This project is mirrored from https://:*****@gitlab.archlinux.org/archlinux/aurweb.git.
Pull mirroring updated .
- 06 Feb, 2014 2 commits
-
-
Lukas Fleischer authored
Signed-off-by:Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
* Use C-style comments (/* */) instead of #. * Remove some superfluous comments and slightly reword others. Signed-off-by:
-
- 01 Feb, 2014 1 commit
-
-
Lukas Fleischer authored
Instead of using a random secondary order, sort by the ID of the last vote first, then by user name. Signed-off-by:
-
- 20 Jan, 2014 1 commit
-
-
canyonknight authored
Signed-off-by:
canyonknight <canyonknight@gmail.com> Signed-off-by:
-
- 27 Aug, 2013 2 commits
-
-
Lukas Fleischer authored
Do not show users that took part in past TU votes but no longer have TU powers. Also, fix the sorting column while we're touching these lines. Signed-off-by: -
Lukas Fleischer authored
Showing running votes potentially allows for tracking votes and associating yes/no/abstain votes with specific TUs. Signed-off-by:
-
- 26 Aug, 2013 1 commit
-
-
Lukas Fleischer authored
This shows a list of all Trusted Users and the vote ID of the last proposal each of the TUs voted on. This list is sorted by vote ID. Signed-off-by:
-
- 22 Aug, 2013 3 commits
-
-
Lukas Fleischer authored
There are only four valid reasons for starting a TU vote, so instead of letting the user choose a vote length, let her pick a reason and set vote length and quorum based on that selection. Signed-off-by: -
Lukas Fleischer authored
This will be used for automated calculation of vote participation later. Signed-off-by: -
Lukas Fleischer authored
This adds a field to the users table and corresponding fields to the account edit and display forms that allow for setting an (in-)activity status. This might turn out to be useful if a user is on vacation and can not respond to update/orphan/deletion requests. Signed-off-by:
-
- 24 Apr, 2013 1 commit
-
-
canyonknight authored
The search_accounts_form() wrapper function doesn't have any arguments and only makes it unclear what is happening within account.php Signed-off-by:
-
- 25 Mar, 2013 1 commit
-
-
Lukas Fleischer authored
A user might have an empty password due to two reasons: * The user just created an account and needs to set an initial password. * The password has been reset by the administrator. In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases. Signed-off-by:
-
- 24 Mar, 2013 1 commit
-
-
canyonknight authored
Adds a new is_ipbanned() function to determine whether the user attempting to login or register for an account has their IP address listed in the "Bans" table. Signed-off-by:
-
- 21 Mar, 2013 2 commits
-
-
Lukas Fleischer authored
Save the IP address used for the last login in the "Users" table. This makes it a bit easier to create IP ban lists for spammers without looking at web server logs. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- 19 Mar, 2013 2 commits
-
-
Lukas Fleischer authored
If an empty password is passed during account registration, login for the new user is disabled and a reset key is sent to the new user's e-mail address so that they can set an initial password manually. Signed-off-by: -
Lukas Fleischer authored
This allows for reusing reset key submission for other things, such as sending an initial password reset code during account registration. Signed-off-by:
-
- 10 Feb, 2013 4 commits
-
-
canyonknight authored
Large amount of boilerplate code that checks if a database connection exists is useless now that the new connection method automatically does the same check. Signed-off-by:
-
canyonknight authored
Signed-off-by: -
canyonknight authored
All functions now have a database connection method that will use the same database connection. This imitates the functionality of passing a database connection as an argument and makes it redundant. Signed-off-by:
-
canyonknight authored
Uses the Singleton pattern to ensure all queries use the same database connection that is released upon script completion. All database connections should now be called with DB::connect() and not db_connect(). Signed-off-by:
-
- 30 Jan, 2013 3 commits
-
-
canyonknight authored
An error message is printed when the number of affected rows is 0 for an edited account. A count of 0 doesn't imply an error, only that no changes were made in the database. Signed-off-by:
-
canyonknight authored
A suspended user can stay in active sessions. Introduce new function delete_user_sessions to remove all open sessions for a specific user. Allows suspensions to take effect immediately. Signed-off-by:
-
canyonknight authored
The function is only determining whether a username is valid, so it makes more sense to simply return a boolean value. Signed-off-by:
-
- 29 Nov, 2012 2 commits
-
-
canyonknight authored
A check is only done to verify a Trusted User isn't promoting their account. An attacker can send tampered account type POST data to change their "User" level account to a "Developer" account. Add check so that all users cannot increase their own account permissions. Signed-off-by:
-
canyonknight authored
Checks are in place to avoid users getting account editing forms they shouldn't have access to. The appropriate checks before editing the account in the backend are not in place. This vulnerability allows a user to craft malicious POST data to edit other user accounts, thereby allowing account hijacking. Add a new flexible function can_edit_account() to determine if a user has appropriate permissions. Run the permission check before processing any account information in the backend. Signed-off-by:
-
- 08 Oct, 2012 1 commit
-
-
Lukas Fleischer authored
* Change voters_list() to return an array of voters instead of generating HTML code in the library call. * Change the template to generate HTML code for the list of voters instead of displaying the library's return value. * Use HTML lists. Signed-off-by:
-
- 24 Sep, 2012 2 commits
-
-
Lukas Fleischer authored
* Use "<label>"/"</label>" for form labels. * Use "<strong>"/"</strong>" for important text. * Use "<h4>"/"</h4>" for headings. * Drop "<b>"/"</b>" everywhere else. Signed-off-by: -
canyonknight authored
Signed-off-by:
-
- 17 Sep, 2012 4 commits
-
-
canyonknight authored
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by:
-
canyonknight authored
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by:
-
canyonknight authored
Signed-off-by:
-
canyonknight authored
All DB code currently uses the quickly aging mysql_* functions. These functions are strongly discouraged and may eventually be deprecated. Transition all code to utilize the PDO data access abstraction layer. PDO allows for consistent query code across multiple databases. This could potentially allow for someone to use a database other than MySQL with minimal code changes. All functions and behaviors are reproduced as faithfully as possible with PDO equivalents and some changes in code. Signed-off-by:
-
- 15 Jul, 2012 2 commits
-
-
Lukas Fleischer authored
Jump to the home page instead of displaying a page that only tells you that you're logged in. Signed-off-by: -
Lukas Fleischer authored
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by:
-
- 14 Jul, 2012 1 commit
-
-
canyonknight authored
Fixes broken account suspension system. Signed-off-by:
-
- 08 Jul, 2012 1 commit
-
-
Lukas Fleischer authored
Initialize the "$details" and "$whovoted" variables with an empty array/string to suppress a "Undefined variable" notice if the votes/voters list is empty. Signed-off-by:
-
- 06 Jul, 2012 3 commits
-
-
canyonknight authored
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML out of the display_account_info function that echoes the code, and moves it to the new account_details.php template file. Signed-off-by:
-
canyonknight authored
Signed-off-by:
-
canyonknight authored
Signed-off-by:
-
