID IN (";
		$q.= implode(",", $pkgids) . ")";
		$result = $dbh->query($q);
		if ($result) {
			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
345
346
347
348
349
350
351
352
353
354
				$names[] = $row['Name'];
			}
		}
		return $names;
	}
	elseif ($pkgids > 0) {
		if(!$dbh) {
			$dbh = db_connect();
		}
		$q = "SELECT Name FROM Packages WHERE ID = " . $pkgids;
canyonknight's avatar
canyonknight committed
355
356
357
		$result = $dbh->query($q);
		if ($result) {
			$name = $result->fetch(PDO::FETCH_NUM);
358
		}
canyonknight's avatar
canyonknight committed
359
		return $name[0];
360
361
362
	}
	else {
		return NULL;
363
364
365
	}
}

366
367
# Check if a package name is blacklisted.
#
368
369
370
371
function pkgname_is_blacklisted($name, $dbh=NULL) {
	if(!$dbh) {
		$dbh = db_connect();
	}
canyonknight's avatar
canyonknight committed
372
373
374
	$q = "SELECT COUNT(*) FROM PackageBlacklist ";
	$q.= "WHERE Name = " . $dbh->quote($name);
	$result = $dbh->query($q);
375
376

	if (!$result) return false;
canyonknight's avatar
canyonknight committed
377
	return ($result->fetch(PDO::FETCH_NUM) > 0);
378
379
}

eric's avatar
eric committed
380
381
# display package details
#
382
function package_details($id=0, $SID="", $dbh=NULL) {
Dan McGee's avatar
Dan McGee committed
383
	global $AUR_LOCATION;
384
	global $USE_VIRTUAL_URLS;
Dan McGee's avatar
Dan McGee committed
385

386
387
388
389
	if(!$dbh) {
		$dbh = db_connect();
	}

390
391
392
	$q = "SELECT Packages.*,Category ";
	$q.= "FROM Packages,PackageCategories ";
	$q.= "WHERE Packages.CategoryID = PackageCategories.ID ";
Loui Chang's avatar
Loui Chang committed
393
	$q.= "AND Packages.ID = " . intval($id);
canyonknight's avatar
canyonknight committed
394
	$result = $dbh->query($q);
eric's avatar
eric committed
395

canyonknight's avatar
canyonknight committed
396
	if (!$result) {
Dario Giovannetti's avatar
Dario Giovannetti committed
397
		print "<p>" . __("Error retrieving package details.") . "</p>\n";
398
399
	}
	else {
canyonknight's avatar
canyonknight committed
400
		$row = $result->fetch(PDO::FETCH_ASSOC);
eric's avatar
eric committed
401
		if (empty($row)) {
Dario Giovannetti's avatar
Dario Giovannetti committed
402
			print "<p>" . __("Package details could not be found.") . "</p>\n";
eric's avatar
eric committed
403

404
405
406
		}
		else {
			include('pkg_details.php');
eric's avatar
eric committed
407

simo's avatar
simo committed
408
409
			# Actions Bar
			if ($SID) {
Loui Chang's avatar
Loui Chang committed
410
				include('actions_form.php');
Lukas Fleischer's avatar
Lukas Fleischer committed
411
				if (isset($_REQUEST['comment']) && check_token()) {
412
413
414
					$uid = uid_from_sid($SID, $dbh);
					add_package_comment($id, $uid, $_REQUEST['comment'], $dbh);
				}
415
				include('pkg_comment_form.php');
simo's avatar
simo committed
416
			}
417

418
			# Print Comments
419
			$comments = package_comments($id, $dbh);
eric's avatar
eric committed
420
			if (!empty($comments)) {
421
				include('pkg_comments.php');
eric's avatar
eric committed
422
			}
eric's avatar
eric committed
423
424
425
426
427
428
		}
	}
	return;
}


