File README changed (mode: 100644) (index 98557b0..bac3d29)
19	19	- It is recommended to NOT install rocketgit on a multiuser machine.	- It is recommended to NOT install rocketgit on a multiuser machine.
20	20	There are some things that should be fixed first. We are working on it.	There are some things that should be fixed first. We are working on it.
21	21
	22		. Prepare SELinux
	23		# setsebool -P \
	24		httpd_can_network_connect_db=on \
	25		httpd_can_network_memcache=on \
	26		httpd_can_sendmail=on
	27
22	28	. Edit /etc/rocketgit/config.php	. Edit /etc/rocketgit/config.php
23	29	. Edit /etc/httpd/conf.d/rocketgit.conf	. Edit /etc/httpd/conf.d/rocketgit.conf
24	30
67	73	. Run instalation script	. Run instalation script
68	74	# php /usr/share/rocketgit/admin/init.php	# php /usr/share/rocketgit/admin/init.php
69	75
70		. SELinux
71		# setsebool -P httpd_can_network_connect_db on
72		# setsebool -P httpd_can_network_memcache on
73		# setsebool -P httpd_can_sendmail on
74
75	76	. Edit firewall to permit port ssh, git, http and https	. Edit firewall to permit port ssh, git, http and https
76	77	In /etc/sysconfig/iptables (IPv4) or ip6tables (IPv6), add something	In /etc/sysconfig/iptables (IPv4) or ip6tables (IPv6), add something
77	78	like this:	like this:

File TODO changed (mode: 100644) (index c41a4fb..ab5038b)
	1		== Where I stopped last time ==
	2		[ ] rg_git_files
	3		[ ] We must test in HL functions if we have rights, not in rg_user_remove & co.
	4		[ ] For repo_refs, we must test also the ref. Sometime, we do not have it,
	5		so, test it for FALSE.
	6		[ ] Not clear what uid we have in:
	7		"$a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID"));"
	8		[ ] I should set 'display_errors' to OFF.
	9		[ ] remote.php: what rights need to check?
	10		ROCKETGIT_REPO_RIGHTS is gone. We must use rg_repo_allow (a['rights'])
	11		Probably all hooks need db connection and loading rights.
	12		[ ] The caller of rg_user_make_admin must check rights for administering repo.
	13		[ ] What right is "Access repo"?!
	14		[ ] We must return error if a user tries to drop 'fetch' for a public repo.
	15		But if the user switch it to be private repo? It's the user problem.
	16		[ ] Special case: rights are empty and repo is public. Should I test
	17		default rights only? Same with private repos.
	18		[ ] Remove rg_menu stuff (replaced with templates).
	19		[ ] The rights stuff is a mess. Redesign it.
	20		[ ] Still checking rights stuff of a simple user for a repo.
	21		[ ] Run hook_update.sh test. It not passes anymore.
	22		[ ] In progress of adding 'public' to repo and removing 'default_rights'.
	23		[ ] I have to define what means a 'public' repo: fetch + see bugtracker?
	24		[ ] In the process to remove 'ri.rights_text' and replace by 'public'.
	25		[ ] How to prevent a user to cut his access from an IP? Maybe admin should not
	26		filter by IP.
	27		[ ] Entering an IP for rights: must allow multiple IPs, comma/enter separated.
	28		[ ] If a project is private and the admin gives "Access repo" to a user,
	29		that user sees the repo as public.
	30		[ ] Maybe add db.users.last_ip_failed? Or the history is enough?
	31		[ ] db.users.last_ip is used for last IP used for login?
	32		[ ] repos.disk_quota_mb must be dropped and do a lookup in plan.
1	33	[ ] Integrate max_public/private_repos into HL.	[ ] Integrate max_public/private_repos into HL.
2	34	[ ] Allow specifying base language for a project.	[ ] Allow specifying base language for a project.
3	35	[ ] Allow specifying license for a project.	[ ] Allow specifying license for a project.
4	36	[ ] When changind db structure, invalidate all caches.	[ ] When changind db structure, invalidate all caches.
5	37	[ ] Check with owasp about html escaping. I do now htmlspecialchars ->	[ ] Check with owasp about html escaping. I do now htmlspecialchars ->
6		db -> HTML:nl2br()
7		[ ] Log also the last IP used.
8
9		== Plans for repo redesign ==
10		Because we can have a project without a repository, for example only with
11		bugtracker, we need to redesign the interface.
12
13		We need to have projects, where you can attach: a repo, a bugtracker
14		and/or a mailing list.
15
16		We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list.
17		Pay attention. A project has an owner. Without "admin" rights, you cannot
18		deal with the rest of
19		A project is public/private.
20		A repository/bt/ml link with a project.
21
22		We begin with an admin user. We have no projects, so no repo/bt/ml.
23		Admin user will create a user for a team-leader.
24		Two cases:
25		1. Allow user to create project
26		So, we need "CREATE PROJECTS" right.
27		2. Create project for him
28		So, what rights should we give to him? "ADMIN PROJECT"?
29		We should split"ADMIN" in finer rights: "DELETE PROJECT",
30		"CREATE/DELETE/LOCK REPO",
31		"CREATE/DELETE/LOCK BT",
32		"CREATE/DELETE/LOCK ML".
33		"LOCK" means that it will become read-only.
34
35		Now, team-leader has a project.
36		Two cases:
37		1. Give "CREATE REPO" rights to a team member.
38		2. Creates the repo and give rights to user.
	38		db -> HTML:nl2br()
	39		[ ] When we will switch to C, check UTF-8 validation.
	40		[ ] Log also the last IP used. Where? For push? This will be in history.
	41		[ ] Check http://blog.wikichoon.com/2014/04/github-doesnt-support-pull-request.html
39	42
40	43	== BEFORE NEXT RELEASE ==	== BEFORE NEXT RELEASE ==
	44		[ ] Implement a basic regular expression parser.
	45		[ ] Use an 'indent' string per repo and (optionally) enforce it.
	46		[ ] Should we use a more restrictive umask?
	47		[ ] In some places we have rg_event_add and then COMMIT. The event processing
	48		loop may loose the last transaction. :(
	49		[ ] Remove rg_repo_rights_*. Seems we cannot because we test if
	50		ri.uid == login_ui.uid, that we cannot do in rg_rights_get.
	51		Maybe if we pass the owner of a resource to rg_rights_get.
	52		[ ] $user -> $rg['user']
	53		[ ] $repo -> $rg['repo']
	54		[ ] $org... -> $rg['org...']
	55		[ ] Seems that for tests we do not have a log file, but is specified in the file!
	56		[ ] Doar unele functii high-level ar trebui sa aiba pasat $rg-ul.
	57		Restul, nu!
	58		[ ] rg_re_repopage($rg)?
	59		[ ] We may have a problem creating bugs. We must test for failures at every
	60		step.
	61		[ ] Rights: for public repos, we make a prio 0 rule to allow fetch (maybe other rights).
	62		It will not be in database, it will be generated if repo is public.
	63		If repo is becoming private, that rule will not be inserted anymore.
	64		[ ] When listing repos, check the rights!
	65		For example, a user is allowed to edit a repo, but is not the owner.
	66		It is not enough to check 'public = 1'. This may generate a lots
	67		of lookups for rights. :( Not if we cache the whole rights list.
	68		[ ] Add a reason for suspended accounts? Maybe also for other operations?
	69		[ ] We should add 'rights.who' to record who gave that right. May be more
	70		admins for the same repo.
	71		[ ] 'users.rights' is still used?!
41	72	[ ] Maybe add an indirection level: Projects. Because an admin may use	[ ] Maybe add an indirection level: Projects. Because an admin may use
42	73	rocketgit only for the bug tracker, for example. Or only for mailing	rocketgit only for the bug tracker, for example. Or only for mailing
43	74	list. So, "Repositories" will become "Projects". Hm.	list. So, "Repositories" will become "Projects". Hm.
...	...	Admin user will create a user for a team-leader.
73	104	- Should I add "Create users right"?	- Should I add "Create users right"?
74	105	- Repo rights: I should split admin into: "edit repo", "delete repo",	- Repo rights: I should split admin into: "edit repo", "delete repo",
75	106	"give rights" (should limit to his rights), "fill bugs",	"give rights" (should limit to his rights), "fill bugs",
76		"close bugs",
	107		"close bugs",
77	108	- Repo rights: allow "*" as user: default rights.	- Repo rights: allow "*" as user: default rights.
78	109	- Very tempting to give up "register_rights" function and have the	- Very tempting to give up "register_rights" function and have the
79	110	form as template. But I have to list them, join them etc. Hm.	form as template. But I have to list them, join them etc. Hm.
...	...	Admin user will create a user for a team-leader.
92	123	[ ] Allow comma separated users for grant rights.	[ ] Allow comma separated users for grant rights.
93	124	[ ] Loading defaults for refs_rights seems to not working.	[ ] Loading defaults for refs_rights seems to not working.
94	125	[ ] Secure transport X in configuratia de apache. Sau in index.php?	[ ] Secure transport X in configuratia de apache. Sau in index.php?
95		[ ]
96	126
97	127	== BEFORE NEXT-NEXT RELEASE ==	== BEFORE NEXT-NEXT RELEASE ==
	128		[ ] mcr@sandelman.ca: It would be nice if github could be told to reject
	129		and/or mark files that have whitespace errors.
	130		[ ] Transform user/bug/* into high level functions.
	131		[ ] Maybe, when user is not logged in, on the "Repositories" main menu
	132		show most active projects, the bigest ones, recent ones and
	133		search form. And remove menu "List" + "Search".
	134		Or, maybe the first page to contain best repos and search form.
	135		[ ] Add possibility to change user time zone.
	136		[ ] At least for notes, add also y/m/d/h/m/s 'ago' next to exact time
	137		[ ] We need a matrix testing with:
	138		unlogged in user, loggedin user, owner
	139		vs
	140		public_repo, private_repo, private_repo_with_rights for logged in user
	141		We can use a custom theme dir that contains IDs to be able to
	142		detect if we give errors. Or just match the english string.
	143		[ ] I may check in the main php if doit == 1 nad token is valid!
	144		[ ] I may do a function rg_generic_edit_high_level with an array, as parameter,
	145		with functions to call for different stuff.
	146		[ ] Do not redirect to login page if the user is logged in!
	147		[ ] 'Contact owner'
	148		[ ] When editing a repo, we should not pass 'master' as parameter!
	149		[ ] Delay events processing if load is too big. Maybe same with crons?
	150		[ ] Test (EXPLAIN) that rights_i_type_obj_id is used.
	151		[ ] Admin should be able to stop queue processing.
	152		[ ] When we delete a repo, we must delete also rights and bugs etc. Same
	153		for a user deletion.
	154		[ ] rights.misc2 is not used now. Drop it.
	155		[ ] How do we set rg_git_host? Now it shows r1i!
	156		[ ] bugs: when I edit a bug, if I wrongly insert a field, description is
	157		htmlized again (< -> &lt;)! Probably in many other places.
	158		[ ] bugs: we must be able to delete bugs.
	159		[ ] Do not test if we watch a bug if the bug is new.
	160		[ ] repo-home->"Lock repo" + hint=(options to block fetches/commits/bug/etc.)
	161		and with reason that is logged in history and shown on access.
	162		Also, admin must have lock power and a reason.
	163		[ ] When sending mails, add also who did the operation. For example, delete
	164		repo. It may not be the same person that created it!
	165		[ ] Add a description field for rights and keys. Maybe other places.
	166		[ ] Check http://nvie.com/posts/a-successful-git-branching-model/
98	167	[ ] After resetting password, go to the login form, with user prefiled so the user can cache the password.	[ ] After resetting password, go to the login form, with user prefiled so the user can cache the password.
99	168	[ ] Add number of bugs multiplied with a value to total disk space.	[ ] Add number of bugs multiplied with a value to total disk space.
100	169	[ ] How should I verify repo rights?	[ ] How should I verify repo rights?
...	...	Admin user will create a user for a team-leader.
162	231	Maybe redirect to user page? Only if there is no need to confirm.	Maybe redirect to user page? Only if there is no need to confirm.
163	232	What about lock_ip?	What about lock_ip?
164	233	[ ] Where to check if plan exists (rg_user_edit_high_level)?	[ ] Where to check if plan exists (rg_user_edit_high_level)?
	234		[ ] SSH keys: add from what IP the key was uploaded?
165	235
166	236	== Medium ==	== Medium ==
167	237	[ ] Add hit/miss stats to caches.	[ ] Add hit/miss stats to caches.
...	...	Admin user will create a user for a team-leader.
259	329	[ ] We should have a log with logins, not only last_login per user.	[ ] We should have a log with logins, not only last_login per user.
260	330	So, we should have an event on login and explode it in several queries.	So, we should have an event on login and explode it in several queries.
261	331	Also session may be updated from this event, but still with a 1 min gap.	Also session may be updated from this event, but still with a 1 min gap.
262		[ ] Max commit size must be added per repo.
263	332	[ ] A script to check if all CSS classes in templates are present in css file.	[ ] A script to check if all CSS classes in templates are present in css file.
264	333	[ ] Export/import a repo (xml maybe).	[ ] Export/import a repo (xml maybe).
265	334	[ ] Add groups.	[ ] Add groups.

File TODO-plans changed (mode: 100644) (index 36bd2a4..5faef51)
...	...	and/or a mailing list.
15	15
16	16	We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list.	We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list.
17	17	Pay attention. A project has an owner. Without "admin" rights, you cannot	Pay attention. A project has an owner. Without "admin" rights, you cannot
18		deal with the rest of
	18		deal with the rest of
19	19	A project is public/private.	A project is public/private.
20	20	A repository/bt/ml link with a project.	A repository/bt/ml link with a project.
21	21

File docs/rights.txt changed (mode: 100644) (index e69de29..8108f52)
	1		This document tries to explain the rights management.
	2
	3		We have a table for all rights types.
	4		There are types for user, repo, refs etc.
	5
	6		The table has the following fields:
	7		right_id - auto increment field, needed for editing and deletion.
	8		rights - text, one letter means one right
	9		misc, misc2: these are used for refs and path for 'refs' type.
	10		Other types may used these fields.
	11		who - Who gave the rights (uid).
	12		prio - Priority of the right (for evaluation ascending ordering)
	13		uid - uid of the user that the rights were granted to.
	14		obj_id - opaque id of a resource. It may be the repo_id or the user_id.
	15
	16		We have some function to manage the rights:
	17		-rg_rights_set($db, $right_id, $who, $type, $obj_id, $uid, $rights,
	18		$misc, $ip, $prio)
	19		Sets the rights for a type-uid-obj_id combination.
	20
	21		- rg_rights_load($db, $type, $obj_id)
	22		Loads all rights for an object, identified by
	23		type and obj_id; type may be '*' for all rights type.
	24
	25		- rg_rights_delete_list($db, $obj_id, $list)
	26		Deletes a list of rights,
	27		obtained by selecting them in the form.

