This commit changes the messages printed when changing the accound
details so that it only prints that no changes were made if either the
account change SQL query or the account_set_ssh_keys call failed.
Reported-by: Alexis Chotard <alexis.horgix.chotard@gmail.com>
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Attaching more than one SSH public key to the same account is useful,
e.g. if one uses different machines to access the AUR SSH interface.
Multiple keys can now be specified by adding multiple lines to the text
area on the account edit form.
Implements FS#45469.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use NULL instead of an empty string if the SSH public key field is left
empty. Additionally, do not check for duplicate keys in that case.
Fixes FS#45109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Users can now add an SSH public key on the account edit page. This will
later be used to authenticate users via SSH.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace web/lib/config.inc.php with an INI-style configuration file.
This allows us to get rid of several globals and makes it easier to use
the same configuration file in external scripts.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add a check to remove a notice which is displayed after registration
since commit 03c6304 (Rework permission handling, 2014-07-15).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Prevent Trusted Users and developers from accidentally using a name that
contains invalid characters. Also, remove user_is_privileged() which is
no longer needed after this change.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Return null instead of the string "None" in username_from_id(),
uid_from_email() and uid_from_username().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
In commit 0722f46 (Simplify valid_user() and valid_username(),
2014-02-06), the conversion to lower case letters was unintentionally
removed and in consequence, names with upper case letters have been
rejected since then.
Instead of reintroducing the conversion, add the "i" modifier to the
regular expression validating the name to do case-insensitive pattern
matching.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace a misplaced semicolon with the concatenation operator. This
makes the AUR insert proper Reply-to and From headers again when sending
password reset emails on registration.
Fixes a regression introduced in 94a4f59 (Set Content-type header when
sending UTF-8 mails, 2014-02-10).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use "Welcome to the Arch User Repository" instead of "AUR Password
Reset" as subject for the initial password reset email.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is the correct delimiter for mail headers according to the PHP
documentation and RFC 2822.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This has been introduced by commit aae43d9 (started working on package
comments, 2005-03-05) but it seems to be of no practical use. Remove the
field to save some space.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of using a random secondary order, sort by the ID of the last
vote first, then by user name.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do not show users that took part in past TU votes but no longer have TU
powers. Also, fix the sorting column while we're touching these lines.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Showing running votes potentially allows for tracking votes and
associating yes/no/abstain votes with specific TUs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This shows a list of all Trusted Users and the vote ID of the last
proposal each of the TUs voted on. This list is sorted by vote ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There are only four valid reasons for starting a TU vote, so instead of
letting the user choose a vote length, let her pick a reason and set
vote length and quorum based on that selection.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The search_accounts_form() wrapper function doesn't have any
arguments and only makes it unclear what is happening within
account.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A user might have an empty password due to two reasons:
* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.
In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Adds a new is_ipbanned() function to determine whether the user
attempting to login or register for an account has their IP
address listed in the "Bans" table.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Save the IP address used for the last login in the "Users" table. This
makes it a bit easier to create IP ban lists for spammers without
looking at web server logs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Large amount of boilerplate code that checks if a database
connection exists is useless now that the new connection method
automatically does the same check.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All functions now have a database connection method that will use
the same database connection. This imitates the functionality of
passing a database connection as an argument and makes it redundant.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
An error message is printed when the number of affected rows is
0 for an edited account. A count of 0 doesn't imply an error,
only that no changes were made in the database.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