Simo Leone's avatar
Simo Leone committed
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
/* pkg_search_page(SID)
 * outputs the body of search/search results page
 *
 * parameters:
 *  SID - current Session ID
 * preconditions:
 *  package search page has been accessed
 *  request variables have not been sanitized
 *
 *  request vars:
 *    O  - starting result number
 *    PP - number of search hits per page
 *    C  - package category ID number
 *    K  - package search string
 *    SO - search hit sort order:
 *          values: a - ascending
 *                  d - descending
 *    SB - sort search hits by:
447
 *          values: c - package category
Simo Leone's avatar
Simo Leone committed
448
449
450
451
 *                  n - package name
 *                  v - number of votes
 *                  m - maintainer username
 *    SeB- property that search string (K) represents
Andrea Scarpino's avatar
Andrea Scarpino committed
452
453
 *          values: n  - package name
 *                  nd - package name & description
454
 *                  x  - package name (exact match)
Simo Leone's avatar
Simo Leone committed
455
456
457
458
459
460
461
462
463
464
465
466
467
468
 *                  m  - package maintainer's username
 *                  s  - package submitter's username
 *    do_Orphans    - boolean. whether to search packages
 *                     without a maintainer
 *
 *
 *    These two are actually handled in packages.php.
 *
 *    IDs- integer array of ticked packages' IDs
 *    action - action to be taken on ticked packages
 *             values: do_Flag   - Flag out-of-date
 *                     do_UnFlag - Remove out-of-date flag
 *                     do_Adopt  - Adopt
 *                     do_Disown - Disown
469
 *                     do_Delete - Delete (requires confirm_Delete to be set)
470
471
 *                     do_Notify - Enable notification
 *                     do_UnNotify - Disable notification
Simo Leone's avatar
Simo Leone committed
472
 */
473
474
475
476
function pkg_search_page($SID="", $dbh=NULL) {
	if(!$dbh) {
		$dbh = db_connect();
	}
Loui Chang's avatar
Loui Chang committed
477
478
479
480
481

	// get commonly used variables...
	// TODO: REDUCE DB HITS.
	// grab info for user if they're logged in
	if ($SID)
482
		$myuid = uid_from_sid($SID, $dbh);
Loui Chang's avatar
Loui Chang committed
483
	// get a list of package categories
484
	$cats = pkgCategories($dbh); //meow
Loui Chang's avatar
Loui Chang committed
485
486
487
488
489
490
491
492
493
494
495
496
497
498

	// sanitize paging variables
	//
	if (isset($_GET['O'])) {
		$_GET['O'] = intval($_GET['O']);
		if ($_GET['O'] < 0)
			$_GET['O'] = 0;
	}
	else {
		$_GET['O'] = 0;
	}

	if (isset($_GET["PP"])) {
		$_GET["PP"] = intval($_GET["PP"]);
499
500
501
502
		if ($_GET["PP"] < 50)
			$_GET["PP"] = 50;
		else if ($_GET["PP"] > 250)
			$_GET["PP"] = 250;
Loui Chang's avatar
Loui Chang committed
503
504
	}
	else {
505
		$_GET["PP"] = 50;
Loui Chang's avatar
Loui Chang committed
506
507
508
509
510
511
512
513
	}

	// FIXME: pull out DB-related code. all of it.
	//        this one's worth a choco-chip cookie,
	//        one of those nice big soft ones

	// build the package search query
	//
514
	$q_select = "SELECT ";
Loui Chang's avatar
Loui Chang committed
515
	if ($SID) {
516
		$q_select .= "CommentNotify.UserID AS Notify,
517
			   PackageVotes.UsersID AS Voted, ";
Loui Chang's avatar
Loui Chang committed
518
	}
519
	$q_select .= "Users.Username AS Maintainer,
Loui Chang's avatar
Loui Chang committed
520
521
	PackageCategories.Category,
	Packages.Name, Packages.Version, Packages.Description, Packages.NumVotes,
522
	Packages.ID, Packages.OutOfDateTS ";
Loui Chang's avatar
Loui Chang committed
523