File hooks/post-receive changed (mode: 100755) (index f3094ab..45cc7a2)
...	...	if (empty($conf))
22	22	require_once($conf);	require_once($conf);
23	23
24	24	$INC = $rg_scripts . "/inc";	$INC = $rg_scripts . "/inc";
	25		require_once($INC . "/init.inc.php");
25	26	require_once($INC . "/util.inc.php");	require_once($INC . "/util.inc.php");
26	27	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
27	28	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");

File hooks/pre-commit changed (mode: 100755) (index afb9431..b7b8ea0)
...	...	if (empty($conf))
13	13	require_once($conf);	require_once($conf);
14	14
15	15	$INC = $rg_scripts . "/inc";	$INC = $rg_scripts . "/inc";
	16		require_once($INC . "/init.inc.php");
16	17	require_once($INC . "/util.inc.php");	require_once($INC . "/util.inc.php");
17	18	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
18	19	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");

File hooks/pre-receive changed (mode: 100755) (index 0676a5e..3fcbce3)
...	...	if (empty($conf))
19	19	require_once($conf);	require_once($conf);
20	20
21	21	$INC = $rg_scripts . "/inc";	$INC = $rg_scripts . "/inc";
	22		require_once($INC . "/init.inc.php");
22	23	require_once($INC . "/util.inc.php");	require_once($INC . "/util.inc.php");
23	24	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
24	25	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");

File hooks/update changed (mode: 100755) (index b229745..068029b)
...	...	if (empty($conf))
20	20	require_once($conf);	require_once($conf);
21	21
22	22	$INC = $rg_scripts . "/inc";	$INC = $rg_scripts . "/inc";
	23		require_once($INC . "/init.inc.php");
23	24	require_once($INC . "/util.inc.php");	require_once($INC . "/util.inc.php");
24	25	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
25	26	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");
...	...	rg_prof_start("hook-update");
31	32
32	33	rg_log_set_file($rg_log_dir . "/hook_update.log");	rg_log_set_file($rg_log_dir . "/hook_update.log");
33	34
	35		$db = rg_sql_open($rg_sql);
	36
34	37	$a = array();	$a = array();
35	38
36	39	$a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID"));	$a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID"));
37		$a['rights'] = getenv("ROCKETGIT_REPO_RIGHTS");
38	40	$a['repo_id'] = getenv("ROCKETGIT_REPO_ID");	$a['repo_id'] = getenv("ROCKETGIT_REPO_ID");
39	41	$a['ip'] = getenv("ROCKETGIT_IP");	$a['ip'] = getenv("ROCKETGIT_IP");
40	42	$a['namespace'] = getenv("GIT_NAMESPACE");	$a['namespace'] = getenv("GIT_NAMESPACE");
...	...	else
62	64	$a['new_rev_type'] = rg_git_type($a['new_rev']);	$a['new_rev_type'] = rg_git_type($a['new_rev']);
63	65	rg_log("new_rev_type=" . $a['new_rev_type']);	rg_log("new_rev_type=" . $a['new_rev_type']);
64	66
	67		$ri = rg_repo_info($db, $a['repo_id'], 0, "");
	68		if ($ri['ok'] != 1)
	69		rg_git_fatal("Internal error (repo). Try again later.");
	70
	71		$r = rg_repo_rights_get($db, "repo_refs", $ri, $a['uid']);
	72		if ($r['ok'] != 1)
	73		rg_git_fatal("Internal error (refs rights). Try again later.");
	74		$a['refs_rights'] = $r['list'];
	75
	76		$r = rg_repo_rights_get($db, "repo_path", $ri, $a['uid']);
	77		if ($r['ok'] != 1)
	78		rg_git_fatal("Internal error (path rights). Try again later.");
	79		$a['repo_path'] = $r['list'];
	80
65	81	if (strncmp($a['refname'], "refs/tags/", 10) == 0) {	if (strncmp($a['refname'], "refs/tags/", 10) == 0) {
66	82	rg_git_update_tag($a);	rg_git_update_tag($a);
67	83	} else if (strncmp($a['refname'], "refs/heads/", 11) == 0) {	} else if (strncmp($a['refname'], "refs/heads/", 11) == 0) {

File inc/admin/admin.php changed (mode: 100644) (index 195b1a8..706e05f)
1	1	<?php	<?php
2		rg_log("/inc/admin/admin");
	2		rg_log("FILE: /inc/admin/admin");
3	3
4		$admin_more = $more;
	4		$admin_more = $rg;
5	5	$_admin = "";	$_admin = "";
6	6
7		if ($login_ui['is_admin'] != 1) {
8		$_admin .= rg_warning("You do not have access here!");
	7		if ($rg['login_ui']['is_admin'] != 1) {
	8		$_admin .= rg_template("access_denied.html", $rg);
9	9	return;	return;
10	10	}	}
11	11
12	12	$_subop = empty($paras) ? "" : array_shift($paras);	$_subop = empty($paras) ? "" : array_shift($paras);
13	13
14		// menu
15		$_m = array(
16		"plans" => array(
17		"text" => "Plans",
18		"op" => "plans"
19		),
20		"users" => array(
21		"text" => "Users",
22		"op" => "users"
23		),
24		"repos" => array(
25		"text" => "Repositories",
26		"op" => "repos"
27		)
28		);
29		rg_menu_add($rg_menu, $_m, $_subop);
30
31	14	switch ($_subop) {	switch ($_subop) {
32	15	case 'plans':	case 'plans':
33	16	include($INC . "/admin/plans/plans.php");	include($INC . "/admin/plans/plans.php");
...	...	case 'repos': // repos
45	28	break;	break;
46	29	}	}
47	30
	31		$rg['menu']['sub1'][$_subop] = 1;
	32		$rg['HTML:submenu1'] = rg_template("admin/menu.html", $rg);
	33
48	34	?>	?>

File inc/admin/plans/plans.php changed (mode: 100644) (index 3c8a6e9..cee1baa)
1	1	<?php	<?php
2		rg_log("/inc/admin/plans/plans");
	2		rg_log("FILE: /inc/admin/plans/plans");
3	3
4	4	$_admin_plans = "";	$_admin_plans = "";
5	5
6	6	$_op = empty($paras) ? "list" : array_shift($paras);	$_op = empty($paras) ? "list" : array_shift($paras);
7
8		// menu
9		$_m = array(
10		"list" => array(
11		"text" => "List plans",
12		"op" => "list"
13		),
14		"add" => array(
15		"text" => "Add plan",
16		"op" => "add"
17		)
18		);
19		rg_menu_add($rg_menu, $_m, $_op);
20
21	7	switch ($_op) {	switch ($_op) {
22	8	case 'list': // list	case 'list': // list
23		$_admin_plans .= rg_plan_list_high_level($db, $sid, $admin_more);
	9		$_admin_plans .= rg_plan_list_high_level($db, $rg);
24	10	break;	break;
25	11
26	12	case 'edit': // edit	case 'edit': // edit
27	13	$admin_more['id'] = empty($paras) ? 0 : array_shift($paras);	$admin_more['id'] = empty($paras) ? 0 : array_shift($paras);
28	14	// no break here	// no break here
29	15	case 'add': // add	case 'add': // add
30		$_admin_plans .= rg_plan_edit_high_level($db, $sid, $admin_more);
	16		$_admin_plans .= rg_plan_edit_high_level($db, $rg);
31	17	break;	break;
32	18	}	}
33	19
	20		$rg['menu']['sub2'][$_op] = 1;
	21		$rg['HTML:submenu2'] = rg_template("admin/plans/menu.html", $rg);
	22
34	23	?>	?>

File inc/admin/repos/repos.php changed (mode: 100644) (index 7d45a3c..3c1288c)
1	1	<?php	<?php
2		rg_log("/admin/repos");
	2		rg_log("FILE: /admin/repos");
3	3
4	4	$_admin_repos = "";	$_admin_repos = "";
5	5
...	...	rg_menu_add($rg_menu, $_m, $_op);
21	21	switch ($_op) {	switch ($_op) {
22	22	case 'list': // list	case 'list': // list
23	23	$_uid = 0;	$_uid = 0;
24		$_admin_repos .= rg_repo_list($db, "TODO: fix url", $_uid);
	24		$_admin_repos .= rg_repo_list($db, $rg, "TODO: fix url", $_uid);
25	25	break;	break;
26	26	}	}
27	27

File inc/admin/users/users.php changed (mode: 100644) (index 92ac5e2..f43d53f)
1	1	<?php	<?php
2		rg_log("/inc/admin/users/users");
	2		rg_log("FILE: /inc/admin/users/users");
3	3
4	4	$_admin_users = "";	$_admin_users = "";
5	5
...	...	$_show_list = 1;
25	25	switch ($_op) {	switch ($_op) {
26	26	case 'add': // add	case 'add': // add
27	27	case 'edit': // edit	case 'edit': // edit
28		$more['ask_for_pass'] = 1;
29		$_admin_users .= rg_user_edit_high_level($db, $sid, $more);
	28		$rg['ask_for_pass'] = 1;
	29		$_admin_users .= rg_user_edit_high_level($db, $rg);
30	30	$_show_list = 0;	$_show_list = 0;
31	31	break;	break;
32	32
33	33	case 'suspend':	case 'suspend':
34		if (!rg_user_suspend($db, $target_ui, 1))
	34		if (!rg_user_suspend($db, $rg, $target_ui, 1))
35	35	$_admin_users .= rg_template("admin/users/bad_suspend.html");	$_admin_users .= rg_template("admin/users/bad_suspend.html");
36	36	break;	break;
37	37
38	38	case 'unsuspend':	case 'unsuspend':
39		if (!rg_user_suspend($db, $target_ui, 0))
	39		if (!rg_user_suspend($db, $rg, $target_ui, 0))
40	40	$_admin_users .= rg_template("admin/users/bad_unsuspend.html");	$_admin_users .= rg_template("admin/users/bad_unsuspend.html");
41	41	break;	break;
42	42
43	43	case 'make_admin':	case 'make_admin':
44		if (!rg_user_make_admin($db, $target_ui, 1))
	44		if (!rg_user_make_admin($db, $rg, $target_ui, 1))
45	45	$_admin_users .= rg_template("admin/users/bad_admin.html");	$_admin_users .= rg_template("admin/users/bad_admin.html");
46	46	break;	break;
47	47
48	48	case 'remove_admin':	case 'remove_admin':
49		if (!rg_user_make_admin($db, $target_ui, 0))
	49		if (!rg_user_make_admin($db, $rg, $target_ui, 0))
50	50	$_admin_users .= rg_template("admin/users/bad_unadmin.html");	$_admin_users .= rg_template("admin/users/bad_unadmin.html");
51	51	break;	break;
52	52
53	53	case 'remove':	case 'remove':
54		if (!rg_user_remove($db, $target_ui))
	54		if (!rg_user_remove($db, $rg, $target_ui))
55	55	$_admin_users .= rg_template("admin/users/bad_remove.html");	$_admin_users .= rg_template("admin/users/bad_remove.html");
56	56	break;	break;
57	57	}	}

