Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to
reduce noise in templates.

Note that as of PHP 5.4.0, "<?=" is always available and no longer
requires "short_open_tag" to be set.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

* Move DB code in tu.php and tu.php and tu_list.php to new functions in
accfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

* Change all boxes and other CSS to match archweb
* General fixups in XHTML formatting
* Change results table to match color scheme everywhere else
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

A mix of logical operator styles are currently in use. The predominant style
uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency
is minor, but is easily avoided.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.

Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Lukas: Add note to "UPGRADING".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

fixes php notice level error:
  Undefined variable: whovoted in ../tu.php
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Increases compatibility with standard SQL dialect.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Fix a lot of invalid XHTML in the templates and actions. There might
still be some legacy code left, but this should cover most of it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Also make syntax more straightforward.
'asc' is ascending, rather than 'up'.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

This patch lists who voted on a proposal after the proposal is closed.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Show ten votes per page instead of five.
Change the vote preview to 75 characters so entries fit better
in the table.
Remove [More] links and make the description itself a link.
Clean up a couple notices.
Send unauthorised users to index.php.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>

All the strings are set up to be translated now, HTML of tu.php has been
moved to templates and the worst of it rewritten (there's no longer a
massive function in it)
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Loui Chang <louipc.ist@gmail.com>

Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>

Added support for TU voting through AUR
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>