524
	$q_from = "FROM Packages
525
526
527
	LEFT JOIN Users ON (Packages.MaintainerUID = Users.ID)
	LEFT JOIN PackageCategories
	ON (Packages.CategoryID = PackageCategories.ID) ";
Loui Chang's avatar
Loui Chang committed
528
	if ($SID) {
529
530
		# this portion is not needed for the total row count query
		$q_from_extra = "LEFT JOIN PackageVotes
Loui Chang's avatar
Loui Chang committed
531
532
533
		ON (Packages.ID = PackageVotes.PackageID AND PackageVotes.UsersID = $myuid)
		LEFT JOIN CommentNotify
		ON (Packages.ID = CommentNotify.PkgID AND CommentNotify.UserID = $myuid) ";
534
535
	} else {
		$q_from_extra = "";
Loui Chang's avatar
Loui Chang committed
536
537
	}

Dan McGee's avatar
Dan McGee committed
538
	$q_where = "WHERE 1 = 1 ";
539
540
	// TODO: possibly do string matching on category
	//       to make request variable values more sensible
541
	if (isset($_GET["C"]) && intval($_GET["C"])) {
542
		$q_where .= "AND Packages.CategoryID = ".intval($_GET["C"])." ";
Loui Chang's avatar
Loui Chang committed
543
544
	}

545
	if (isset($_GET['K'])) {
Loui Chang's avatar
Loui Chang committed
546
		# Search by maintainer
547
		if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
canyonknight's avatar
canyonknight committed
548
			$q_where .= "AND Users.Username = " . $dbh->quote($_GET['K']) . " ";
Loui Chang's avatar
Loui Chang committed
549
		}
Andrea Scarpino's avatar
Andrea Scarpino committed
550
		# Search by submitter
551
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") {
552
			$q_where .= "AND SubmitterUID = ".uid_from_username($_GET['K'], $dbh)." ";
Loui Chang's avatar
Loui Chang committed
553
		}
554
		# Search by name
555
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") {
canyonknight's avatar
canyonknight committed
556
557
			$K = "%" . addcslashes($_GET['K'], '%_') . "%";
			$q_where .= "AND (Name LIKE " . $dbh->quote($K) . ") ";
Andrea Scarpino's avatar
Andrea Scarpino committed
558
		}
559
560
		# Search by name (exact match)
		elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "x") {
canyonknight's avatar
canyonknight committed
561
			$q_where .= "AND (Name = " . $dbh->quote($_GET['K']) . ") ";
562
		}
Andrea Scarpino's avatar
Andrea Scarpino committed
563
		# Search by name and description (Default)
Loui Chang's avatar
Loui Chang committed
564
		else {
canyonknight's avatar
canyonknight committed
565
566
567
			$K = "%" . addcslashes($_GET['K'], '%_') . "%";
			$q_where .= "AND (Name LIKE " . $dbh->quote($K) . " OR ";
			$q_where .= "Description LIKE " . $dbh->quote($K) . ") ";
Loui Chang's avatar
Loui Chang committed
568
569
570
		}
	}

571
	if (isset($_GET["do_Orphans"])) {
572
		$q_where .= "AND MaintainerUID IS NULL ";
Loui Chang's avatar
Loui Chang committed
573
	}
574

575
	if (isset($_GET['outdated'])) {
576
		if ($_GET['outdated'] == 'on') {
577
			$q_where .= "AND OutOfDateTS IS NOT NULL ";
578
579
		}
		elseif ($_GET['outdated'] == 'off') {
580
			$q_where .= "AND OutOfDateTS IS NULL ";
581
		}
582
583
	}

584
	$order = (isset($_GET["SO"]) && $_GET["SO"] == 'd') ? 'DESC' : 'ASC';
Loui Chang's avatar
Loui Chang committed
585