File inc/bug.inc.php changed (mode: 100644) (index fadfa1a..3bc5292)
...	...	require_once($INC . "/util.inc.php");
3	3	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
4	4	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");
5	5	require_once($INC . "/user.inc.php");	require_once($INC . "/user.inc.php");
	6		require_once($INC . "/repo.inc.php");
6	7	require_once($INC . "/prof.inc.php");	require_once($INC . "/prof.inc.php");
7	8	require_once($INC . "/events.inc.php");	require_once($INC . "/events.inc.php");
8	9	require_once($INC . "/watch.inc.php");	require_once($INC . "/watch.inc.php");
...	...	function rg_bug_state_select($value, $exclude)
199	200	}	}
200	201
201	202	/*	/*
202		* We want the bug number to be consecutive per repo.
203		* This is why we use a separate table (bugs_max) to track last id.
204		* This function must called from inside a transaction.
	203		* We want the bug numbers to be consecutive per repo.
205	204	*/	*/
206	205	function rg_bug_next_id($db, $repo_id)	function rg_bug_next_id($db, $repo_id)
207	206	{	{
...	...	function rg_bug_next_id($db, $repo_id)
209	208	rg_log("bug_next_id: repo_id=$repo_id");	rg_log("bug_next_id: repo_id=$repo_id");
210	209
211	210	$next_bug_id = FALSE;	$next_bug_id = FALSE;
212		do {
213		$params = array($repo_id);
214		$sql = "UPDATE bugs_max SET last_bug_id = last_bug_id + 1"
215		. " WHERE repo_id = $1"
	211		while (1) {
	212		$params = array("repo_id" => $repo_id);
	213		$sql = "UPDATE repos SET last_bug_id = last_bug_id + 1"
	214		. " WHERE repo_id = @@repo_id@@"
216	215	. " RETURNING last_bug_id AS next_bug_id";	. " RETURNING last_bug_id AS next_bug_id";
217	216	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
218	217	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_bug_next_id($db, $repo_id)
220	219	break;	break;
221	220	}	}
222	221
223		$rows = rg_sql_num_rows($res);
224		if ($rows == 1) {
225		$row = rg_sql_fetch_array($res);
226		$next_bug_id = $row['next_bug_id'];
227		}
228		rg_sql_free_result($res);
229
230		if ($rows == 1)
231		break;
232
233		/* If we are here, it means that we have no entry in bugs_max. */
234
235		$sql = "LOCK TABLE bugs_max IN ACCESS EXCLUSIVE MODE";
236		$res = rg_sql_query($db, $sql);
237		if ($res === FALSE) {
238		rg_bug_set_error("cannot lock max table (" . rg_sql_error() . ")");
239		break;
240		}
241		rg_sql_free_result($res);
242
243		/*
244		* Here, another client may just did the insert and commited
245		* and we obtain the lock. So, we have to check if a insert
246		* took place.
247		*/
248		$params = array($repo_id);
249		$sql = "SELECT 1 FROM bugs_max WHERE repo_id = $1";
250		$res = rg_sql_query_params($db, $sql, $params);
251		if ($res === FALSE) {
252		rg_bug_set_error("cannot select 1 from max table (" . rg_sql_error() . ")");
253		break;
254		}
255		$rows = rg_sql_num_rows($res);
	222		$row = rg_sql_fetch_array($res);
	223		$next_bug_id = $row['next_bug_id'];
256	224	rg_sql_free_result($res);	rg_sql_free_result($res);
257
258		if ($rows == 0) {
259		// We were faster, just insert.
260		$params = array($repo_id);
261		$sql = "INSERT INTO bugs_max (repo_id, last_bug_id)"
262		. " VALUES ($1, 1)";
263		$res = rg_sql_query_params($db, $sql, $params);
264		if ($res === FALSE) {
265		rg_bug_set_error("cannot insert into max table (" . rg_sql_error() . ")");
266		break;
267		}
268		rg_sql_free_result($res);
269		$next_bug_id = 1;
270		}
271
272		/*
273		* The other client was faster than us. Just repeat
274		* the whole operation.
275		*/
276		} while ($next_bug_id === FALSE);
	225		break;
	226		};
277	227
278	228	rg_log("\tDEBUG: next_bug_id=" . $next_bug_id);	rg_log("\tDEBUG: next_bug_id=" . $next_bug_id);
279	229
...	...	function rg_bug_vars_defaults()
303	253	function rg_bug_vars()	function rg_bug_vars()
304	254	{	{
305	255	$ret = array();	$ret = array();
306		$ret['bug_id'] = rg_var_str("bug_id");
307	256	$ret['title'] = rg_var_str("title");	$ret['title'] = rg_var_str("title");
308	257	$ret['body'] = rg_var_str("body");	$ret['body'] = rg_var_str("body");
309	258	$ret['state'] = rg_var_uint("state");	$ret['state'] = rg_var_uint("state");
...	...	function rg_bug_cosmetic($db, &$row)
339	288	$row['assigned_to'] = $_ui['username'];	$row['assigned_to'] = $_ui['username'];
340	289	}	}
341	290
	291		$row['deleted_text'] = "";
	292		$row['deleted_who_text'] = "";
	293		if (isset($row['deleted_who']) && ($row['deleted_who'] > 0)) {
	294		$_ui = rg_user_info($db, $row['deleted_who'], "", "");
	295		if ($_ui['exists'] == 1)
	296		$row['deleted_who_text'] = $_ui['username'];
	297
	298		$row['deleted_text'] = gmdate("Y-m-d H:i", $row['deleted']);
	299		}
	300
342	301	$row['state_text'] = rg_bug_state($row['state']);	$row['state_text'] = rg_bug_state($row['state']);
343	302	}	}
344	303
	304		/*
	305		* Invalidate bug cache
	306		* TODO: really use it! And update it in bug_edit!
	307		*/
	308		function rg_bug_invalidate_cache($repo_id, $bug_id)
	309		{
	310		global $rg_bug_info_cache;
	311
	312		$key = $repo_id . " " . $bug_id;
	313		if (isset($rg_bug_info_cache[$key]))
	314		unset($rg_bug_info_cache[$key]);
	315		}
	316
345	317	/*	/*
346	318	* Return info about a bug	* Return info about a bug
347	319	*/	*/
...	...	function rg_bug_info($db, $repo_id, $bug_id)
353	325	rg_prof_start("bug_info");	rg_prof_start("bug_info");
354	326	rg_log("rg_bug_info: repo_id=$repo_id bug_id=$bug_id");	rg_log("rg_bug_info: repo_id=$repo_id bug_id=$bug_id");
355	327
356		$ret = FALSE;
	328		$ret = array();
	329		$ret['ok'] = 0;
	330		$ret['exists'] = 0;
357	331	do {	do {
358		$key = $repo_id . "-" . $bug_id;
	332		$key = $repo_id . " " . $bug_id;
359	333	if (isset($rg_bug_info_cache[$key])) {	if (isset($rg_bug_info_cache[$key])) {
360	334	$ret = $rg_bug_info_cache[$key];	$ret = $rg_bug_info_cache[$key];
361	335	break;	break;
362	336	}	}
363	337
364		$params = array($repo_id, $bug_id);
	338		$params = array("repo_id" => $repo_id,
	339		"bug_id" => $bug_id);
365	340	$sql = "SELECT * FROM bugs"	$sql = "SELECT * FROM bugs"
366		. " WHERE repo_id = $1"
367		. " AND bug_id = $2";
	341		. " WHERE repo_id = @@repo_id@@"
	342		. " AND bug_id = @@bug_id@@";
368	343	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
369	344	if ($res === FALSE) {	if ($res === FALSE) {
370	345	rg_bug_set_error("cannot list bugs (" . rg_sql_error() . ")");	rg_bug_set_error("cannot list bugs (" . rg_sql_error() . ")");
...	...	function rg_bug_info($db, $repo_id, $bug_id)
374	349	$rows = rg_sql_num_rows($res);	$rows = rg_sql_num_rows($res);
375	350	if ($rows == 1)	if ($rows == 1)
376	351	$ret = rg_sql_fetch_array($res);	$ret = rg_sql_fetch_array($res);
	352		$ret['ok'] = 1;
377	353	rg_sql_free_result($res);	rg_sql_free_result($res);
378	354
379	355	$ret['exists'] = $rows;	$ret['exists'] = $rows;
...	...	function rg_bug_info($db, $repo_id, $bug_id)
393	369	* Add/edit a bug	* Add/edit a bug
394	370	* If bug_id > 0 - edit, else add	* If bug_id > 0 - edit, else add
395	371	*/	*/
396		function rg_bug_edit($db, $ri, $login_ui, $data)
	372		function rg_bug_edit($db, $login_ui, $ri, $data)
397	373	{	{
	374		global $rg_bug_info_cache;
	375
398	376	rg_prof_start("bug_edit");	rg_prof_start("bug_edit");
399	377	rg_log("bug_edit: data: " . rg_array2string($data));	rg_log("bug_edit: data: " . rg_array2string($data));
400	378
401		// TODO: test if user is allowed to add/edit a bug
402
403	379	$data['labels'] = isset($data['labels']) ? $data['labels'] : "";	$data['labels'] = isset($data['labels']) ? $data['labels'] : "";
404	380
405		$itime = time();
	381		$now = time();
406	382	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
407	383
408	384	$ret = FALSE;	$ret = FALSE;
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
424	400	}	}
425	401
426	402	if (empty($data['assigned_to'])) {	if (empty($data['assigned_to'])) {
427		$assigned_uid = 0;
	403		$data['assigned_uid'] = 0;
428	404	$assigned_to_text = "N/A";	$assigned_to_text = "N/A";
429	405	} else {	} else {
430	406	$aui = rg_user_info($db, 0, $data['assigned_to'], "");	$aui = rg_user_info($db, 0, $data['assigned_to'], "");
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
432	408	rg_bug_set_error("user you assigned to does not exists");	rg_bug_set_error("user you assigned to does not exists");
433	409	break;	break;
434	410	}	}
435		$assigned_uid = $aui['uid'];
	411		$data['assigned_uid'] = $aui['uid'];
436	412	$assigned_to_text = $aui['username'];	$assigned_to_text = $aui['username'];
437	413	}	}
438	414
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
443	419
444	420	$rollback = 1;	$rollback = 1;
445	421
446		$bug_id = $data['bug_id'];
447		if ($bug_id == 0) {
448		$bug_id = rg_bug_next_id($db, $ri['repo_id']);
449		if ($bug_id === FALSE)
	422		$add = 0;
	423		if ($data['bug_id'] == 0) {
	424		$add = 1;
	425		$data['bug_id'] = rg_bug_next_id($db, $ri['repo_id']);
	426		if ($data['bug_id'] === FALSE)
450	427	break;	break;
451	428	}	}
452	429
453	430	if (!empty($data['labels'])) {	if (!empty($data['labels'])) {
454		$err = rg_bug_label_insert($db, $ri['repo_id'], $bug_id,
455		$data['labels']);
	431		$err = rg_bug_label_insert($db, $ri['repo_id'],
	432		$data['bug_id'], $data['labels']);
456	433	if ($err !== TRUE)	if ($err !== TRUE)
457	434	break;	break;
458	435	}	}
459	436
460		if ($data['bug_id'] == 0) {
461		$params = array($bug_id, $itime, $ri['repo_id'],
462		$login_ui['uid'], $ip, $data['title'],
463		$data['body'], $data['state'], $assigned_uid);
	437		$data['itime'] = $now;
	438		$data['utime'] = $now;
	439		$data['ip'] = $ip;
	440		$data['repo_id'] = $ri['repo_id'];
	441		$data['uid'] = $login_ui['uid'];
	442		if ($add == 1) {
464	443	$sql = "INSERT INTO bugs (bug_id, itime, utime, repo_id"	$sql = "INSERT INTO bugs (bug_id, itime, utime, repo_id"
465	444	. ", uid, ip, title, body, state, assigned_uid"	. ", uid, ip, title, body, state, assigned_uid"
466	445	. ", deleted)"	. ", deleted)"
467		. " VALUES ($1, $2, 0, $3, $4, $5, $6, $7, $8, $9, 0)";
	446		. " VALUES (@@bug_id@@, @@itime@@, 0, @@repo_id@@"
	447		. ", @@uid@@, @@ip@@, @@title@@, @@body@@"
	448		. ", @@state@@, @@assigned_uid@@, 0)";
468	449	} else {	} else {
469		$params = array($itime, $data['title'], $data['body'],
470		$data['state'], $assigned_uid, $ri['repo_id'],
471		$bug_id);
472		$sql = "UPDATE bugs SET utime = $1"
473		. ", title = $2"
474		. ", body = $3"
475		. ", state = $4"
476		. ", assigned_uid = $5"
477		. " WHERE repo_id = $6"
478		. " AND bug_id = $7";
	450		$sql = "UPDATE bugs SET utime = @@itime@@"
	451		. ", title = @@title@@"
	452		. ", body = @@body@@"
	453		. ", state = @@state@@"
	454		. ", assigned_uid = @@assigned_uid@@"
	455		. " WHERE repo_id = @@repo_id@@"
	456		. " AND bug_id = @@bug_id@@";
479	457	}	}
480		$res = rg_sql_query_params($db, $sql, $params);
	458		$res = rg_sql_query_params($db, $sql, $data);
481	459	if ($res === FALSE) {	if ($res === FALSE) {
482	460	rg_bug_set_error("cannot insert bug (" . rg_sql_error() . ")");	rg_bug_set_error("cannot insert bug (" . rg_sql_error() . ")");
483	461	break;	break;
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
486	464
487	465	// Add reporter and assignee to the watch list	// Add reporter and assignee to the watch list
488	466	$r = rg_watch_add($db, "bug", $login_ui['uid'], $ri['repo_id'],	$r = rg_watch_add($db, "bug", $login_ui['uid'], $ri['repo_id'],
489		$bug_id);
	467		$data['bug_id']);
490	468	if ($r === FALSE) {	if ($r === FALSE) {
491	469	rg_bug_set_error("cannot add to watch list"	rg_bug_set_error("cannot add to watch list"
492	470	. " (" . rg_watch_error() . ")");	. " (" . rg_watch_error() . ")");
493	471	break;	break;
494	472	}	}
495	473
496		if ($assigned_uid > 0) {
497		$r = rg_watch_add($db, "bug", $assigned_uid,
498		$ri['repo_id'], $bug_id);
	474		if ($data['assigned_uid'] > 0) {
	475		$r = rg_watch_add($db, "bug", $data['assigned_uid'],
	476		$ri['repo_id'], $data['bug_id']);
499	477	if ($r === FALSE) {	if ($r === FALSE) {
500	478	rg_bug_set_error("cannot add to watch list"	rg_bug_set_error("cannot add to watch list"
501	479	. " (" . rg_watch_error() . ")");	. " (" . rg_watch_error() . ")");
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
503	481	}	}
504	482	}	}
505	483
506		$data['bug_id'] = $bug_id;
507	484	$event = array("category" => 4100, "prio" => 200,	$event = array("category" => 4100, "prio" => 200,
508	485	"repo.repo_id" => $ri['repo_id'],	"repo.repo_id" => $ri['repo_id'],
509	486	"repo.name" => $ri['name'],	"repo.name" => $ri['name'],
510	487	"bug.who_added" => $login_ui['uid'],	"bug.who_added" => $login_ui['uid'],
511	488	"bug.who_added_text" => $login_ui['username'],	"bug.who_added_text" => $login_ui['username'],
512		"bug.url" => rg_base_url() . rg_re_bugpage($login_ui, $ri['name'], $bug_id),
	489		"bug.url" => rg_base_url() . rg_re_bugpage($login_ui, $ri['name'], $data['bug_id']),
513	490	"bug.assigned_to_text" => $assigned_to_text,	"bug.assigned_to_text" => $assigned_to_text,
514	491	"bug.state_text" => rg_bug_state($data['state']),	"bug.state_text" => rg_bug_state($data['state']),
515	492	"IP" => rg_var_str("REMOTE_ADDR"));	"IP" => rg_var_str("REMOTE_ADDR"));
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
526	503	break;	break;
527	504	}	}
528	505
529		$ret = $bug_id;
	506		// update cache
	507		$key = $ri['repo_id'] . " " . $data['bug_id'];
	508		rg_bug_cosmetic($db, $data);
	509		$rg_bug_info_cache[$key] = $data;
	510
	511		$ret = $data['bug_id'];
530	512	$rollback = 0;	$rollback = 0;
531	513	} while (0);	} while (0);
532	514
...	...	function rg_bug_edit($db, $ri, $login_ui, $data)
538	520	}	}
539	521
540	522	/*	/*
541		* Delete a bug
	523		* Delete/undelete a bug
	524		* @op: 1=delete, 2=undelete
542	525	*/	*/
543		function rg_bug_delete($db, $repo_id, $bug_id)
	526		function rg_bug_delete_undelete($db, $who, $repo_id, $bug_id, $op)
544	527	{	{
	528		global $rg_bug_info_cache;
	529
545	530	rg_prof_start("bug_delete");	rg_prof_start("bug_delete");
546		rg_log("bug_delete: $repo_id=$repo_id bug_id=$bug_id");
	531		rg_log("bug_delete_undelete: who=$who repo_id=$repo_id bug_id=$bug_id op=$op");
547	532
548	533	$ret = FALSE;	$ret = FALSE;
549	534	do {	do {
550		// TODO: Check rights
551
552	535	$now = time();	$now = time();
	536		if ($op == 1)
	537		$deleted = $now;
	538		else
	539		$deleted = 0;
553	540
554	541	// Only mark it as such, deletion will happen in background	// Only mark it as such, deletion will happen in background
555		$params = array($now, $repo_id, $bug_id);
556		$sql = "UPDATE bugs SET deleted = $1"
557		. " WHERE repo_id = $2"
558		. " AND bug_id = $3";
	542		$params = array("deleted" => $deleted,
	543		"repo_id" => $repo_id,
	544		"bug_id" => $bug_id,
	545		"utime" => $now,
	546		"deleted_who" => $who);
	547		$sql = "UPDATE bugs SET deleted = @@deleted@@"
	548		. ", utime = @@utime@@"
	549		. ", deleted_who = @@deleted_who@@"
	550		. " WHERE repo_id = @@repo_id@@"
	551		. " AND bug_id = @@bug_id@@";
559	552	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
560	553	if ($res === FALSE) {	if ($res === FALSE) {
561		rg_bug_set_error("Cannot delete bug (" . rg_sql_error() . ")");
	554		rg_bug_set_error("cannot delete bug (" . rg_sql_error() . ")");
562	555	break;	break;
563	556	}	}
564	557	rg_sql_free_result($res);	rg_sql_free_result($res);
	558
	559		// update cache
	560		$key = $repo_id . " " . $bug_id;
	561		$new = $rg_bug_info_cache[$key];
	562		$new['deleted'] = $deleted;
	563		$new['deleted_who'] = $who;
	564		$new['utime'] = $now;
	565		rg_bug_cosmetic($db, $new);
	566		$rg_bug_info_cache[$key] = $new;
	567
565	568	$ret = TRUE;	$ret = TRUE;
566	569	} while (0);	} while (0);
567	570
...	...	function rg_bug_list_query($db, $sql, $params)
588	591	$ret = array();	$ret = array();
589	592	while (($row = rg_sql_fetch_array($res))) {	while (($row = rg_sql_fetch_array($res))) {
590	593	rg_bug_cosmetic($db, $row);	rg_bug_cosmetic($db, $row);
591		$ret[] = $row;
	594		$ret[] = array("bug" => $row);
592	595	}	}
593	596	rg_sql_free_result($res);	rg_sql_free_result($res);
594	597	} while (0);	} while (0);
...	...	function rg_bug_search_load_all($db, $repo_id, $uid)
608	611
609	612	$ret = FALSE;	$ret = FALSE;
610	613	do {	do {
611		$params = array($repo_id, $uid);
	614		$params = array("repo_id" => $repo_id, "uid" => $uid);
612	615	$sql = "SELECT name FROM bug_search"	$sql = "SELECT name FROM bug_search"
613		. " WHERE (repo_id = $1 OR repo_id = 0)"
614		. " AND uid = $2"
	616		. " WHERE (repo_id = @@repo_id@@ OR repo_id = 0)"
	617		. " AND uid = @@uid@@"
615	618	. " ORDER BY repo_id, name";	. " ORDER BY repo_id, name";
616	619	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
617	620	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_bug_search_load($db, $repo_id, $uid, $name)
683	686	break;	break;
684	687	}	}
685	688
686		$params = array($repo_id, $uid, $name);
	689		$params = array("repo_id" => $repo_id,
	690		"uid" => $uid,
	691		"name" => $name);
687	692	$sql = "SELECT uid, name, data, for_all_users"	$sql = "SELECT uid, name, data, for_all_users"
688	693	. " FROM bug_search"	. " FROM bug_search"
689		. " WHERE (repo_id = $1 OR repo_id = 0)"
690		. " AND (uid = $2 OR for_all_users = 1)"
691		. " AND name = $3"
	694		. " WHERE (repo_id = @@repo_id@@ OR repo_id = 0)"
	695		. " AND (uid = @@uid@@ OR for_all_users = 1)"
	696		. " AND name = @@name@@"
692	697	. " ORDER BY name";	. " ORDER BY name";
693	698	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
694	699	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_bug_search_save($db, $repo_id, $uid, $q)
755	760	// We will not overwrite somebody else's search	// We will not overwrite somebody else's search
756	761	// TODO: race?	// TODO: race?
757	762	rg_log("DEBUG: old: " . rg_array2string($old));	rg_log("DEBUG: old: " . rg_array2string($old));
	763		$params = array("repo_id" => $repo_id,
	764		"uid" => $uid,
	765		"name" => $name,
	766		"data" => $data,
	767		"for_all_users" => $for_all_users);
758	768	if (empty($old) || ($old['uid'] != $uid)) {	if (empty($old) || ($old['uid'] != $uid)) {
759		$params = array($repo_id, $uid, $name, $data, $for_all_users);
760	769	$sql = "INSERT INTO bug_search (repo_id, uid, name"	$sql = "INSERT INTO bug_search (repo_id, uid, name"
761	770	. ", data, for_all_users)"	. ", data, for_all_users)"
762		. " VALUES ($1, $2, $3, $4, $5)";
	771		. " VALUES (@@repo_id@@, @@uid@@, @@name@@"
	772		. ", @@data@@, @@for_all_users@@)";
763	773	} else {	} else {
764		$params = array($data, $for_all_users, $repo_id, $uid, $name);
765	774	$sql = "UPDATE bug_search"	$sql = "UPDATE bug_search"
766		. " SET data = $1"
767		. ", for_all_users = $2"
768		. " WHERE repo_id = $3"
769		. " AND uid = $4"
770		. " AND name = $5";
	775		. " SET data = @@data@@"
	776		. ", for_all_users = @@for_all_users@@"
	777		. " WHERE repo_id = @@repo_id@@"
	778		. " AND uid = @@uid@@"
	779		. " AND name = @@name@@";
771	780	}	}
772	781	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
773	782	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
791	800	rg_log("bug_search: repo_id=$repo_id uid=$uid"	rg_log("bug_search: repo_id=$repo_id uid=$uid"
792	801	. " q=" . rg_array2string($q));	. " q=" . rg_array2string($q));
793	802
794		$params = array($repo_id); $index = 2;
	803		$params = array("repo_id" => $repo_id);
795	804	$add = array();	$add = array();
796	805	$limit = 25;	$limit = 25;
797	806	$ret = FALSE;	$ret = FALSE;
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
803	812	rg_bug_set_error("cannot lookup user (reported_by)");	rg_bug_set_error("cannot lookup user (reported_by)");
804	813	break;	break;
805	814	}	}
806		$add[] = "AND uid = \$" . $index;
807		$params[] = $_ui['uid'];
808		$index++;
	815		$add[] = "AND uid = @@reported_by@@";
	816		$params['reported_by'] = $_ui['uid'];
809	817	}	}
810	818
811	819	// assigned to	// assigned to
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
815	823	rg_bug_set_error("cannot lookup user (assigned_to)");	rg_bug_set_error("cannot lookup user (assigned_to)");
816	824	break;	break;
817	825	}	}
818		$add[] = "AND assigned_uid = \$" . $index;
819		$params[] = $_ui['uid'];
820		$index++;
	826		$add[] = "AND assigned_uid = @@assigned_uid@@";
	827		$params['assigned_uid'] = $_ui['uid'];
821	828	}	}
822	829
823	830	// state	// state
824	831	if (isset($q['state']) && ($q['state'] > 0)) {	if (isset($q['state']) && ($q['state'] > 0)) {
825		$add[] = "AND state = \$" . $index;
826		$params[] = $q['state'];
827		$index++;
	832		$add[] = "AND state = @@state@@";
	833		$params['state'] = $q['state'];
828	834	}	}
829	835
830	836	// start	// start
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
834	840	rg_bug_set_error("invalid start date format");	rg_bug_set_error("invalid start date format");
835	841	break;	break;
836	842	}	}
837		$add[] = "AND itime >= \$" . $index;
838		$params[] = $ts;
839		$index++;
	843		$add[] = "AND itime >= @@start@@";
	844		$params['start'] = $ts;
840	845	}	}
841	846
842	847	// end	// end
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
846	851	rg_bug_set_error("invalid end date format");	rg_bug_set_error("invalid end date format");
847	852	break;	break;
848	853	}	}
849		$add[] = "AND itime <= \$" . $index;
850		$params[] = $ts;
851		$index++;
	854		$add[] = "AND itime <= @@end@@";
	855		$params['end'] = $ts;
852	856	}	}
853	857
854	858	// title_string	// title_string
855	859	if (!empty($q['title_string'])) {	if (!empty($q['title_string'])) {
856		$add[] = "AND title ILIKE \$" . $index;
857		$params[] = "%" . $q['title_string'] . "%";
858		$index++;
	860		$add[] = "AND title ILIKE @@title@@";
	861		$params['title'] = "%" . $q['title_string'] . "%";
859	862	}	}
860	863
861	864	// body_string	// body_string
862	865	if (!empty($q['body_string'])) {	if (!empty($q['body_string'])) {
863		$add[] = "AND body ILIKE \$" . $index;
864		$params[] = "%" . $q['body_string'] . "%";
865		$index++;
	866		$add[] = "AND body ILIKE @@body@@";
	867		$params['body'] = "%" . $q['body_string'] . "%";
866	868	}	}
867	869
868	870	// bugs_per_page	// bugs_per_page
...	...	function rg_bug_search($db, $repo_id, $uid, $q)
877	879	}	}
878	880
879	881	$sql = "SELECT * FROM bugs"	$sql = "SELECT * FROM bugs"
880		. " WHERE repo_id = $1"
	882		. " WHERE repo_id = @@repo_id@@"
881	883	. " AND deleted = 0"	. " AND deleted = 0"
882	884	. " " . implode(" ", $add)	. " " . implode(" ", $add)
883	885	. " ORDER BY itime"	. " ORDER BY itime"
...	...	function rg_bug_search_remove($db, $repo_id, $uid, $name)
905	907
906	908	$ret = FALSE;	$ret = FALSE;
907	909	do {	do {
908		$params = array($repo_id, $uid, $name);
	910		$params = array("repo_id" => $repo_id,
	911		"uid" => $uid,
	912		"name" => $name);
909	913	$sql = "DELETE FROM bug_search"	$sql = "DELETE FROM bug_search"
910		. " WHERE repo_id = $1"
911		. " AND uid = $2"
912		. " AND name = $3";
	914		. " WHERE repo_id = @@repo_id@@"
	915		. " AND uid = @@uid@@"
	916		. " AND name = @@name@@";
913	917	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
914	918	if ($res === FALSE) {	if ($res === FALSE) {
915	919	rg_bug_set_error("cannot remove search (" . rg_sql_error() . ")");	rg_bug_set_error("cannot remove search (" . rg_sql_error() . ")");
...	...	function rg_bug_note_add($db, $repo_id, $bug_id, $login_uid, $data)
941	945	$itime = time();	$itime = time();
942	946	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "?";	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "?";
943	947
944		$params = array($repo_id, $bug_id, $itime, $login_uid, $ip,
945		$data['note']);
	948		$params = array("repo_id" => $repo_id,
	949		"bug_id" => $bug_id,
	950		"itime" => $itime,
	951		"uid" => $login_uid,
	952		"ip" => $ip,
	953		"note" => $data['note']);
946	954	$sql = "INSERT INTO bug_notes (repo_id, bug_id, itime, uid, ip"	$sql = "INSERT INTO bug_notes (repo_id, bug_id, itime, uid, ip"
947	955	. ", note)"	. ", note)"
948		. " VALUES ($1, $2, $3, $4, $5, $6)";
	956		. " VALUES (@@repo_id@@, @@bug_id@@, @@itime@@, @@uid@@"
	957		. ", @@ip@@, @@note@@)";
949	958	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
950	959	if ($res === FALSE) {	if ($res === FALSE) {
951	960	rg_bug_set_error("Cannot insert bug note (" . rg_sql_error() . ")");	rg_bug_set_error("Cannot insert bug note (" . rg_sql_error() . ")");
...	...	function rg_bug_note_add($db, $repo_id, $bug_id, $login_uid, $data)
962	971	rg_log_ml("_ri: " . print_r($_ri, TRUE));	rg_log_ml("_ri: " . print_r($_ri, TRUE));
963	972
964	973	$_bi = rg_bug_info($db, $repo_id, $bug_id);	$_bi = rg_bug_info($db, $repo_id, $bug_id);
965		if ($_bi === FALSE)
	974		if ($_bi['exists'] != 1) {
	975		rg_bug_set_error("bug does not exists");
966	976	break;	break;
	977		}
967	978
968	979	$_ui = rg_user_info($db, $login_uid, "", "");	$_ui = rg_user_info($db, $login_uid, "", "");
969	980	if ($_ui['exists'] != 1) {	if ($_ui['exists'] != 1) {
...	...	function rg_bug_note_list($db, $repo_id, $bug_id, $offset)
1008	1019	do {	do {
1009	1020	// TODO: test if user is allowed to see a note	// TODO: test if user is allowed to see a note
1010	1021
1011		$params = array($repo_id, $bug_id);
	1022		$params = array("repo_id" => $repo_id,
	1023		"bug_id" => $bug_id);
1012	1024	$sql = "SELECT * FROM bug_notes"	$sql = "SELECT * FROM bug_notes"
1013		. " WHERE repo_id = $1"
1014		. " AND bug_id = $2"
	1025		. " WHERE repo_id = @@repo_id@@"
	1026		. " AND bug_id = @@bug_id@@"
1015	1027	. " ORDER BY itime"	. " ORDER BY itime"
1016	1028	. " OFFSET $offset";	. " OFFSET $offset";
1017	1029	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
...	...	function rg_bug_label_get($db, $repo_id, $bug_id)
1103	1115
1104	1116	$ret = FALSE;	$ret = FALSE;
1105	1117	do {	do {
1106		$params = array($repo_id, $bug_id);
	1118		$params = array("repo_id" => $repo_id,
	1119		"bug_id" => $bug_id);
1107	1120	$sql = "SELECT DISTINCT label FROM bug_labels"	$sql = "SELECT DISTINCT label FROM bug_labels"
1108		. " WHERE repo_id = $1"
1109		. " AND bug_id = $2"
	1121		. " WHERE repo_id = @@repo_id@@"
	1122		. " AND bug_id = @@bug_id@@"
1110	1123	. " ORDER BY label";	. " ORDER BY label";
1111	1124	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1112	1125	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_bug_label_insert($db, $repo_id, $bug_id, $labels)
1152	1165	break;	break;
1153	1166	}	}
1154	1167
1155		// TODO: switch to params
1156		$params = array(); $index = 1;
	1168		$params = array("repo_id" => $repo_id,
	1169		"bug_id" => $bug_id);
	1170		$index = 1;
1157	1171	$list = array();	$list = array();
1158	1172	foreach ($diff as $label) {	foreach ($diff as $label) {
1159		$params[] = $label;
1160		$list[] = "($repo_id, $bug_id, \$" . $index . ")";
	1173		$params["label_" . $index] = $label;
	1174		$list[] = "(@@repo_id@@, @@bug_id@@, @@label_" . $index . "@@)";
1161	1175	$index++;	$index++;
1162	1176	}	}
1163	1177	$sql = "INSERT INTO bug_labels (repo_id, bug_id, label)"	$sql = "INSERT INTO bug_labels (repo_id, bug_id, label)"
...	...	function rg_bug_label_html($db, $labels)
1194	1208	return $ret;	return $ret;
1195	1209	}	}
1196	1210
	1211		/* High level functions */
	1212
	1213		/*
	1214		* High level function for adding/creating a bug
	1215		*/
	1216		function rg_bug_edit_high_level($db, $rg)
	1217		{
	1218		rg_log("rg_bug_edit_high_level");
	1219		//rg_log_ml("rg[bug]=" . print_r($rg['bug'], TRUE));
	1220
	1221		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "B", $rg['ip'], "") !== TRUE)
	1222		return rg_template("repo/bug/deny_edit.html", $rg);
	1223
	1224		$ret = "";
	1225
	1226		$errmsg = array();
	1227		$show_form = TRUE;
	1228		do {
	1229		if ($rg['doit'] == 0) {
	1230		if ($rg['bug']['bug_id'] == 0)
	1231		$rg['bug'] = rg_bug_vars_defaults();
	1232		break;
	1233		}
	1234
	1235		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1236		$errmsg[] = "invalid token; try again";
	1237		break;
	1238		}
	1239
	1240		$rg['bug'] = rg_array_merge($rg['bug'], "", rg_bug_vars());
	1241
	1242		$bug_id = rg_bug_edit($db, $rg['login_ui'], $rg['ri'],
	1243		$rg['bug']);
	1244		if ($bug_id === FALSE) {
	1245		$errmsg[] = rg_bug_error();
	1246		break;
	1247		}
	1248		$rg['bug']['bug_id'] = $bug_id;
	1249
	1250		$url = rg_re_bugpage($rg['page_ui'],
	1251		$rg['ri']['name'], $bug_id);
	1252		rg_redirect($url);
	1253
	1254		$show_form = FALSE;
	1255		} while (0);
	1256
	1257		if ($show_form) {
	1258		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	1259		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	1260
	1261		$exclude = array(0);
	1262		$rg['bug']['HTML:state_select'] =
	1263		rg_bug_state_select($rg['bug']['state'], $exclude);
	1264
	1265		$hints = array();
	1266		$hints[]['HTML:hint'] = rg_template("hints/repo/bug/add.html", $rg);
	1267		$rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
	1268
	1269		$ret .= rg_template("repo/bug/bug_add_edit.html", $rg);
	1270		}
	1271
	1272		return $ret;
	1273		}
	1274
	1275
1197	1276	?>	?>

