[aur-dev] [PATCH 1/2] Fix the return value of save_salt()
Return true if and only if the SQL query was executed successfully. Logins with an unsalted password no longer fail now. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/aur.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 82730bb..81cbf69 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -471,7 +471,7 @@ function save_salt($user_id, $passwd) { $hash = salted_hash($passwd, $salt); $q = "UPDATE Users SET Salt = " . $dbh->quote($salt) . ", "; $q.= "Passwd = " . $dbh->quote($hash) . " WHERE ID = " . $user_id; - $result = $dbh->exec($q); + return $dbh->exec($q); } /** -- 2.0.4
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/html/pkgreq.php | 8 ++++++++ web/lib/credentials.inc.php | 2 ++ web/lib/pkgreqfuncs.inc.php | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index 03b31b8..ccb0acd 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -9,9 +9,17 @@ set_lang(); check_sid(); if (isset($base_id)) { + if (!has_credential(CRED_PKGREQ_FILE)) { + header('Location: /'); + exit(); + } html_header(__("File Request")); include('pkgreq_form.php'); } elseif (isset($pkgreq_id)) { + if (!has_credential(CRED_PKGREQ_CLOSE)) { + header('Location: /'); + exit(); + } html_header(__("Close Request")); $pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id); include('pkgreq_close_form.php'); diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index efc203d..0c428f2 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13); define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14); define("CRED_PKGBASE_UNFLAG", 15); define("CRED_PKGBASE_VOTE", 16); +define("CRED_PKGREQ_FILE", 23); define("CRED_PKGREQ_CLOSE", 17); define("CRED_PKGREQ_LIST", 18); define("CRED_TU_ADD_VOTE", 19); @@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_PKGBASE_FLAG: case CRED_PKGBASE_NOTIFY: case CRED_PKGBASE_VOTE: + case CRED_PKGREQ_FILE: return ($atype == 'User' || $atype == 'Trusted User' || $atype == 'Developer' || $atype == 'Trusted User & Developer'); diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php index 98fb0cb..9207043 100644 --- a/web/lib/pkgreqfuncs.inc.php +++ b/web/lib/pkgreqfuncs.inc.php @@ -91,6 +91,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) { global $AUR_REQUEST_ML; global $AUTO_ORPHAN_AGE; + if (!has_credential(CRED_PKGREQ_FILE)) { + return array(false, __("You must be logged in to file package requests.")); + } + if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) { return array(false, __("Invalid name: only lowercase letters are allowed.")); } -- 2.0.4
participants (1)
-
Lukas Fleischer