586
	$q_sort = "ORDER BY Name ".$order." ";
587
588
	$sort_by = isset($_GET["SB"]) ? $_GET["SB"] : '';
	switch ($sort_by) {
Loui Chang's avatar
Loui Chang committed
589
	case 'c':
590
		$q_sort = "ORDER BY CategoryID ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
591
592
		break;
	case 'v':
593
		$q_sort = "ORDER BY NumVotes ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
594
		break;
595
596
	case 'w':
		if ($SID) {
597
			$q_sort = "ORDER BY Voted ".$order.", Name ASC ";
598
599
600
601
		}
		break;
	case 'o':
		if ($SID) {
602
			$q_sort = "ORDER BY Notify ".$order.", Name ASC ";
603
604
		}
		break;
Loui Chang's avatar
Loui Chang committed
605
	case 'm':
606
		$q_sort = "ORDER BY Maintainer ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
607
608
		break;
	case 'a':
609
		$q_sort = "ORDER BY ModifiedTS ".$order.", Name ASC ";
Loui Chang's avatar
Loui Chang committed
610
611
612
613
614
		break;
	default:
		break;
	}

615
	$q_limit = "LIMIT ".$_GET["PP"]." OFFSET ".$_GET["O"];
616

617
618
	$q = $q_select . $q_from . $q_from_extra . $q_where . $q_sort . $q_limit;
	$q_total = "SELECT COUNT(*) " . $q_from . $q_where;
Loui Chang's avatar
Loui Chang committed
619

canyonknight's avatar
canyonknight committed
620
621
	$result = $dbh->query($q);
	$result_t = $dbh->query($q_total);
622
	if ($result_t) {
canyonknight's avatar
canyonknight committed
623
624
		$row = $result_t->fetch(PDO::FETCH_NUM);
		$total = $row[0];
625
626
627
628
	}
	else {
		$total = 0;
	}
Simo Leone's avatar
Simo Leone committed
629

630
	if ($result && $total > 0) {
631
632
		if (isset($_GET["SO"]) && $_GET["SO"] == "d"){
			$SO_next = "a";
Loui Chang's avatar
Loui Chang committed
633
634
		}
		else {
635
			$SO_next = "d";
Loui Chang's avatar
Loui Chang committed
636
		}
637
	}
Simo Leone's avatar
Simo Leone committed
638

639
	// figure out the results to use
Loui Chang's avatar
Loui Chang committed
640
	$first = $_GET['O'] + 1;
Simo Leone's avatar
Simo Leone committed
641

Loui Chang's avatar
Loui Chang committed
642
643
644
645
646
	if (($_GET['PP'] + $_GET['O']) > $total) {
		$last = $total;
	} else {
		$last = $_GET['PP'] + $_GET['O'];
	}
647

648
649
650
651
652
	# calculation of pagination links
	$per_page = ($_GET['PP'] > 0) ? $_GET['PP'] : 50;
	$current = ceil($first / $per_page);
	$pages = ceil($total / $per_page);
	$templ_pages = array();
653

654
	if ($current > 1) {
655
656
		$templ_pages['&laquo; ' . __('First')] = 0;
		$templ_pages['&lsaquo; ' . __('Previous')] = ($current - 2) * $per_page;
657
	}
658

659
660
	if ($current - 5 > 1)
		$templ_pages["..."] = false;
661

662
663
664
	for ($i = max($current - 5, 1); $i <= min($pages, $current + 5); $i++) {
		$templ_pages[$i] = ($i - 1) * $per_page;
	}
665

666
667
	if ($current + 5 < $pages)
		$templ_pages["... "] = false;
668

669
	if ($current < $pages) {
670
671
		$templ_pages[__('Next') . ' &rsaquo;'] = $current * $per_page;
		$templ_pages[__('Last') . ' &raquo;'] = ($pages - 1) * $per_page;
672
	}
Simo Leone's avatar
Simo Leone committed
673

674
	include('pkg_search_form.php');
675

canyonknight's avatar
canyonknight committed
676
677
678
679
	if ($result) {
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
			$searchresults[] = $row;
		}
680
681
	}

682
683
	include('pkg_search_results.php');

Loui Chang's avatar
Loui Chang committed
684
	return;
eric's avatar
eric committed
685
686
}

Dan McGee's avatar
Dan McGee committed
687
688
689
690
691
function current_action($action) {
	return (isset($_POST['action']) && $_POST['action'] == $action) ||
		isset($_POST[$action]);
}