File inc/dispatch/dispatch.php changed (mode: 100644) (index cc670b5..f93b237)
1	1	<?php	<?php
2		rg_log("/inc/dispatch/dispatch");
	2		rg_log("FILE: /inc/dispatch/dispatch");
	3
	4		$rg['menu'][$_op] = 1;
3	5
4	6	switch ($_op) {	switch ($_op) {
5	7	case 'login':	case 'login':
...	...	case 'login':
8	10	break;	break;
9	11
10	12	case 'logout':	case 'logout':
11		if (rg_sess_destroy($db, $sid, $login_ui)) {
12		$body .= rg_template("user/logout.html", $more);
	13		if (rg_sess_destroy($db, $rg['sid'], $rg['login_ui'])) {
	14		$body .= rg_template("user/logout.html", $rg);
13	15	} else {	} else {
14		$body .= rg_template("user/logout_err.html", $more);
	16		$body .= rg_template("user/logout_err.html", $rg);
15	17	}	}
16	18	break;	break;
17	19
...	...	case 'forgot_send': // forgot pass - send mail
41	43	break;	break;
42	44
43	45	case 'create_account':	case 'create_account':
44		$more['ask_for_pass'] = 1;
45		$body .= rg_user_edit_high_level($db, $sid, $more);
	46		$rg['ask_for_pass'] = 1;
	47		$body .= rg_user_edit_high_level($db, $rg);
46	48	break;	break;
47	49
48	50	case 'confirm':	case 'confirm':
...	...	default: // can be the main page or user page or repo page
69	71	$user = empty($paras) ? "" : array_shift($paras);	$user = empty($paras) ? "" : array_shift($paras);
70	72	$repo = empty($paras) ? "" : array_shift($paras);	$repo = empty($paras) ? "" : array_shift($paras);
71	73	} else if (empty($type)) {	} else if (empty($type)) {
72		$body .= rg_template("main.html", $more);
	74		$body .= rg_template("main.html", $rg);
73	75	} else {	} else {
74	76	// organization	// organization
75	77	$organization = 1;	$organization = 1;

File inc/events.inc.php changed (mode: 100644) (index a334332..9f4ea26)
...	...	function rg_event_add($db, $event)
81	81	do {	do {
82	82	$now = time();	$now = time();
83	83	$prio = $event['prio']; unset($event['prio']);	$prio = $event['prio']; unset($event['prio']);
84		$params = array($now, $prio, serialize($event));
	84		$params = array("now" => $now,
	85		"prio" => $prio,
	86		"data" => serialize($event));
85	87	$sql = "INSERT INTO events (itime, prio, data)"	$sql = "INSERT INTO events (itime, prio, data)"
86		. " VALUES ($1, $2, $3)";
	88		. " VALUES (@@now@@, @@prio@@, @@data@@)";
87	89	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
88	90	if ($res === FALSE) {	if ($res === FALSE) {
89	91	rg_event_set_error("Could not add event (" . rg_sql_error() . ")");	rg_event_set_error("Could not add event (" . rg_sql_error() . ")");
...	...	function rg_event_process_queue($db, &$notify_list)
254	256	if (isset($ev['notification']))	if (isset($ev['notification']))
255	257	rg_event_notify($notify_list, $ev['notification'], "");	rg_event_notify($notify_list, $ev['notification'], "");
256	258
257		$params = array($row['id']);
258		$sql = "DELETE FROM events WHERE id = $1";
	259		$params = array("id" => $row['id']);
	260		$sql = "DELETE FROM events WHERE id = @@id@@";
259	261	$res2 = rg_sql_query_params($db, $sql, $params);	$res2 = rg_sql_query_params($db, $sql, $params);
260	262	rg_sql_free_result($res2);	rg_sql_free_result($res2);
261	263	}	}

File inc/feedback/suggestion.php changed (mode: 100644) (index c77d9f1..585d3a7)
1	1	<?php	<?php
2		rg_log("/feedback/suggestion");
	2		rg_log("FILE: /feedback/suggestion");
3	3
4		$suggestion_more = $more;
	4		$suggestion_more = $rg;
5	5	$_suggestion = "";	$_suggestion = "";
6	6
7	7	$errmsg = array();	$errmsg = array();
8	8	$show_form = 1;	$show_form = 1;
9	9
10	10	do {	do {
11		if ($doit != 1) {
	11		if ($rg['doit'] != 1) {
12	12	// defaults	// defaults
13	13	$suggestion = "";	$suggestion = "";
14	14	break;	break;
...	...	do {
16	16
17	17	$suggestion = rg_var_str("suggestion");	$suggestion = rg_var_str("suggestion");
18	18
19		if (!rg_token_valid($db, $sid, $token)) {
	19		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
20	20	$errmsg[] = "invalid token; try again";	$errmsg[] = "invalid token; try again";
21	21	break;	break;
22	22	}	}
...	...	do {
26	26	break;	break;
27	27	}	}
28	28
29		$r = rg_user_suggestion($db, $login_ui['uid'], $suggestion);
	29		$r = rg_user_suggestion($db, $rg['login_ui']['uid'],
	30		$rg['login_ui']['email'], $suggestion);
30	31	if ($r === FALSE) {	if ($r === FALSE) {
31	32	$errmsg[] = "could not add suggestion (" . rg_user_error() . ")!";	$errmsg[] = "could not add suggestion (" . rg_user_error() . ")!";
32	33	break;	break;
33	34	}	}
34	35
35	36	$show_form = 0;	$show_form = 0;
36		$_suggestion .= "Thank you very much!";
	37		$_suggestion .= rg_template("suggestion_sent.html", $rg);
37	38	} while (0);	} while (0);
38	39
39	40	if ($show_form == 1) {	if ($show_form == 1) {
40	41	$suggestion_more['suggestion'] = $suggestion;	$suggestion_more['suggestion'] = $suggestion;
41	42	$suggestion_more['HTML:errmsg'] = rg_template_errmsg($errmsg);	$suggestion_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
42		$suggestion_more['rg_form_token'] = rg_token_get($db, $sid);
	43		$suggestion_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
43	44	$_suggestion .= rg_template("suggestion.html", $suggestion_more);	$_suggestion .= rg_template("suggestion.html", $suggestion_more);
44	45	}	}
45	46

