summaryrefslogtreecommitdiff
path: root/web/html/pkgedit.php
blob: 2296470eee9d5ba0feae1ac8af12f633723126c2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<?php

set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');

include("aur.inc");         # access AUR common functions
include("pkgfuncs.inc");    # use some form of this for i18n support
include_lang("pkgedit_po.inc");  # i18n translations for this script
set_lang();                 # this sets up the visitor's language
check_sid();                # see if they're still logged in
html_header();              # print out the HTML header

# Make sure this visitor is logged in
#
if (isset($_COOKIE["AURSID"])) {
	$atype = account_from_sid($_COOKIE["AURSID"]);
} else {
	$atype = "";
}
if (!$atype) {
	print __("You must be logged in before you can edit package information.");
	print "<br />\n";
	html_footer(AUR_VERSION);
	exit();
}

# Must know what package to operate on throughout this entire script
#
if (!$_REQUEST["ID"]) {
	print __("Missing package ID.");
	print "<br />\n";
	html_footer(AUR_VERSION);
}


# Delete a comment for this package
#
if ($_REQUEST["del_Comment"]) {
	if ($_REQUEST["comment_id"]) {
		if (canDeleteComment($_REQUEST["comment_id"], $atype, $_COOKIE["AURSID"])) {
			$dbh = db_connect();
			$uid = uid_from_sid($_COOKIE["AURSID"]);
			$q = "UPDATE PackageComments ";
			$q.= "SET DelUsersID = ".$uid." ";
			$q.= "WHERE ID = ".intval($_REQUEST["comment_id"]);
			db_query($q, $dbh);
			print __("Comment has been deleted.")."<br />\n";
		} else {
			print __("You are not allowed to delete this comment.")."<br />\n";
		}
	} else {
		print __("Missing comment ID.")."<br />\n";
	}
	html_footer(AUR_VERSION);
	exit();
}

# Add a comment to this package
#
if ($_REQUEST["add_Comment"]) {
	if ($_REQUEST["comment"]) {
		# Insert the comment
		#
		$dbh = db_connect();
		$q = "INSERT INTO PackageComments ";
		$q.= "(PackageID, UsersID, Comments, CommentTS) VALUES (";
		$q.= intval($_REQUEST["ID"]).", ".uid_from_sid($_COOKIE["AURSID"]) . ", ";
		$q.= "'".mysql_real_escape_string($_REQUEST["comment"])."', ";
		$q.= "UNIX_TIMESTAMP())";
		db_query($q, $dbh);
		print __("Comment has been added.");

		# Send email notifications
		#
		$q = "SELECT CommentNotify.*, Users.Email ";
		$q.= "FROM CommentNotify, Users ";
		$q.= "WHERE Users.ID = CommentNotify.UserID ";
		$q.= "AND CommentNotify.UserID != ".uid_from_sid($_COOKIE["AURSID"])." ";
		$q.= "AND CommentNotify.PkgID = ".intval($_REQUEST["ID"]);
		$result = db_query($q, $dbh);
		$bcc = array();
		if (mysql_num_rows($result)) {
			while ($row = mysql_fetch_assoc($result)) {
				array_push($bcc, $row['Email']);
			}
			$q = "SELECT Packages.Name ";
			$q.= "FROM Packages ";
			$q.= "WHERE Packages.ID = ".intval($_REQUEST["ID"]);
			$result = db_query($q, $dbh);
			$row = mysql_fetch_assoc($result);
			#TODO: native language emails for users, based on their prefs
			# Simply making these strings translatable won't work, users would be
			# getting emails in the language that the user who posted the comment was in
			$body = "A comment has been added to ".$row['Name']." by " . username_from_sid($_COOKIE["AURSID"]) . ", you may view it at:\nhttp://aur.archlinux.org/packages.php?ID=".$_REQUEST["ID"]."\n\n\"" . $_POST['comment'] . "\"\n\n---\nYou received this e-mail because you chose to receive notifications of new comments on this package, if you no longer wish to recieve notifications about this package, please go the the above package page and click the UnNotify button.";
			$body = wordwrap($body, 70);
			$bcc = implode(', ', $bcc);
			$headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n";
			@mail(' ', "AUR Comment Notification for ".$row['Name'], $body, $headers);
		}

	} else {
		# Prompt visitor for comment
		#
		print "<div align='center'>\n";
		print "<form action='pkgedit.php' method='post'>\n";
		print "<input type='hidden' name='add_Comment' value='1'>\n";
		print "<input type='hidden' name='ID' value=\"".$_REQUEST["ID"]."\">\n";
		print __("Enter your comment below.")."<br />&nbsp;<br />\n";
		print "<textarea name='comment' rows='10' cols='50'></textarea>\n";
		print "<br />&nbsp;<br />\n";
		print "<input type='submit' value=\"".__("Submit")."\">\n";
		print "<input type='reset' value=\"".__("Reset")."\">\n";
		print "</form>\n";
		print "</div>\n";
	}
	html_footer(AUR_VERSION);
	exit();
}

# Change package category
#
if ($_REQUEST["change_Category"]) {
	$cat_array = pkgCategories();
	$dbh = db_connect();

	if ($_REQUEST["category_id"]) {
		# Try and set the requested category_id
		#
		if (array_key_exists($_REQUEST["category_id"], $cat_array)) {
			$q = "UPDATE Packages SET CategoryID = ".intval($_REQUEST["category_id"]);
			$q.= " WHERE ID = ".intval($_REQUEST["ID"]);
			db_query($q, $dbh);
			print __("Package category updated.")."<br />\n";

		} else {
			print __("Invalid category ID.")."<br />\n";
		}
	} else {
		# Prompt visitor for new category_id
		#
		$q = "SELECT CategoryID FROM Packages WHERE ID = ".intval($_REQUEST["ID"]);
		$result = db_query($q, $dbh);
		if ($result != NULL) {
			$catid = mysql_fetch_row($result);
		}
		print "<form action='pkgedit.php' method='post'>\n";
		print "<input type='hidden' name='change_Category' value='1'>\n";
		print "<input type='hidden' name='ID' value=\"".$_REQUEST["ID"]."\">\n";
		print __("Select new category").":&nbsp;\n";
		print "<select name='category_id'>\n";
		while (list($id,$cat) = each($cat_array)) {
			print "<option value='".$id."'";
			if ($id == $catid[0]) {
				print " selected";
			}
			print "> ".$cat."</option>\n";
		}
		print "</select>\n";
		print "<br />&nbsp;<br />\n";
		print "<input type='submit' value=\"".__("Submit")."\">\n";
		print "<input type='reset' value=\"".__("Reset")."\">\n";
		print "</form>\n";

	}
	html_footer(AUR_VERSION);
	exit();
}

print __("You've found a bug if you see this....")."<br />\n";

html_footer(AUR_VERSION);