692
693
694
695
696
697
698
699
700
701
702
703
704
705
/**
 * Ensure an array of IDs is in fact all valid integers.
 */
function sanitize_ids($ids) {
	$new_ids = array();
	foreach ($ids as $id) {
		$id = intval($id);
		if ($id > 0) {
			$new_ids[] = $id;
		}
	}
	return $new_ids;
}

706
707
708
709
/**
 * Flag and un-flag packages out-of-date
 *
 * @param string $atype Account type, output of account_from_sid
710
 * @param array $ids Array of package IDs to flag/unflag
711
 * @param boolean $action true flags out-of-date, false un-flags. Flags by
712
713
714
715
 * default
 *
 * @return string Translated success or error messages
 */
716
function pkg_flag ($atype, $ids, $action=true, $dbh=NULL) {
Dan McGee's avatar
Dan McGee committed
717
718
	global $AUR_LOCATION;

719
720
721
722
723
724
725
726
	if (!$atype) {
		if ($action) {
			return __("You must be logged in before you can flag packages.");
		} else {
			return __("You must be logged in before you can unflag packages.");
		}
	}

727
	$ids = sanitize_ids($ids);
728
729
730
731
732
733
734
735
	if (empty($ids)) {
		if ($action) {
			return __("You did not select any packages to flag.");
		} else {
			return __("You did not select any packages to unflag.");
		}
	}

736
737
738
	if(!$dbh) {
		$dbh = db_connect();
	}
739

740
741
742
743
744
745
746
	$q = "UPDATE Packages SET";
	if ($action) {
		$q.= " OutOfDateTS = UNIX_TIMESTAMP()";
	}
	else {
		$q.= " OutOfDateTS = NULL";
	}
747
	$q.= " WHERE ID IN (" . implode(",", $ids) . ")";
748

749
750
751
752
	if (!$action && ($atype != "Trusted User" && $atype != "Developer")) {
		$q.= "AND MaintainerUID = " . uid_from_sid($_COOKIE["AURSID"], $dbh);
	}

canyonknight's avatar
canyonknight committed
753
	$dbh->exec($q);
754
755
756

	if ($action) {
		# Notify of flagging by email
757
758
759
		$f_name = username_from_sid($_COOKIE['AURSID'], $dbh);
		$f_email = email_from_sid($_COOKIE['AURSID'], $dbh);
		$f_uid = uid_from_sid($_COOKIE['AURSID'], $dbh);
760
761
		$q = "SELECT Packages.Name, Users.Email, Packages.ID ";
		$q.= "FROM Packages, Users ";
762
		$q.= "WHERE Packages.ID IN (" . implode(",", $ids) .") ";
763
764
		$q.= "AND Users.ID = Packages.MaintainerUID ";
		$q.= "AND Users.ID != " . $f_uid;
canyonknight's avatar
canyonknight committed
765
766
767
		$result = $dbh->query($q);
		if ($result) {
			while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
768
				# construct email
769
				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . "/" . get_pkg_uri($row['Name']) . "\n\n[1] - " . $AUR_LOCATION . "/" . get_user_uri($f_name);
770
				$body = wordwrap($body, 70);
771
772
				$headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n";
				@mail($row['Email'], "AUR Out-of-date Notification for ".$row['Name'], $body, $headers);
773
774
775
776
777
778
779
780
781
782
			}
		}
	}

	if ($action) {
		return __("The selected packages have been flagged out-of-date.");
	} else {
		return __("The selected packages have been unflagged.");
	}
}
783

784
785
786
787
/**
 * Delete packages
 *
 * @param string $atype Account type, output of account_from_sid
788
 * @param array $ids Array of package IDs to delete
789
 * @param int $mergepkgid Package to merge the deleted ones into
790
791
792
 *
 * @return string Translated error or success message
 */
793
function pkg_delete ($atype, $ids, $mergepkgid, $dbh=NULL) {
794
	if (!$atype) {
795
		return __("You must be logged in before you can delete packages.");
796
797
798
	}