File inc/fixes.inc.php changed (mode: 100644) (index 6e3f8f8..4ed3a9b)
...	...	$rg_fixes = array();
15	15	$rg_fixes[1] = array("rg_fixes_user_index_by_id");	$rg_fixes[1] = array("rg_fixes_user_index_by_id");
16	16	$rg_fixes[2] = array("rg_fixes_repo_index_by_id");	$rg_fixes[2] = array("rg_fixes_repo_index_by_id");
17	17	$rg_fixes[3] = array("rg_fixes_keys_regen");	$rg_fixes[3] = array("rg_fixes_keys_regen");
	18		$rg_fixes[4] = array("rg_fixes_repos_last_bug_id");
18	19
19	20	// This must be the last line	// This must be the last line
20	21	$rg_fixes_ver = count($rg_fixes);	$rg_fixes_ver = count($rg_fixes);
21	22
	23		/*
	24		* Get rid of bugs_max database
	25		*/
	26		function rg_fixes_repos_last_bug_id($db)
	27		{
	28		rg_log("rg_fixes_repos_last_bug_id");
	29
	30		$res = rg_sql_begin($db);
	31		if (!$res)
	32		return FALSE;
	33
	34		$sql = "SELECT * FROM bugs_max";
	35		$res = rg_sql_query($db, $sql);
	36		if (!$res)
	37		return FALSE;
	38
	39		while (($row = rg_sql_fetch_array($res))) {
	40		$repo_id = $row['repo_id'];
	41		$last = $row['last_bug_id'];
	42
	43		$params = array("repo_id" => $repo_id, "last" => $last);
	44		$sql = "UPDATE repos SET last_bug_id = @@last@@"
	45		. " WHERE repo_id = @@repo_id@@";
	46		$res2 = rg_sql_query_params($db, $sql, $params);
	47		if (!$res2)
	48		return FALSE;
	49		rg_sql_free_result($res2);
	50		}
	51		rg_sql_free_result($res);
	52
	53		$sql = "DROP TABLE bugs_max";
	54		$res = rg_sql_query($db, $sql);
	55		if (!$res)
	56		return FALSE;
	57
	58		$res = rg_sql_commit($db);
	59		if (!$res)
	60		return FALSE;
	61
	62		rg_log("Done!");
	63		return TRUE;
	64		}
	65
22	66	/*	/*
23	67	* Just regenerate the keys	* Just regenerate the keys
24	68	*/	*/

File inc/git.inc.php changed (mode: 100644) (index f6d6de8..59e7a1b)
...	...	function rg_git_log($path, $max, $from, $to, $also_patch)
665	665	* Outputs the result of replacing variables in a template with real variables	* Outputs the result of replacing variables in a template with real variables
666	666	* @log = TODO (output of rg_git_log?)	* @log = TODO (output of rg_git_log?)
667	667	*/	*/
668		function rg_git_log_template($log, $dir, $more)
	668		function rg_git_log_template($log, $dir, $rg)
669	669	{	{
670	670	$t = array();	$t = array();
671	671
...	...	function rg_git_log_template($log, $dir, $more)
678	678	}	}
679	679	}	}
680	680
681		return rg_template_table($dir, $t, $more);
	681		return rg_template_table($dir, $t, $rg);
682	682	}	}
683	683
684	684	/*	/*
...	...	function rg_git_stats($log)
731	731	return $ret;	return $ret;
732	732	}	}
733	733
	734		/*
	735		* Returns a list with the filenames changed between two revisions
	736		* TODO: what if old is empty?
	737		*/
	738		function rg_git_files($old, $new)
	739		{
	740		rg_log("rg_git_files old=$old new=$new");
	741
	742		// TODO: Here we can deny non ascii file names. Move to update_branch?
	743		// git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0')
	744
	745		$cmd = "git diff --name-only " . escapeshellarg($old) . " " . escapeshellarg($new);
	746		rg_log("DEBUG: cmd=$cmd");
	747		$a = rg_exec($cmd);
	748		if ($a['ok'] != 1) {
	749		rg_git_set_error("error on ls-tree (" . $a['errmsg'] . ")");
	750		break;
	751		}
	752
	753		if (empty($a['data'])) {
	754		rg_git_set_error("error on ls-tree: empty answer");
	755		break;
	756		}
	757
	758		$output = explode("\n", trim($a['data']));
	759		$ret = array();
	760		foreach ($output as $line) {
	761		rg_log("FILE: $line");
	762		}
	763		}
	764
734	765	/*	/*
735	766	* Nice diff per file	* Nice diff per file
736	767	* Outputs the result of replacing variables in a template with real variables	* Outputs the result of replacing variables in a template with real variables
...	...	function rg_git_files_stats($a, $dir)
842	873	$t[] = $line;	$t[] = $line;
843	874	}	}
844	875
845		$more = array();
846		return rg_template_table($dir, $t, $more);
	876		$rg = array();
	877		return rg_template_table($dir, $t, $rg);
847	878	}	}
848	879
849	880	/*	/*
...	...	function rg_git_update_tag($a)
855	886
856	887	rg_log("git_update_tag: " . rg_array2string($a));	rg_log("git_update_tag: " . rg_array2string($a));
857	888
	889		$ip = $a['ip'];
	890
858	891	if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated	if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated
859	892	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
860		if (!rg_rights_allow($a['rights'], "S"))
	893		if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
861	894	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
862	895	. " create an annotated tag.");	. " create an annotated tag.");
863	896	} else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete	} else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
864	897	rg_log("delete ann tag");	rg_log("delete ann tag");
865		if (!rg_rights_allow($a['rights'], "n"))
	898		if (!rg_rights_allow($a['rights'], "n", $ip, $a['refname']))
866	899	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
867	900	. " delete an annotated tag.");	. " delete an annotated tag.");
868	901	} else { // change	} else { // change
869	902	rg_log("This seems it cannot happen in recent git.");	rg_log("This seems it cannot happen in recent git.");
870		if (!rg_rights_allow($a['rights'], "S"))
	903		if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
871	904	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
872	905	. " change an annotated tag.");	. " change an annotated tag.");
873	906	}	}
874	907	} else { // Un-annotated	} else { // Un-annotated
875	908	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
876		if (!rg_rights_allow($a['rights'], "Y"))
	909		if (!rg_rights_allow($a['rights'], "Y", $ip, $a['refname']))
877	910	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
878	911	. " create an un-annotated tag.");	. " create an un-annotated tag.");
879	912	} else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete	} else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
880		if (!rg_rights_allow($a['rights'], "u"))
	913		if (!rg_rights_allow($a['rights'], "u", $ip, $a['refname']))
881	914	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
882	915	. " delete an un-annotated tag.");	. " delete an un-annotated tag.");
883	916	} else { // change	} else { // change
884		if (!rg_rights_allow($a['rights'], "U"))
	917		if (!rg_rights_allow($a['rights'], "U", $ip, $a['refname']))
885	918	rg_git_fatal($a['refname'] . "\nNo rights to"	rg_git_fatal($a['refname'] . "\nNo rights to"
886	919	. " change an un-annotated tag.");	. " change an un-annotated tag.");
887	920	}	}
...	...	function rg_git_update_tag($a)
902	935	}	}
903	936	}	}
904	937
	938		/*
	939		*
	940		*/
905	941	function rg_git_update_branch($a)	function rg_git_update_branch($a)
906	942	{	{
907	943	global $rg_git_zero;	global $rg_git_zero;
908	944
909	945	rg_log("git_update_branch: " . rg_array2string($a));	rg_log("git_update_branch: " . rg_array2string($a));
910	946
911		// If we have anonymous push rights, we should add also create branch
912		if (rg_rights_allow($a['rights'], "H") === TRUE)
913		$a['rights'] .= "C";
	947		$ip = $a['ip'];
914	948
915	949	if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete	if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
916		if (!rg_rights_allow($a['rights'], "D"))
	950		if (!rg_rights_allow($a['refs_rights'], "D", $ip, $a['refname']))
917	951	rg_git_fatal($a['refname'] . "\nNo rights to delete"	rg_git_fatal($a['refname'] . "\nNo rights to delete"
918	952	. " a branch.");	. " a branch.");
919	953	return;	return;
920	954	}	}
921	955
	956		// If we have 'H' (anonymous push), we have also create branch
922	957	$check_fast_forward = 1;	$check_fast_forward = 1;
923	958	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create	if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
924		if (!rg_rights_allow($a['rights'], "C"))
	959		if (!rg_rights_allow($a['refs_rights'], "H|C", $ip, $a['refname']))
925	960	rg_git_fatal($a['refname'] . "\nYou have no rights"	rg_git_fatal($a['refname'] . "\nYou have no rights"
926	961	. " to create a branch.");	. " to create a branch.");
927	962	$check_fast_forward = 0;	$check_fast_forward = 0;
...	...	function rg_git_update_branch($a)
929	964
930	965	// Create or change	// Create or change
931	966	// Check for non fast-forward update	// Check for non fast-forward update
932		if (!rg_rights_allow($a['rights'], "O") && ($check_fast_forward == 1)) {
	967		if (!rg_rights_allow($a['refs_rights'], "O", $ip, $a['refname'])
	968		&& ($check_fast_forward == 1)) {
933	969	$merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']);	$merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']);
934	970	if ($merge_base === FALSE) {	if ($merge_base === FALSE) {
935	971	rg_log("Error in merge_base: " . rg_git_error());	rg_log("Error in merge_base: " . rg_git_error());
...	...	function rg_git_update_branch($a)
944	980
945	981	// Check if user pushes a merge commit	// Check if user pushes a merge commit
946	982	// TODO: Check all commits, not only the last one!	// TODO: Check all commits, not only the last one!
947		if (!rg_rights_allow($a['rights'], "M")) {
	983		if (!rg_rights_allow($a['refs_rights'], "M", $ip, $a['refname'])) {
948	984	if (rg_git_rev_ok($a['new_rev'] . "^2"))	if (rg_git_rev_ok($a['new_rev'] . "^2"))
949	985	rg_git_fatal($a['refname'] . "\nNo rights to push merges.");	rg_git_fatal($a['refname'] . "\nNo rights to push merges.");
950	986	}	}
951	987
952		// Check whitespace
953		if (!rg_rights_allow($a['rights'], "W")) {
	988		// Check for bad whitespace
	989		if (!rg_rights_allow($a['refs_rights'], "W", $ip, $a['refname'])) {
954	990	$w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);	$w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
955	991	if ($w !== TRUE)	if ($w !== TRUE)
956	992	rg_git_fatal($a['refname']	rg_git_fatal($a['refname']
...	...	function rg_git_update_branch($a)
958	994	. "\n" . $w);	. "\n" . $w);
959	995	}	}
960	996
961		if (rg_rights_allow($a['rights'], "P") !== TRUE) {
	997		// Check repo_path rights TODO
	998		$r = rg_git_files($a['old_rev'], $a['new_rev']);
	999
	1000		if (rg_rights_allow($a['refs_rights'], "P", $ip, $a['refname']) !== TRUE) {
962	1001	rg_log("\tPush is not allowed, let's see the anon one");	rg_log("\tPush is not allowed, let's see the anon one");
963		if (rg_rights_allow($a['rights'], "H") === FALSE) {
	1002		if (rg_rights_allow($a['refs_rights'], "H", $ip, $a['refname']) === FALSE) {
964	1003	$_x = array();	$_x = array();
965	1004	$msg = rg_template("msg/push_not_allowed.txt", $_x);	$msg = rg_template("msg/push_not_allowed.txt", $_x);
966	1005	rg_git_fatal($a['refname']. "\n" . $msg);	rg_git_fatal($a['refname']. "\n" . $msg);

File inc/init.inc.php changed (mode: 100644) (index e610a03..d7f2495)
3	3
4	4	require_once($INC . "/ver.php");	require_once($INC . "/ver.php");
5	5
6		$more = array();
	6		$rg = array();
7	7
8	8	// For escapeshellarg to work with UTF-8, we are forced to set a locale	// For escapeshellarg to work with UTF-8, we are forced to set a locale
9	9	setlocale(LC_CTYPE, "en_US.UTF-8");	setlocale(LC_CTYPE, "en_US.UTF-8");
...	...	if (empty($rg_ssh_host)) {
13	13	$rg_ssh_port = 22;	$rg_ssh_port = 22;
14	14	}	}
15	15
16		$more['rg_ssh_host'] = $rg_ssh_host;
17		$more['rg_ssh_port'] = $rg_ssh_port;
	16		$rg['rg_ssh_host'] = $rg_ssh_host;
	17		$rg['rg_ssh_port'] = $rg_ssh_port;
	18
	19		$rg['rg_version'] = $rocketgit_version;
	20
	21		if (!isset($rg_theme_dir))
	22		$rg_theme_dir = $rg_scripts . "/root/themes";
18	23
19		$more['rg_version'] = $rocketgit_version;
20	24	?>	?>

File inc/keys.inc.php changed (mode: 100644) (index 8636b86..111fb12)
...	...	function rg_keys_remove($db, $ui, $list)
168	168	foreach ($list as $key_id => $junk)	foreach ($list as $key_id => $junk)
169	169	$my_list[] = sprintf("%u", $key_id);	$my_list[] = sprintf("%u", $key_id);
170	170
171		$params = array($ui['uid']);
	171		$params = array("uid" => $ui['uid']);
172	172	$sql_list = implode(", ", $my_list);	$sql_list = implode(", ", $my_list);
173	173	$sql = "DELETE FROM keys"	$sql = "DELETE FROM keys"
174		. " WHERE uid = $1"
	174		. " WHERE uid = @@uid@@"
175	175	. " AND key_id IN (" . $sql_list . ")";	. " AND key_id IN (" . $sql_list . ")";
176	176	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
177	177	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_keys_count($db, $uid)
208	208
209	209	$ret = FALSE;	$ret = FALSE;
210	210	do {	do {
211		$params = array($uid);
	211		$params = array("uid" => $uid);
212	212	$sql = "SELECT COUNT(*) AS count FROM keys"	$sql = "SELECT COUNT(*) AS count FROM keys"
213		. " WHERE uid = $1";
	213		. " WHERE uid = @@uid@@";
214	214	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
215	215	if ($res === FALSE) {	if ($res === FALSE) {
216	216	rg_keys_set_error("cannot query (" . rg_sql_error() . ")");	rg_keys_set_error("cannot query (" . rg_sql_error() . ")");
...	...	function rg_keys_add($db, $ui, $key)
268	268	}	}
269	269	$do_rollback = 1;	$do_rollback = 1;
270	270
271		$params = array($itime, $ui['uid'], $key);
	271		$params = array("itime" => $itime,
	272		"uid" => $ui['uid'],
	273		"key" => $key);
272	274	$sql = "INSERT INTO keys (itime, uid, key)"	$sql = "INSERT INTO keys (itime, uid, key)"
273		. " VALUES ($1, $2, $3)"
	275		. " VALUES (@@itime@@, @@uid@@, @@key@@)"
274	276	. " RETURNING key_id";	. " RETURNING key_id";
275	277	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
276	278	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_keys_add($db, $ui, $key)
317	319	function rg_keys_update_use($db, $key_id, $ip)	function rg_keys_update_use($db, $key_id, $ip)
318	320	{	{
319	321	rg_prof_start("keys_update_use");	rg_prof_start("keys_update_use");
320		rg_log("keys_update_use: key_id=$key_id, $ip=$ip");
	322		rg_log("keys_update_use: key_id=$key_id, ip=$ip");
321	323
322	324	$ret = FALSE;	$ret = FALSE;
323	325	do {	do {
324	326	$now = time();	$now = time();
325	327
326		$params = array($now, $key_id);
327		$sql = "UPDATE keys SET first_use = $1"
	328		$params = array("now" => $now,
	329		"key_id" => $key_id,
	330		"ip" => $ip);
	331		$sql = "UPDATE keys SET first_use = @@now@@"
328	332	. " WHERE first_use = 0"	. " WHERE first_use = 0"
329		. " AND key_id = $2";
	333		. " AND key_id = @@key_id@@";
330	334	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
331	335	if ($res === FALSE) {	if ($res === FALSE) {
332	336	rg_keys_set_error("cannot update key's first use"	rg_keys_set_error("cannot update key's first use"
...	...	function rg_keys_update_use($db, $key_id, $ip)
334	338	break;	break;
335	339	}	}
336	340
337		$params = array($now, $ip, $key_id);
338		$sql = "UPDATE keys SET last_use = $1"
339		. ", last_ip = $2"
	341		$sql = "UPDATE keys SET last_use = @@now@@"
	342		. ", last_ip = @@ip@@"
340	343	. ", count = count + 1"	. ", count = count + 1"
341		. " WHERE key_id = $3";
	344		. " WHERE key_id = @@key_id@@";
342	345	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
343	346	if ($res === FALSE) {	if ($res === FALSE) {
344	347	rg_keys_set_error("cannot update key"	rg_keys_set_error("cannot update key"
...	...	function rg_keys_list($db, $ui)
443	446
444	447	$ret = FALSE;	$ret = FALSE;
445	448	do {	do {
446		$params = array($ui['uid']);
447		$sql = "SELECT * FROM keys WHERE uid = $1"
	449		$params = array("uid" => $ui['uid']);
	450		$sql = "SELECT * FROM keys WHERE uid = @@uid@@"
448	451	. " ORDER BY itime DESC";	. " ORDER BY itime DESC";
449	452	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
450	453	if ($res === FALSE) {	if ($res === FALSE) {

