Do not show users that took part in past TU votes but no longer have TU
powers. Also, fix the sorting column while we're touching these lines.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Showing running votes potentially allows for tracking votes and
associating yes/no/abstain votes with specific TUs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This shows a list of all Trusted Users and the vote ID of the last
proposal each of the TUs voted on. This list is sorted by vote ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There are only four valid reasons for starting a TU vote, so instead of
letting the user choose a vote length, let her pick a reason and set
vote length and quorum based on that selection.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The search_accounts_form() wrapper function doesn't have any
arguments and only makes it unclear what is happening within
account.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A user might have an empty password due to two reasons:
* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.
In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Adds a new is_ipbanned() function to determine whether the user
attempting to login or register for an account has their IP
address listed in the "Bans" table.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Save the IP address used for the last login in the "Users" table. This
makes it a bit easier to create IP ban lists for spammers without
looking at web server logs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Large amount of boilerplate code that checks if a database
connection exists is useless now that the new connection method
automatically does the same check.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All functions now have a database connection method that will use
the same database connection. This imitates the functionality of
passing a database connection as an argument and makes it redundant.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
An error message is printed when the number of affected rows is
0 for an edited account. A count of 0 doesn't imply an error,
only that no changes were made in the database.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The function is only determining whether a username is valid,
so it makes more sense to simply return a boolean value.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A check is only done to verify a Trusted User isn't promoting their
account. An attacker can send tampered account type POST data to
change their "User" level account to a "Developer" account.
Add check so that all users cannot increase their own account
permissions.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Checks are in place to avoid users getting account editing forms
they shouldn't have access to. The appropriate checks before
editing the account in the backend are not in place.
This vulnerability allows a user to craft malicious POST data to
edit other user accounts, thereby allowing account hijacking.
Add a new flexible function can_edit_account() to determine if
a user has appropriate permissions. Run the permission check before
processing any account information in the backend.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Change voters_list() to return an array of voters instead of
generating HTML code in the library call.
* Change the template to generate HTML code for the list of voters
instead of displaying the library's return value.
* Use HTML lists.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Use "<label>"/"</label>" for form labels.
* Use "<strong>"/"</strong>" for important text.
* Use "<h4>"/"</h4>" for headings.
* Drop "<b>"/"</b>" everywhere else.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All DB code currently uses the quickly aging mysql_* functions. These
functions are strongly discouraged and may eventually be deprecated.
Transition all code to utilize the PDO data access abstraction layer. PDO
allows for consistent query code across multiple databases. This could
potentially allow for someone to use a database other than MySQL with
minimal code changes.
All functions and behaviors are reproduced as faithfully as possible with
PDO equivalents and some changes in code.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Jump to the home page instead of displaying a page that only tells you
that you're logged in.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Initialize the "$details" and "$whovoted" variables with an empty
array/string to suppress a "Undefined variable" notice if the
votes/voters list is empty.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML
out of the display_account_info function that echoes the code, and moves it
to the new account_details.php template file.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code in tu.php and tu.php and tu_list.php to new functions in
accfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code in account.php to new functions in acctfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
* Consolidate redudant SQL statements from DisplayAccount and AccountInfo
* Consolidation also adds ability to edit accounts based on username
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code in passreset.php to new functions in acctfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code for removing a session in logout.php to a new function in
acctfuncs.inc.php
* Add ability for clear_expired_sessions function to check for DB connection
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code from account_search_results.php to already existing function
in acctfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Verifying a username exists should use already present valid_user function
* Create new functions in acctfuncs.inc.php with SQL queries from addvote.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML
out of a function that simply echoes the code, and moves it into a more
reasonable template file in account_search_results.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
XHTML should be eliminated from lib/ as much as possible. This pulls the XHTML
out of a function that simply echoes the code, and moves it into a more
reasonable template file in account_edit_form.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.
Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is handy for verifying the PGP key of new Trusted Users. Also, this
could potentially used as a basis to allow signed package uploads in the
future.
Implements FS#29028.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.
Note that we already fixed this for the RPC interface in commit
da2ebb667b but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