	# If they're a TU or dev, can delete
799
800
	if ($atype != "Trusted User" && $atype != "Developer") {
		return __("You do have permission to delete packages.");
801
802
	}

803
	$ids = sanitize_ids($ids);
804
805
	if (empty($ids)) {
		return __("You did not select any packages to delete.");
806
807
	}

808
809
810
	if(!$dbh) {
		$dbh = db_connect();
	}
811

812
813
814
815
816
817
	if ($mergepkgid) {
		$mergepkgname = pkgname_from_id($mergepkgid, $dbh);
	}

	# Send email notifications
	foreach ($ids as $pkgid) {
canyonknight's avatar
canyonknight committed
818
819
820
821
822
823
		$q = "SELECT CommentNotify.*, Users.Email ";
		$q.= "FROM CommentNotify, Users ";
		$q.= "WHERE Users.ID = CommentNotify.UserID ";
		$q.= "AND CommentNotify.UserID != " . uid_from_sid($_COOKIE['AURSID']) . " ";
		$q.= "AND CommentNotify.PkgID = " . $pkgid;
		$result = $dbh->query($q);
824
825
		$bcc = array();

canyonknight's avatar
canyonknight committed
826
		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
827
828
829
830
831
832
833
834
835
836
837
			array_push($bcc, $row['Email']);
		}
		if (!empty($bcc)) {
			$pkgname = pkgname_from_id($pkgid);

			# TODO: native language emails for users, based on their prefs
			# Simply making these strings translatable won't work, users would be
			# getting emails in the language that the user who posted the comment was in
			$body = "";
			if ($mergepkgid) {
				$body .= username_from_sid($_COOKIE['AURSID']) . " merged \"".$pkgname."\" into \"$mergepkgname\".\n\n";
838
				$body .= "You will no longer receive notifications about this package, please go to https://aur.archlinux.org/" . get_pkg_uri($mergepkgname) . " and click the Notify button if you wish to recieve them again.";
839
840
841
842
843
844
845
			} else {
				$body .= username_from_sid($_COOKIE['AURSID']) . " deleted \"".$pkgname."\".\n\n";
				$body .= "You will no longer receive notifications about this package.";
			}
			$body = wordwrap($body, 70);
			$bcc = implode(', ', $bcc);
			$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n";
846
			@mail('undisclosed-recipients: ;', "AUR Package deleted: " . $pkgname, $body, $headers);
847
848
849
		}
	}

850
851
852
853
854
	if ($mergepkgid) {
		/* Merge comments */
		$q = "UPDATE PackageComments ";
		$q.= "SET PackageID = " . intval($mergepkgid) . " ";
		$q.= "WHERE PackageID IN (" . implode(",", $ids) . ")";
canyonknight's avatar
canyonknight committed
855
		$dbh->exec($q);
856
857
858
859
860
861
862
863
864
865
866

		/* Merge votes */
		foreach ($ids as $pkgid) {
			$q = "UPDATE PackageVotes ";
			$q.= "SET PackageID = " . intval($mergepkgid) . " ";
			$q.= "WHERE PackageID = " . $pkgid . " ";
			$q.= "AND UsersID NOT IN (";
			$q.= "SELECT * FROM (SELECT UsersID ";
			$q.= "FROM PackageVotes ";
			$q.= "WHERE PackageID = " . intval($mergepkgid);
			$q.= ") temp)";
canyonknight's avatar
canyonknight committed
867
			$dbh->exec($q);
868
869
870
871
872
873
		}

		$q = "UPDATE Packages ";
		$q.= "SET NumVotes = (SELECT COUNT(*) FROM PackageVotes ";
		$q.= "WHERE PackageID = " . intval($mergepkgid) . ") ";
		$q.= "WHERE ID = " . intval($mergepkgid);
canyonknight's avatar
canyonknight committed
874
		$dbh->exec($q);
875
876
	}