File inc/log.inc.php changed (mode: 100644) (index 5fab0c4..3beda30)
...	...	function rg_error_core($msg)
142	142	return;	return;
143	143
144	144	$r = file_put_contents($dir . "/err-" . $key,	$r = file_put_contents($dir . "/err-" . $key,
145		"Script: " . $me . "\n" . rg_log_buffer() . "\n\n" . $bt);
	145		"Script: " . $me . "\n" . rg_log_buffer() . "\n\n" . $bt,
	146		FILE_APPEND);
146	147	if ($r === FALSE)	if ($r === FALSE)
147	148	return;	return;
148	149	chmod($dir . "/err-" . $key, 0600);	chmod($dir . "/err-" . $key, 0600);

File inc/login/login.php changed (mode: 100644) (index da927b1..e608671)
1	1	<?php	<?php
2		rg_log("/inc/login/login");
	2		rg_log("FILE: /inc/login/login");
3	3
4		$login_more = $more;
	4		$login_more = $rg;
5	5
6	6	$user = rg_var_str("user");	$user = rg_var_str("user");
7	7	$pass = rg_var_str("pass");	$pass = rg_var_str("pass");
...	...	$_login = "";
11	11
12	12	$errmsg = array();	$errmsg = array();
13	13
14		if ($doit == 1) {
15		$r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, $login_ui);
	14		if ($rg['doit'] == 1) {
	15		$r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip,
	16		$rg['login_ui']);
16	17	if ($r === FALSE) {	if ($r === FALSE) {
17	18	$errmsg[] = rg_user_error();	$errmsg[] = rg_user_error();
18	19	} else {	} else {
19	20	// redirect to home page	// redirect to home page
20		$url = rg_re_userpage($login_ui);
	21		$url = rg_re_userpage($rg['login_ui']);
21	22	rg_redirect($url);	rg_redirect($url);
22	23	}	}
23	24	}	}

File inc/mr.inc.php changed (mode: 100644) (index c0afc90..6363762)
...	...	function rg_mr_create($db, $repo_id, $namespace, $old_rev, $new_rev, $refname,
69	69	. " ip=$ip");	. " ip=$ip");
70	70
71	71	$now = time();	$now = time();
72		$params = array($repo_id, $now, $namespace, $refname, $old_rev, $new_rev,
73		$ip);
	72		$params = array("repo_id" => $repo_id,
	73		"now" => $now,
	74		"namespace" => $namespace,
	75		"refname" => $refname,
	76		"old_rev" => $old_rev,
	77		"new_rev" => $new_rev,
	78		"ip" => $ip);
74	79	$sql = "INSERT INTO merge_requests (repo_id, itime, namespace"	$sql = "INSERT INTO merge_requests (repo_id, itime, namespace"
75	80	. ", refname, old_rev, new_rev, done, ip)"	. ", refname, old_rev, new_rev, done, ip)"
76		. " VALUES ($1, $2, $3, $4, $5, $6, 0, $7)";
	81		. " VALUES (@@repo_id@@, @@now@@, @@namespace@@, @@refname@@"
	82		. ", @@old_rev@@, @@new_rev@@, 0, @@ip@@)";
77	83	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
78	84	if ($res === FALSE) {	if ($res === FALSE) {
79	85	rg_mr_set_error("cannot insert merge request"	rg_mr_set_error("cannot insert merge request"
...	...	function rg_mr_load($db, $repo_id, $limit)
171	177	{	{
172	178	rg_log("rg_mr_load: repo_id=$repo_id limit=$limit");	rg_log("rg_mr_load: repo_id=$repo_id limit=$limit");
173	179
174		$params = array($repo_id, $limit);
	180		$params = array("repo_id" => $repo_id);
175	181	$sql = "SELECT * FROM merge_requests"	$sql = "SELECT * FROM merge_requests"
176		. " WHERE repo_id = $1"
	182		. " WHERE repo_id = @@repo_id@@"
177	183	. " AND done = 0"	. " AND done = 0"
178	184	. " ORDER BY itime"	. " ORDER BY itime"
179		. " LIMIT $2";
	185		. " LIMIT " . $limit;
180	186	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
181	187	if ($res === FALSE) {	if ($res === FALSE) {
182	188	rg_mr_set_error("Cannot load merge requests (" . rg_sql_error() . ")");	rg_mr_set_error("Cannot load merge requests (" . rg_sql_error() . ")");
...	...	function rg_mr_load_one($db, $repo_id, $namespace)
200	206	{	{
201	207	rg_log("rg_mr_load_one: repo_id=$repo_id namespace=$namespace");	rg_log("rg_mr_load_one: repo_id=$repo_id namespace=$namespace");
202	208
203		$params = array($repo_id, $namespace);
	209		$params = array("repo_id" => $repo_id, "namespace" => $namespace);
204	210	$sql = "SELECT * FROM merge_requests"	$sql = "SELECT * FROM merge_requests"
205		. " WHERE repo_id = $1"
206		. " AND namespace = $2";
	211		. " WHERE repo_id = @@repo_id@@"
	212		. " AND namespace = @@namespace@@";
207	213	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
208	214	if ($res === FALSE) {	if ($res === FALSE) {
209	215	rg_mr_set_error("cannot load a merge request"	rg_mr_set_error("cannot load a merge request"

File inc/plan.inc.php changed (mode: 100644) (index c48167c..989312b)
...	...	function rg_plan_edit($db, $d)
44	44	if (rg_plan_ok($d['name']) !== TRUE)	if (rg_plan_ok($d['name']) !== TRUE)
45	45	break;	break;
46	46
47		$params = array($d['name'], $d['description'], $d['disk_mb'],
48		$d['users'], $d['bw'], $d['speed'], $d['position'],
49		$d['max_public_repos'], $d['max_private_repos']);
50	47	if ($d['id'] == 0) { // add	if ($d['id'] == 0) { // add
51	48	$sql = "INSERT INTO plans (name, description, disk_mb"	$sql = "INSERT INTO plans (name, description, disk_mb"
52	49	. ", users, bw, speed, position"	. ", users, bw, speed, position"
53	50	. ", max_public_repos, max_private_repos)"	. ", max_public_repos, max_private_repos)"
54		. " VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)"
	51		. " VALUES (@@name@@, @@description@@"
	52		. ", @@disk_mb@@, @@users@@, @@bw@@"
	53		. ", @@speed@@, @@position@@"
	54		. ", @@max_public_repos@@, @@max_private_repos@@)"
55	55	. " RETURNING id";	. " RETURNING id";
56	56	} else { // edit	} else { // edit
57		$params[] = $d['id'];
58	57	$sql = "UPDATE plans"	$sql = "UPDATE plans"
59		. " SET name = $1"
60		. ", description = $2"
61		. ", disk_mb = $3"
62		. ", users = $4"
63		. ", bw = $5"
64		. ", speed = $6"
65		. ", position = $7"
66		. ", max_public_repos = $8"
67		. ", max_private_repos = $9"
68		. " WHERE id = $10"
	58		. " SET name = @@name@@"
	59		. ", description = @@description@@"
	60		. ", disk_mb = @@disk_mb@@"
	61		. ", users = @@users@@"
	62		. ", bw = @@bw@@"
	63		. ", speed = @@speed@@"
	64		. ", position = @@position@@"
	65		. ", max_public_repos = @@max_public_repos@@"
	66		. ", max_private_repos = @@max_private_repos@@"
	67		. " WHERE id = @@id@@"
69	68	. " RETURNING id";	. " RETURNING id";
70	69	}	}
71	70
72		$res = rg_sql_query_params($db, $sql, $params);
	71		$res = rg_sql_query_params($db, $sql, $d);
73	72	if ($res === FALSE) {	if ($res === FALSE) {
74	73	rg_plan_set_error("cannot insert/update plan"	rg_plan_set_error("cannot insert/update plan"
75	74	. " (" . rg_sql_error() . ")");	. " (" . rg_sql_error() . ")");
...	...	function rg_plan_select($db, $plan_id)
226	225	/*	/*
227	226	* High-level function for rg_plan_list	* High-level function for rg_plan_list
228	227	*/	*/
229		function rg_plan_list_high_level($db, $sid, $more)
	228		function rg_plan_list_high_level($db, $rg)
230	229	{	{
231	230	$ret = "";	$ret = "";
232	231
...	...	function rg_plan_list_high_level($db, $sid, $more)
238	237	if ($delete != 1)	if ($delete != 1)
239	238	break;	break;
240	239
241		$token = rg_var_str("token");
242		if (!rg_token_valid($db, $sid, $token)) {
	240		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
243	241	$del_errmsg[] = "Invalid token. Try again.";	$del_errmsg[] = "Invalid token. Try again.";
244	242	break;	break;
245	243	}	}
...	...	function rg_plan_list_high_level($db, $sid, $more)
247	245	$list = rg_var_str("delete_list");	$list = rg_var_str("delete_list");
248	246	$r = rg_plan_remove($db, $list);	$r = rg_plan_remove($db, $list);
249	247	if ($r !== TRUE) {	if ($r !== TRUE) {
250		$more['errmsg'] = rg_plan_error();
251		$del_errmsg[] = rg_template("admin/plans/delete_err.html", $more);
	248		$rg['errmsg'] = rg_plan_error();
	249		$del_errmsg[] = rg_template("admin/plans/delete_err.html", $rg);
252	250	break;	break;
253	251	}	}
254	252	} while (0);	} while (0);
255	253
256	254	$list = rg_plan_list($db);	$list = rg_plan_list($db);
257	255	if ($list === FALSE) {	if ($list === FALSE) {
258		$more['errmsg'] = rg_plan_error();
259		return rg_template("admin/plans/list_err.html", $more);
	256		$rg['errmsg'] = rg_plan_error(); // TODO: really? no array append?!
	257		return rg_template("admin/plans/list_err.html", $rg);
260	258	}	}
261	259
262		$more['rg_form_token'] = rg_token_get($db, $sid);
263		$more['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
264		$ret .= rg_template_table("admin/plans/list", $list, $more);
	260		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	261		$rg['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
	262		$ret .= rg_template_table("admin/plans/list", $list, $rg);
265	263	return $ret;	return $ret;
266	264	}	}
267	265
268	266	/*	/*
269	267	* High-level function for rg_plan_edit.	* High-level function for rg_plan_edit.
270	268	*/	*/
271		function rg_plan_edit_high_level($db, $sid, $more)
	269		function rg_plan_edit_high_level($db, $rg)
272	270	{	{
273		rg_log("plan_edit_high_level more:" . rg_array2string($more));
	271		rg_log("plan_edit_high_level rg:" . rg_array2string($rg));
274	272
275		$doit = rg_var_uint("doit");
276		$id = isset($more['id']) ? sprintf("%u", $more['id']) : 0;
	273		$id = rg_var_uint("pi.id");
277	274
278	275	$ret = "";	$ret = "";
279	276	$pi = array();	$pi = array();
280	277
281		if ($doit == 0) {
	278		if ($rg['doit'] == 0) {
282	279	if ($id > 0) {	if ($id > 0) {
283	280	$pi = rg_plan_info($db, $id);	$pi = rg_plan_info($db, $id);
284	281	if ($pi['exists'] != 1) {	if ($pi['exists'] != 1) {
...	...	function rg_plan_edit_high_level($db, $sid, $more)
303	300	$errmsg = array();	$errmsg = array();
304	301	$load_form = TRUE;	$load_form = TRUE;
305	302	do {	do {
306		if ($doit != 1)
	303		if ($rg['doit'] != 1)
307	304	break;	break;
308	305
309	306	$pi = array();	$pi = array();
310	307	$pi['id'] = $id;	$pi['id'] = $id;
311		$pi['name'] = rg_var_str("name");
312		$pi['description'] = rg_var_str("description");
313		$pi['disk_mb'] = rg_var_uint("disk_mb");
314		$pi['users'] = rg_var_uint("users");
315		$pi['bw'] = rg_var_uint("bw");
316		$pi['speed'] = rg_var_uint("speed");
317		$pi['position'] = rg_var_uint("position");
318		$pi['max_public_repos'] = rg_var_uint("max_public_repos");
319		$pi['max_private_repos'] = rg_var_uint("max_private_repos");
320		$token = rg_var_str("token");
321
322		if (!rg_token_valid($db, $sid, $token)) {
323		$errmsg[] = "Invalid token. Try again.";
	308		$pi['name'] = rg_var_str("pi.name");
	309		$pi['description'] = rg_var_str("pi.description");
	310		$pi['disk_mb'] = rg_var_uint("pi.disk_mb");
	311		$pi['users'] = rg_var_uint("pi.users");
	312		$pi['bw'] = rg_var_uint("pi.bw");
	313		$pi['speed'] = rg_var_uint("pi.speed");
	314		$pi['position'] = rg_var_uint("pi.position");
	315		$pi['max_public_repos'] = rg_var_uint("pi.max_public_repos");
	316		$pi['max_private_repos'] = rg_var_uint("pi.max_private_repos");
	317
	318		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	319		$errmsg[] = "invalid token; try again";
324	320	break;	break;
325	321	}	}
326	322
...	...	function rg_plan_edit_high_level($db, $sid, $more)
330	326	break;	break;
331	327	}	}
332	328
333		// TODO: move to template.
334		$ret .= rg_template("admin/plans/add_ok.html", $more);
	329		$ret .= rg_template("admin/plans/add_ok.html", $rg);
335	330	$load_form = FALSE;	$load_form = FALSE;
336	331	} while (0);	} while (0);
337	332
338	333	if ($load_form) {	if ($load_form) {
339		$more = array_merge($more, $pi);
340		$more['HTML:errmsg'] = rg_template_errmsg($errmsg);
341		$more['rg_form_token'] = rg_token_get($db, $sid);
342		$ret .= rg_template("admin/plans/add_edit.html", $more);
	334		$rg['pi'] = $pi;
	335		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	336		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	337		$ret .= rg_template("admin/plans/add_edit.html", $rg);
343	338	}	}
344	339
345	340	return $ret;	return $ret;

