external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'maint'

Browse source
This commit is contained in:
Lukas Fleischer 2012-12-07 23:24:22 +01:00
commit fce4f36e4f
3 changed files with 52 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
INSTALL
View file

@ -44,39 +44,37 @@ Setup on Arch Linux:
5) Configure PHP 5) Configure PHP
Make sure you have mysql and json enabled in PHP. Make sure you have mysql and json enabled in PHP.
- Edit php.ini and uncomment/add these lines: - Edit php.ini and uncomment/add this line:
extension=pdo_mysql.so extension=pdo_mysql.so
extension=json.so
If those php extensions are separate packages on your system, install If this PHP extension is a separate package on your system, install it.
them.
6) Configure MySQL 6) Configure MySQL
- Start the MySQL service. Example: - Start the MySQL service. Example:
# /etc/rc.d/mysqld start # systemctl start mysqld
- Create database - Create database
# mysqladmin -p create AUR # mysqladmin -p create AUR
- Connect to the mysql client - Connect to the mysql client
# mysql -uroot -p AUR $ mysql -uroot -p AUR
- Issue the following commands to the mysql client - Issue the following commands to the mysql client
mysql> GRANT ALL PRIVILEGES ON AUR.* to aur@localhost mysql> GRANT ALL PRIVILEGES ON AUR.* to aur@localhost
> identified by 'aur'; -> identified by 'aur';
mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
mysql> quit mysql> quit
- Load the schema file - Load the schema file
# mysql -uaur -p AUR < ~/aur/support/schema/aur-schema.sql $ mysql -uaur -p AUR < ~/aur/support/schema/aur-schema.sql
(give password 'aur' at the prompt) (give password 'aur' at the prompt)
- Optionally load some test data for development purposes. - Optionally load some test data for development purposes.
# pacman -S words mysql-python # pacman -S words fortune-mod
# cd ~/aur/support/schema/ $ cd ~/aur/support/schema/
# python gendummydata.py dummy-data.sql $ python gendummydata.py dummy-data.sql
# bzip2 dummy-data.sql $ bzip2 dummy-data.sql
# bzcat dummy-data.sql.bz2 | mysql -uaur -p AUR $ bzcat dummy-data.sql.bz2 | mysql -uaur -p AUR
(give password 'aur' at the prompt) (give password 'aur' at the prompt)
If your test data consists of real people and real email addresses consider If your test data consists of real people and real email addresses consider
@ -85,7 +83,7 @@ Setup on Arch Linux:
mysql> UPDATE Users SET Email = RAND() * RAND(); mysql> UPDATE Users SET Email = RAND() * RAND();
7) Copy the config.inc.php.proto file to config.inc.php. Modify as needed. 7) Copy the config.inc.php.proto file to config.inc.php. Modify as needed.
# cd ~/aur/web/lib/ $ cd ~/aur/web/lib/
# cp config.inc.php.proto config.inc.php $ cp config.inc.php.proto config.inc.php
8) Point your browser to http://aur 8) Point your browser to http://aur

11
web/html/account.php
View file

@ -73,9 +73,14 @@ if (isset($_COOKIE["AURSID"])) {
} }
} elseif ($action == "UpdateAccount") { } elseif ($action == "UpdateAccount") {
# user is submitting their modifications to an existing account $uid = uid_from_sid($_COOKIE['AURSID']);
#
if (check_token()) { /* Details for account being updated */
$acctinfo = account_details(in_request('ID'), in_request('U'));
/* Verify user permissions and that the request is a valid POST */
if (can_edit_account($atype, $acctinfo, $uid) && check_token()) {
/* Update the details for the existing account */
process_account_form($atype, "edit", "UpdateAccount", process_account_form($atype, "edit", "UpdateAccount",
in_request("U"), in_request("T"), in_request("S"), in_request("U"), in_request("T"), in_request("S"),
in_request("E"), in_request("P"), in_request("C"), in_request("E"), in_request("P"), in_request("C"),

33
web/lib/acctfuncs.inc.php
View file

@ -145,8 +145,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("The PGP key fingerprint is invalid."); $error = __("The PGP key fingerprint is invalid.");
} }
if ($UTYPE == "Trusted User" && $T == 3) { if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) {
$error = __("A Trusted User cannot assign Developer status."); $error = __("Cannot increase account permissions.");
} }
if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
$error = __("Language is not currently supported."); $error = __("Language is not currently supported.");
@ -1015,3 +1015,32 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal, $dbh=NULL) {
$q = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . intval($voteid) . ", " . intval($uid) . ")"; $q = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . intval($voteid) . ", " . intval($uid) . ")";
$result = $dbh->exec($q); $result = $dbh->exec($q);
} }
/**
* Verify a user has the proper permissions to edit an account
*
* @param string $atype Account type of the editing user
* @param array $acctinfo User account information for edited account
* @param int $uid User ID of the editing user
*
* @return bool True if permission to edit the account, otherwise false
*/
function can_edit_account($atype, $acctinfo, $uid) {
/* Developers can edit any account */
if ($atype == 'Developer') {
return true;
}
/* Trusted Users can edit all accounts except Developer accounts */
if ($atype == 'Trusted User' &&
$acctinfo['AccountType'] != 'Developer') {
return true;
}
/* Users can edit only their own account */
if ($acctinfo['ID'] == $uid) {
return true;
}
return false;
}