877
	$q = "DELETE FROM Packages WHERE ID IN (" . implode(",", $ids) . ")";
canyonknight's avatar
canyonknight committed
878
	$result = $dbh->exec($q);
879
880
881

	return __("The selected packages have been deleted.");
}
882

883
884
885
886
/**
 * Adopt or disown packages
 *
 * @param string $atype Account type, output of account_from_sid
887
 * @param array $ids Array of package IDs to adopt/disown
888
889
890
891
 * @param boolean $action Adopts if true, disowns if false. Adopts by default
 *
 * @return string Translated error or success message
 */
892
function pkg_adopt ($atype, $ids, $action=true, $dbh=NULL) {
893
894
895
896
897
898
899
900
	if (!$atype) {
		if ($action) {
			return __("You must be logged in before you can adopt packages.");
		} else {
			return __("You must be logged in before you can disown packages.");
		}
	}

901
	$ids = sanitize_ids($ids);
902
903
904
905
906
907
908
909
	if (empty($ids)) {
		if ($action) {
			return __("You did not select any packages to adopt.");
		} else {
			return __("You did not select any packages to disown.");
		}
	}

910
911
912
	if(!$dbh) {
		$dbh = db_connect();
	}
913
914
915
916
917

	$field = "MaintainerUID";
	$q = "UPDATE Packages ";

	if ($action) {
918
		$user = uid_from_sid($_COOKIE["AURSID"], $dbh);
919
	} else {
920
		$user = 'NULL';
921
922
923
	}

	$q.= "SET $field = $user ";
924
	$q.= "WHERE ID IN (" . implode(",", $ids) . ") ";
925
926
927

	if ($action && $atype == "User") {
		# Regular users may only adopt orphan packages from unsupported
928
		$q.= "AND $field IS NULL ";
929
	} else if ($atype == "User") {
930
		$q.= "AND $field = " . uid_from_sid($_COOKIE["AURSID"], $dbh);
931
932
	}

canyonknight's avatar
canyonknight committed
933
	$dbh->exec($q);
934
935

	if ($action) {
936
		pkg_notify(account_from_sid($_COOKIE["AURSID"], $dbh), $ids, $dbh);
937
938
939
940
941
		return __("The selected packages have been adopted.");
	} else {
		return __("The selected packages have been disowned.");
	}
}
942

943
944
945
946
/**
 * Vote and un-vote for packages
 *
 * @param string $atype Account type, output of account_from_sid
947
 * @param array $ids Array of package IDs to vote/un-vote
948
949
950
951
 * @param boolean $action Votes if true, un-votes if false. Votes by default
 *
 * @return string Translated error or success message
 */
952
function pkg_vote ($atype, $ids, $action=true, $dbh=NULL) {
953
954
955
956
957
958
959
960
	if (!$atype) {
		if ($action) {
			return __("You must be logged in before you can vote for packages.");
		} else {
			return __("You must be logged in before you can un-vote for packages.");
		}
	}

961
	$ids = sanitize_ids($ids);
962
963
964
965
966
967
968
969
	if (empty($ids)) {
		if ($action) {
			return __("You did not select any packages to vote for.");
		} else {
			return __("Your votes have been removed from the selected packages.");
		}
	}

970
971
972
973
974
	if(!$dbh) {
		$dbh = db_connect();
	}
	$my_votes = pkgvotes_from_sid($_COOKIE["AURSID"], $dbh);
	$uid = uid_from_sid($_COOKIE["AURSID"], $dbh);
975
976

	$first = 1;
977
	foreach ($ids as $pid) {
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
		if ($action) {
			$check = !isset($my_votes[$pid]);
		} else {
			$check = isset($my_votes[$pid]);
		}

		if ($check) {
			if ($first) {
				$first = 0;
				$vote_ids = $pid;
				if ($action) {
					$vote_clauses = "($uid, $pid)";
				}
			} else {
				$vote_ids .= ", $pid";
				if ($action) {
					$vote_clauses .= ", ($uid, $pid)";
				}
			}
		}
	}

	# only vote for packages the user hasn't already voted for
For faster browsing, not all history is shown. View entire blame