File inc/repo.inc.php changed (mode: 100644) (index 0b9f210..2af0cee)
...	...	$rg_repo_refs_rights = array(
24	24	"W" => "Bad whitespace"	"W" => "Bad whitespace"
25	25	);	);
26	26
27		// Admin = edit name/description/etc.
	27		$rg_repo_path_rights = array(
	28		"P" => "Push",
	29		"W" => "Bad whitespace"
	30		);
	31
28	32	$rg_repo_rights = array(	$rg_repo_rights = array(
29		"A" => "Access repo (read-only)", // this also define public/private
30		"E" => "Edit repo",
	33		"A" => "Access repo",
	34		"E" => "Edit repo", /* also create */
31	35	"D" => "Delete repo",	"D" => "Delete repo",
32	36	"G" => "Grant rights",	"G" => "Grant rights",
33	37	"a" => "Access bug tracker",	"a" => "Access bug tracker",
34		"X" => "Delete bug tracker",
35	38	"B" => "Add bugs",	"B" => "Add bugs",
	39		"r" => "Reopen bugs",
	40		"d" => "Delete bugs",
36	41	"C" => "Close bugs"	"C" => "Close bugs"
37	42	);	);
38	43
39		// What rights are on by default
40		// TODO: this should go into conf file?
	44		// TODO: default rights should go into conf file?
41	45	// TODO: better move all config to database (modulo db conn info)?	// TODO: better move all config to database (modulo db conn info)?
42		$rg_repo_refs_rights_default = "FMH";
43		$rg_repo_rights_default = "B";
44	46
45		rg_rights_register("repo_refs", $rg_repo_refs_rights);
46		rg_rights_register("repo", $rg_repo_rights);
	47		rg_rights_register("repo_refs", $rg_repo_refs_rights, "FMH");
	48		rg_rights_register("repo_path", $rg_repo_path_rights, "P");
	49		rg_rights_register("repo", $rg_repo_rights, "AB");
47	50
48	51
49	52	// Repo history categories	// Repo history categories
...	...	define('REPO_CAT_CREATE', 1);
51	54	define('REPO_CAT_CLONED', 2);	define('REPO_CAT_CLONED', 2);
52	55	define('REPO_CAT_PUSH', 3);	define('REPO_CAT_PUSH', 3);
53	56	define('REPO_CAT_RENAME', 4);	define('REPO_CAT_RENAME', 4);
	57		define('REPO_CAT_UPDATE', 5);
54	58	define('REPO_CAT_BUG_ADDED', 10);	define('REPO_CAT_BUG_ADDED', 10);
55	59	define('REPO_CAT_BUG_CLOSED', 11);	define('REPO_CAT_BUG_CLOSED', 11);
56	60
...	...	$rg_repo_functions = array(
78	82	3002 => "rg_repo_event_update",	3002 => "rg_repo_event_update",
79	83	3003 => "rg_repo_event_notify_user",	3003 => "rg_repo_event_notify_user",
80	84	3004 => "rg_repo_event_symlink_by_name",	3004 => "rg_repo_event_symlink_by_name",
81		3005 => "rg_repo_event_storage_create"
	85		3005 => "rg_repo_event_storage_create",
	86		3006 => "rg_repo_history_insert"
82	87	);	);
83	88	rg_event_register_functions($rg_repo_functions);	rg_event_register_functions($rg_repo_functions);
84	89
...	...	function rg_repo_event_del($db, $event)
135	140
136	141	/*	/*
137	142	* Make a symlink by name (by_name/name -> ../by_id/xx/xx/xx/xx/xxxxxxxx.git)	* Make a symlink by name (by_name/name -> ../by_id/xx/xx/xx/xx/xxxxxxxx.git)
	143		* TODO: why return may be an array?!
138	144	*/	*/
139	145	function rg_repo_event_symlink_by_name($db, $e)	function rg_repo_event_symlink_by_name($db, $e)
140	146	{	{
...	...	function rg_repo_event_symlink_by_name($db, $e)
145	151	$new_path = rg_repo_path_by_name($e['ui.uid'], $e['ri.name']);	$new_path = rg_repo_path_by_name($e['ui.uid'], $e['ri.name']);
146	152
147	153	$ret = FALSE;	$ret = FALSE;
148		rg_repo_set_error("internal error"); // TODO: we should do this everywhere?
149	154	do {	do {
150	155	// Check if we already did the rename	// Check if we already did the rename
151	156	if (file_exists($new_path)) {	if (file_exists($new_path)) {
152	157	if (!is_link($new_path)) {	if (!is_link($new_path)) {
153		rg_internal_error("$new_path is not a link!");
	158		rg_internal_error("$new_path is not a link");
154	159	break;	break;
155	160	}	}
156	161
157	162	$v = readlink($new_path);	$v = readlink($new_path);
158	163	if ($v === FALSE) {	if ($v === FALSE) {
159		rg_internal_error("Cannot read link $new_path!");
	164		rg_internal_error("cannot read link $new_path");
160	165	break;	break;
161	166	}	}
162	167	rg_log("new_path points to [$v]");	rg_log("new_path points to [$v]");
...	...	function rg_repo_event_symlink_by_name($db, $e)
170	175	// Seems that new_path points to other place	// Seems that new_path points to other place
171	176	$r = rename($new_path, $new_path . ".BOGUS." . time());	$r = rename($new_path, $new_path . ".BOGUS." . time());
172	177	if ($r !== TRUE) {	if ($r !== TRUE) {
173		rg_internal_error("Cannot rename bogus!");
	178		rg_internal_error("cannot rename bogus");
174	179	break;	break;
175	180	}	}
176	181	}	}
...	...	function rg_repo_event_symlink_by_name($db, $e)
188	193	// Now, the new name is free, do the link	// Now, the new name is free, do the link
189	194	$r = symlink($id_path_rel, $new_path);	$r = symlink($id_path_rel, $new_path);
190	195	if ($r !== TRUE) {	if ($r !== TRUE) {
191		rg_internal_error("Cannot symlink $id_path -> $new_path ($php_errormsg)!");
	196		rg_internal_error("cannot symlink $id_path -> $new_path ($php_errormsg)!");
192	197	break;	break;
193	198	}	}
194	199
...	...	function rg_repo_event_notify_user($db, $event)
295	300	/*	/*
296	301	* Inserts an event into repo_history table	* Inserts an event into repo_history table
297	302	*/	*/
298		function rg_repo_history_insert($db, $repo_id, $category, $message)
	303		function rg_repo_history_insert($db, $event)
299	304	{	{
300	305	rg_prof_start("repo_history_insert");	rg_prof_start("repo_history_insert");
301		rg_log("repo_history_insert: repo_id=$repo_id, category=$category"
302		. ", message=$message");
	306		rg_log("repo_history_insert: event=" . rg_array2string($event));
303	307
304	308	$ret = FALSE;	$ret = FALSE;
305	309	do {	do {
306	310	$now = time();	$now = time();
307		$params = array($now, $repo_id, $category, $message);
	311		$params = array("now" => $now,
	312		"repo_id" => $event['ri.repo_id'],
	313		"cat" => $event['history_category'],
	314		"mess" => $event['history_message']);
308	315	$sql = "INSERT INTO repo_history_" . gmdate("Y_m", $now)	$sql = "INSERT INTO repo_history_" . gmdate("Y_m", $now)
309	316	. " (itime, repo_id, category, message)"	. " (itime, repo_id, category, message)"
310		. " VALUES ($1, $2, $3, $4)";
	317		. " VALUES (@@now@@, @@repo_id@@, @@cat@@, @@mess@@)";
311	318	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
312	319	if ($res === FALSE)	if ($res === FALSE)
313	320	break;	break;
314	321
315	322	rg_sql_free_result($res);	rg_sql_free_result($res);
316		$ret = TRUE;
	323		$ret = array();
317	324	} while (0);	} while (0);
318	325
319	326	rg_prof_end("repo_history_insert");	rg_prof_end("repo_history_insert");
...	...	function rg_repo_info($db, $repo_id, $uid, $repo_name)
463	470	$ret['exists'] = 0;	$ret['exists'] = 0;
464	471	do {	do {
465	472	if ($repo_id > 0) {	if ($repo_id > 0) {
466		+$key = $repo_id;
	473		$key = $repo_id;
467	474	if (isset($rg_repo_info_cache[$key])) {	if (isset($rg_repo_info_cache[$key])) {
468	475	$ret = $rg_repo_info_cache[$key];	$ret = $rg_repo_info_cache[$key];
469	476	$ret['from_cache'] = 1;	$ret['from_cache'] = 1;
...	...	function rg_repo_info($db, $repo_id, $uid, $repo_name)
471	478	}	}
472	479	}	}
473	480
	481		$params = array("uid" => $uid,
	482		"repo_id" => $repo_id,
	483		"repo_name" => $repo_name);
	484
474	485	if ($repo_id > 0) {	if ($repo_id > 0) {
475		$params = array($repo_id);
476		$sql = "SELECT * FROM repos WHERE repo_id = $1";
	486		$sql = "SELECT * FROM repos WHERE repo_id = @@repo_id@@";
477	487	} else if (!empty($repo_name)) {	} else if (!empty($repo_name)) {
478		$params = array($uid, $repo_name);
479		$sql = "SELECT * FROM repos WHERE uid = $1 AND name = $2";
	488		$sql = "SELECT * FROM repos WHERE uid = @@uid@@"
	489		. " AND name = @@repo_name@@";
480	490	} else {	} else {
481	491	rg_repo_set_error("no repo_id or user/repo specified!");	rg_repo_set_error("no repo_id or user/repo specified!");
482	492	break;	break;
...	...	function rg_repo_info($db, $repo_id, $uid, $repo_name)
521	531
522	532	/*	/*
523	533	* Check if a user has access to a repository	* Check if a user has access to a repository
	534		* @ui - most of the time is the logged in user
524	535	*/	*/
525		function rg_repo_allow($db, $ri, $ui, $needed_rights)
	536		$rg_repo_allow_cache = array();
	537		function rg_repo_allow($db, $type, $ri, $ui, $needed_rights, $ip, $misc)
526	538	{	{
527		rg_prof_start("repo_allow");
	539		global $rg_repo_allow_cache;
528	540
529		rg_log("repo_allow: repo_id=" . $ri['repo_id']
530		. " uid=" . $ui['uid']
531		. ", needed_rights=$needed_rights...");
532
533		if ($ui['is_admin'] == 1) {
534		rg_log("\tUser is admin, allow!");
	541		if (empty($needed_rights))
535	542	return TRUE;	return TRUE;
536		}
537	543
538		if (empty($needed_rights)) {
539		rg_internal_error("You asked for no rights!");
540		return FALSE;
541		}
	544		if ($misc === FALSE)
	545		$kmisc = ""; // TODO: not clear if good enough - security wise
	546		else
	547		$kmisc = $misc;
542	548
543		// anonymous acess (git://...)
544		if ($ui['uid'] == 0) {
545		$db_rights = $ri['default_rights'];
546		} else {
547		$rr = rg_repo_rights_get($db, $ri, $ui['uid'], 0);
548		if ($rr['ok'] != 1) {
549		rg_repo_set_error("cannot get rights from db");
550		return FALSE;
551		}
552		$db_rights = $rr['rights'];
553		}
554		rg_log("\tdb rights: " . $db_rights);
	549		$key = $type ."|" . $ri['repo_id'] . "|" . $ui['uid']
	550		. "|" . $needed_rights . "|" . $ip . "|" . $kmisc;
555	551
556		if (rg_rights_allow($db_rights, $needed_rights) !== TRUE) {
557		rg_repo_set_error("no rights ($needed_rights) vs ($db_rights)");
558		return FALSE;
	552		if (isset($rg_repo_allow_cache[$key])) {
	553		rg_log("CHECK: repo_allow got data from cache");
	554		return $rg_repo_allow_cache[$key];
559	555	}	}
560	556
561		rg_log("\tAllow access!");
562
563		rg_prof_end("repo_allow");
564
565		return TRUE;
566		}
567
568		/*
569		* Add a repository
570		* @master - makes sense only for clones: who is the master repo.
571		* TODO: put all fields into an array!
572		* TODO: unify this function with rg_repo_update.
573		*/
574		function rg_repo_create($db, $master, $ui, $name, $max_commit_size,
575		$description, $rights)
576		{
577		rg_prof_start("repo_create");
578
579		// TODO: reorder parameters - are not logical
580		rg_log("repo_create: uid=" . $ui['uid']
581		. ", name=[$name], master=$master"
582		. ", max_commit_size=$max_commit_size"
583		. ", description=[$description]"
584		. ", rights=$rights");
585
586		// TODO: test if user is allowed to add a repository
	557		rg_prof_start("repo_allow");
	558		rg_log("repo_allow: type=$type repo_id=" . $ri['repo_id']
	559		. " repo_owner=" . $ri['uid']
	560		. " uid=" . $ui['uid']
	561		. " needed_rights=$needed_rights ip=$ip misc=$misc");
587	562
588	563	$ret = FALSE;	$ret = FALSE;
589		do {
590		if (rg_repo_ok($name) === FALSE)
	564		while (1) {
	565		if ($ui['is_admin'] == 1) {
	566		rg_log("\tUser is admin, allow.");
	567		$ret = TRUE;
591	568	break;	break;
	569		}
592	570
593		// First, test if it already exists
594		$ri = rg_repo_info($db, 0, $ui['uid'], $name);
595		if ($ri['ok'] != 1)
596		break;
597		if ($ri['exists'] == 1) {
598		rg_repo_set_error("Repository already exists.");
	571		if ($ri['uid'] == $ui['uid']) {
	572		rg_log("\tUser is the owner, allow.");
	573		$ret = TRUE;
599	574	break;	break;
600	575	}	}
601	576
602		$description = trim($description);
603		$itime = time();
604
605		$params = array($ui['uid'], $master, $name, $itime,
606		$max_commit_size, $description, $rights);
607		$sql = "INSERT INTO repos (uid, master, name"
608		. ", itime, max_commit_size, description, git_dir_done"
609		. ", default_rights)"
610		. " VALUES ($1, $2, $3, $4, $5, $6, 0, $7)"
611		. " RETURNING repo_id";
612		$res = rg_sql_query_params($db, $sql, $params);
613		if ($res === FALSE) {
614		rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
615		break;
	577		if ($ui['uid'] > 0) {
	578		$rr = rg_repo_rights_get($db, $type, $ri, $ui['uid']);
	579		if ($rr['ok'] != 1) {
	580		rg_repo_set_error("cannot get rights from db");
	581		break;
	582		}
	583		$db_rights = $rr['list'];
	584		} else {
	585		// anonymous acess (git://...)
	586		$db_rights = array();
616	587	}	}
617		$row = rg_sql_fetch_array($res);
618		rg_sql_free_result($res);
619	588
620		$event = array("category" => 3000, "prio" => 50,
621		"notification" => "repo_create-" . $ui['uid'] . "-" . $row['repo_id'],
622		"ui.uid" => $ui['uid'],
623		"ui.email" => $ui['email'],
624		"ri.name" => $name,
625		"ri.master" => $master,
626		"ri.description" => $description,
627		"ri.rights_text" => rg_implode("\t", rg_rights_text("repo", $rights), "\n"),
628		"ri.repo_id" => $row['repo_id'],
629		"ri.url" => rg_base_url() . rg_re_repopage($ui, $name),
630		"IP" => rg_var_str("REMOTE_ADDR"));
631		$r = rg_event_add($db, $event);
632		if ($r !== TRUE) {
633		rg_repo_set_error("cannot add event"
634		. " (" . rg_event_error() . ")");
	589		rg_log("\tdb_rights: " . rg_array2string($db_rights));
	590
	591		if (rg_rights_allow($db_rights, $type, $needed_rights, $ip, $misc) === TRUE) {
	592		$ret = TRUE;
635	593	break;	break;
636	594	}	}
637	595
638		// TODO: This will go with events
639		rg_repo_history_insert($db, $row['repo_id'], REPO_CAT_CREATE,
640		"Repo " . $name . " created.");
641
642		$ret = $row['repo_id'];
643		} while (0);
	596		break;
	597		}
	598		$rg_repo_allow_cache[$key] = $ret;
644	599
645		rg_prof_end("repo_create");
	600		rg_prof_end("repo_allow");
646	601	return $ret;	return $ret;
647	602	}	}
648	603
...	...	function rg_repo_delete($db, $repo_id, $ui)
668	623	}	}
669	624
670	625	// Only mark it as such, deletion will happen in background	// Only mark it as such, deletion will happen in background
671		$params = array($repo_id);
672		$sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $1";
	626		$params = array("repo_id" => $repo_id);
	627		$sql = "UPDATE repos SET deleted = 1 WHERE repo_id = @@repo_id@@";
673	628	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
674	629	if ($res === FALSE) {	if ($res === FALSE) {
675	630	rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")");	rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")");
...	...	function rg_repo_lookup_by_old_name($db, $uid, $old_name)
706	661
707	662	$ret = FALSE;	$ret = FALSE;
708	663	do {	do {
709		$params = array($uid, $old_name);
	664		$params = array("uid" => $uid, "old_name" => $old_name);
710	665	$sql = "SELECT repo_id FROM repos_renames"	$sql = "SELECT repo_id FROM repos_renames"
711		. " WHERE uid = $1"
712		. " AND old_name = $2";
	666		. " WHERE uid = @@uid@@"
	667		. " AND old_name = @@old_name@@";
713	668	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
714	669	if ($res === FALSE) {	if ($res === FALSE) {
715	670	rg_repo_set_error("cannot lookup old name ("	rg_repo_set_error("cannot lookup old name ("
...	...	function rg_repo_insert_rename($db, $uid, $repo_id, $old_name)
744	699	$r = rg_repo_lookup_by_old_name($db, $uid, $old_name);	$r = rg_repo_lookup_by_old_name($db, $uid, $old_name);
745	700	if ($r === FALSE)	if ($r === FALSE)
746	701	break;	break;
	702
	703		$params = array("repo_id" => $repo_id,
	704		"uid" => $uid,
	705		"old_name" => $old_name,
	706		"now" => time());
	707
747	708	if ($r > 0) {	if ($r > 0) {
748		$params = array($repo_id, $uid, $old_name);
749	709	$sql = "UPDATE repos_renames"	$sql = "UPDATE repos_renames"
750		. " SET repo_id = $1"
751		. " WHERE uid = $2"
752		. " AND old_name = $3";
	710		. " SET repo_id = @@repo_id@@"
	711		. " WHERE uid = @@uid@@"
	712		. " AND old_name = @@old_name@@";
753	713	} else {	} else {
754		$now = time();
755		$params = array($uid, $old_name, $repo_id, $now);
756	714	$sql = "INSERT INTO repos_renames (uid, old_name"	$sql = "INSERT INTO repos_renames (uid, old_name"
757	715	. ", repo_id, itime)"	. ", repo_id, itime)"
758		. " VALUES ($1, $2, $3, $4)";
	716		. " VALUES (@@uid@@, @@old_name@@, @@repo_id@@"
	717		. ", @@now@@)";
759	718	}	}
760	719	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
761	720	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_repo_insert_rename($db, $uid, $repo_id, $old_name)
772	731	}	}
773	732
774	733	/*	/*
775		* Updates a repository
	734		* Creates/updates a repository
776	735	* @login_ui - info of the user doing the update.	* @login_ui - info of the user doing the update.
777		* Warning, it may not be the owner.
	736		* TODO: Warning, it may not be the owner.
778	737	* TODO: check rights - also for create?	* TODO: check rights - also for create?
	738		* TODO: where do we validate if the user has enough public/private slots?
779	739	*/	*/
780		function rg_repo_update($db, $login_ui, &$new)
	740		function rg_repo_edit($db, $login_ui, $new)
781	741	{	{
782		rg_prof_start("repo_update");
783		rg_log("repo_update: login_uid=" . $login_ui['uid']
	742		rg_prof_start("repo_edit");
	743		rg_log("repo_edit: login_uid=" . $login_ui['uid']
784	744	. " new=" . rg_array2string($new));	. " new=" . rg_array2string($new));
785	745
	746		// TODO: test if user is allowed to add a repository
	747		// TODO: test if user did not cross the limit for number of repos
	748
786	749	$ret = FALSE;	$ret = FALSE;
787		rg_repo_set_error(""); // TODO: should we do this anywhere?
788	750	do {	do {
789	751	if (rg_repo_ok($new['name']) !== TRUE)	if (rg_repo_ok($new['name']) !== TRUE)
790	752	break;	break;
791	753
792		// TODO: Something is strange here, why we need to lookup the repo?!
793		// First, test if it already exists
794		$ri = rg_repo_info($db, $new['repo_id'], $login_ui['uid'], $new['name']);
795		if ($ri['ok'] != 1)
796		break;
797		if (($ri['exists'] == 1) && ($ri['repo_id'] != $new['repo_id'])) {
798		rg_repo_set_error("Name already taken.");
799		break;
800		}
801
802		// Second, test if repo_id is valid
803		$ri = rg_repo_info($db, $new['repo_id'], $login_ui['uid'], "");
804		if ($ri['ok'] != 1)
805		break;
806		if ($ri['exists'] == 0) {
807		rg_repo_set_error("Repo " . $new['repo_id'] . " does not exists.");
808		break;
	754		if ($new['repo_id'] == 0) {
	755		// Check if name is already taken
	756		$ri = rg_repo_info($db, 0, $login_ui['uid'], $new['name']);
	757		if ($ri['ok'] != 1)
	758		break;
	759		if ($ri['exists'] == 1) {
	760		rg_repo_set_error("name already taken; choose a different one");
	761		break;
	762		}
	763		} else {
	764		// Test if repo_id is valid
	765		$ri = rg_repo_info($db, $new['repo_id'],
	766		$login_ui['uid'], "");
	767		if ($ri['ok'] != 1)
	768		break;
	769		if ($ri['exists'] != 1) {
	770		rg_repo_set_error("repo " . $new['repo_id'] . " does not exists.");
	771		break;
	772		}
809	773	}	}
810	774
811		// Check if the user renamed the repo
812	775	$renamed = 0;	$renamed = 0;
813		if (strcmp($new['name'], $ri['name']) != 0) {
814		$renamed = 1;
815		$r = rg_repo_insert_rename($db, $login_ui['uid'],
816		$new['repo_id'], $ri['name']);
817		if ($r !== TRUE)
818		break;
	776		if ($new['repo_id'] > 0) {
	777		// Check if the user renamed the repo
	778		if (strcmp($new['name'], $ri['name']) != 0) {
	779		$renamed = 1;
	780		$r = rg_repo_insert_rename($db, $login_ui['uid'],
	781		$new['repo_id'], $ri['name']);
	782		if ($r !== TRUE)
	783		break;
	784		}
819	785	}	}
820	786
821		$params = array($new['name'], $new['max_commit_size'],
822		trim($new['description']), $new['default_rights'],
823		$new['repo_id']);
824		$sql = "UPDATE repos SET name = $1"
825		. ", max_commit_size = $2"
826		. ", description = $3"
827		. ", default_rights = $4"
828		. " WHERE repo_id = $5";
829		$res = rg_sql_query_params($db, $sql, $params);
	787		//TODO: master may be not accessible to this user. check.
	788
	789		// Small fixes
	790		$new['description'] = trim($new['description']);
	791		$new['itime'] = time();
	792		$new['uid'] = $login_ui['uid'];
	793
	794		if ($new['repo_id'] == 0) {
	795		$sql = "INSERT INTO repos (uid, master, name"
	796		. ", itime, max_commit_size, description"
	797		. ", git_dir_done, public)"
	798		. " VALUES (@@uid@@, @@master@@, @@name@@"
	799		. ", @@itime@@, @@max_commit_size@@"
	800		. ", @@description@@, 0, @@public@@)"
	801		. " RETURNING repo_id";
	802		} else {
	803		$sql = "UPDATE repos SET name = @@name@@"
	804		. ", max_commit_size = @@max_commit_size@@"
	805		. ", description = @@description@@"
	806		. ", public = @@public@@"
	807		. " WHERE repo_id = @@repo_id@@";
	808		}
	809		$res = rg_sql_query_params($db, $sql, $new);
830	810	if ($res === FALSE) {	if ($res === FALSE) {
831		rg_repo_set_error("Cannot update (" . rg_sql_error() . ")");
	811		rg_repo_set_error("cannot update: " . rg_sql_error());
832	812	break;	break;
833	813	}	}
	814		if ($new['repo_id'] == 0) {
	815		$row = rg_sql_fetch_array($res);
	816		if ($row === FALSE) {
	817		rg_repo_set_error("cannot fetch row: " . rg_sql_error());
	818		break;
	819		}
	820		}
834	821	rg_sql_free_result($res);	rg_sql_free_result($res);
835	822
836		$event = array("category" => 3002, "prio" => 50,
	823		if ($new['repo_id'] == 0) {
	824		$cat = 3000;
	825		$hcat = REPO_CAT_UPDATE;
	826		$hmess = "Repository was updated";
	827		$notification = "repo_create-" . $login_ui['uid']
	828		. "-" . $row['repo_id'];
	829		$old_description = "";
	830		$new['repo_id'] = $row['repo_id'];
	831		} else {
	832		$cat = 3002;
	833		$hcat = REPO_CAT_CREATE;
	834		$hmess = "Repository was created";
	835		$notification = "";
	836		$old_description = $ri['description'];
	837		}
	838
	839		$event = array("category" => $cat, "prio" => 50,
	840		"notification" => $notification,
837	841	"ui.uid" => $login_ui['uid'],	"ui.uid" => $login_ui['uid'],
838	842	"ui.email" => $login_ui['email'],	"ui.email" => $login_ui['email'],
839	843	"ri.url" => rg_base_url() . rg_re_repopage($login_ui, $new['name']),	"ri.url" => rg_base_url() . rg_re_repopage($login_ui, $new['name']),
	844		"history_category" => $hcat,
	845		"history_message" => $hmess,
840	846	"IP" => rg_var_str("REMOTE_ADDR"));	"IP" => rg_var_str("REMOTE_ADDR"));
841	847	$event = rg_array_merge($event, "ri.old", $ri);	$event = rg_array_merge($event, "ri.old", $ri);
842	848	$event = rg_array_merge($event, "ri", $new);	$event = rg_array_merge($event, "ri", $new);
843		$event['ri.old.description_md5'] = md5($ri['description']);
	849		$event['ri.old.description_md5'] = md5($old_description);
844	850	$event['ri.description_md5'] = md5($new['description']);	$event['ri.description_md5'] = md5($new['description']);
845		$event['ri.rights_text'] = rg_implode("\t", rg_rights_text("repo", $new['default_rights']), "\n");
846	851	$r = rg_event_add($db, $event);	$r = rg_event_add($db, $event);
847	852	if ($r !== TRUE) {	if ($r !== TRUE) {
848	853	rg_repo_set_error("cannot add event"	rg_repo_set_error("cannot add event"
...	...	function rg_repo_update($db, $login_ui, &$new)
853	858	$ret = array("renamed" => $renamed);	$ret = array("renamed" => $renamed);
854	859	} while (0);	} while (0);
855	860
856		rg_prof_end("repo_update");
	861		rg_prof_end("repo_edit");
857	862	return $ret;	return $ret;
858	863	}	}
859	864
...	...	function rg_repo_list_query($db, $url, $sql, $params)
898	903	}	}
899	904	$_line['clone_of'] = $master_repo;	$_line['clone_of'] = $master_repo;
900	905	$_line['creation'] = gmdate("Y-m-d", $row['itime']);	$_line['creation'] = gmdate("Y-m-d", $row['itime']);
901
902		// rights
903		$_line['rights'] = implode(", ", rg_rights_text("repo", $row['default_rights']));
904
905	906	$_line['disk_used'] = rg_1024($row['disk_used_mb'] * 1024 * 1024);	$_line['disk_used'] = rg_1024($row['disk_used_mb'] * 1024 * 1024);
906	907
907	908	$d[] = $_line;	$d[] = $_line;
...	...	function rg_repo_list_query($db, $url, $sql, $params)
913	914	}	}
914	915
915	916	/*	/*
916		* List repos of user 'ui'.
	917		* List repos of page user 'ui'.
917	918	*/	*/
918		function rg_repo_list($db, $url, $ui)
	919		function rg_repo_list($db, $rg, $url, $ui)
919	920	{	{
920		rg_log("repo_list: url=$url, uid=" . $ui['uid']);
	921		rg_log("repo_list: url=$url uid=" . $ui['uid']
	922		. " login_uid=" . $rg['login_ui']['uid']);
921	923
922		$params = array();
923		$index = 1;
	924		$params = array("uid" => $ui['uid']);
924	925
925	926	$add = "";	$add = "";
926		if ($ui['uid'] > 0) {
927		$add = " AND uid = \$" . $index;
928		$params[] = $ui['uid'];
929		$index++;
930		}
	927		if ($ui['uid'] > 0)
	928		$add = " AND uid = @@uid@@";
	929
	930		// TODO: also admin must be able to see them?
	931		if (($rg['login_ui']['uid'] == 0)
	932		|| ($rg['login_ui']['uid'] != $ui['uid']))
	933		$add .= " AND public = 1";
931	934
932	935	$sql = "SELECT * FROM repos"	$sql = "SELECT * FROM repos"
933	936	. " WHERE deleted = 0"	. " WHERE deleted = 0"
...	...	function rg_repo_search($db, $login_ui, $q)
950	953	if (isset($login_ui['admin']) && ($login_ui['admin'] == 1))	if (isset($login_ui['admin']) && ($login_ui['admin'] == 1))
951	954	$admin = 1;	$admin = 1;
952	955
953		$params = array("%" . $q . "%", $login_ui['uid']);
	956		$params = array("q" => "%" . $q . "%",
	957		"uid" => $login_ui['uid']);
	958
954	959	$sql = "SELECT * FROM repos"	$sql = "SELECT * FROM repos"
955	960	. " WHERE deleted = 0"	. " WHERE deleted = 0"
956		. " AND (name ILIKE $1 OR description ILIKE $1)"
957		. " AND (uid = $2 OR default_rights LIKE '%F%' OR " . $admin . " = 1)"
	961		. " AND (uid = @@uid@@ OR public = 1 OR " . $admin . " = 1)"
	962		. " AND (name ILIKE @@q@@ OR description ILIKE @@q@@)"
958	963	. " ORDER BY master, name"	. " ORDER BY master, name"
959		. " LIMIT 10";
960
	964		. " LIMIT 20";
961	965	$r = rg_repo_list_query($db, "", $sql, $params);	$r = rg_repo_list_query($db, "", $sql, $params);
962	966
963	967	rg_prof_end("repo_search");	rg_prof_end("repo_search");
...	...	function rg_repo_git_done($db, $repo_id)
1034	1038
1035	1039	$ret = FALSE;	$ret = FALSE;
1036	1040	do {	do {
1037		$params = array($repo_id);
	1041		$params = array("repo_id" => $repo_id);
1038	1042	$sql = "UPDATE repos SET git_dir_done = 1"	$sql = "UPDATE repos SET git_dir_done = 1"
1039		. " WHERE repo_id = $1";
	1043		. " WHERE repo_id = @@repo_id@@";
1040	1044	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1041	1045	if ($res === FALSE) {	if ($res === FALSE) {
1042	1046	rg_repo_set_error("Cannot query (" . rg_sql_error() . ")");	rg_repo_set_error("Cannot query (" . rg_sql_error() . ")");
...	...	function rg_repo_git_done($db, $repo_id)
1054	1058	/*	/*
1055	1059	* Get rights for a user	* Get rights for a user
1056	1060	*/	*/
1057		function rg_repo_rights_get($db, $ri, $uid, $flags)
	1061		function rg_repo_rights_get($db, $type, $ri, $uid)
1058	1062	{	{
1059	1063	rg_prof_start("repo_rights_get");	rg_prof_start("repo_rights_get");
1060
1061		rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid"
1062		. " flags=$flags...");
	1064		rg_log("rg_repo_rights_get: type=$type repo_id=" . $ri['repo_id']
	1065		. ", uid=$uid");
1063	1066
1064	1067	$ret = array();	$ret = array();
1065	1068	$ret['ok'] = 0;	$ret['ok'] = 0;
...	...	function rg_repo_rights_get($db, $ri, $uid, $flags)
1067	1070
1068	1071	$repo_id = $ri['repo_id'];	$repo_id = $ri['repo_id'];
1069	1072
1070		// Give all rights to owner
1071		if ($ri['uid'] == $uid) {
1072		rg_log("\tuid $uid is the owner.");
1073		$rights = rg_rights_all("repo");
1074		if (($flags & RG_RIGHTS_FILL_EXISTS) == 0) {
1075		rg_log("\tNo need to fill 'exists' field. Return.");
1076		$ret['rights'] = $rights;
	1073		while (1) {
	1074		// Give all rights to owner
	1075		if ($ri['uid'] == $uid) {
	1076		rg_log("\tuid $uid is the owner.");
	1077		$a = array();
	1078		$a['rights'] = rg_rights_all($type);
	1079		$a['rights_text'] = implode(", ",
	1080		rg_rights_text($type, $a['rights']));
	1081		$a['ip'] = "0.0.0.0/0 ::/0";
	1082		$ret['list'][] = $a;
1077	1083	$ret['ok'] = 1;	$ret['ok'] = 1;
1078		return $ret;
	1084		break;
1079	1085	}	}
1080		} else {
1081		rg_log("\tuid $uid is NOT the owner (" . $ri['uid'] . ");"
1082		. " assign default rights.");
1083		$rights = $ri['default_rights'];
1084		}
1085
1086		$r = rg_rights_get($db, "repo", $repo_id, $uid);
1087		if ($r['ok'] !== 1) {
1088		rg_repo_set_error("cannot get rights (" . rg_rights_error() . ")!");
1089		return FALSE;
1090		}
1091	1086
1092		$ret['rights'] = rg_rights_combine($rights, $r['rights']);
1093		rg_log("\tFinal rights($rights + "
1094		. $r['rights'] . ")=" . $ret['rights']);
1095		$ret['ok'] = 1;
	1087		$r = rg_rights_get($db, $type, $repo_id, $uid, 0);
	1088		if ($r['ok'] !== 1) {
	1089		rg_repo_set_error("cannot get rights (" . rg_rights_error() . ")!");
	1090		break;
	1091		}
1096	1092
1097		// add misc stuff
1098		$ret = array_merge($ret, $r['misc']);
	1093		rg_log_ml("rights: " . print_r($r, TRUE));
	1094		$ret['list'] = $r['list'];
	1095		$ret['ok'] = 1;
	1096		break;
	1097		}
1099	1098
1100	1099	rg_prof_end("repo_rights_get");	rg_prof_end("repo_rights_get");
1101
1102	1100	return $ret;	return $ret;
1103	1101	}	}
1104	1102
1105	1103	/*	/*
1106		* Add rights for a repo
	1104		* Add in queue a statistic file
1107	1105	*/	*/
1108		function rg_repo_rights_set($db, $ri, $uid, $rights, $misc)
	1106		function rg_repo_stats_push2file($a)
1109	1107	{	{
1110		if (!isset($ri['repo_id'])) {
1111		rg_internal_error("repo_id is not defined!");
	1108		global $rg_state_dir;
	1109
	1110		$q = $rg_state_dir . "/qstats";
	1111		if (!is_dir($q)) {
	1112		$r = @mkdir($q, 0700);
	1113		if ($r !== TRUE) {
	1114		rg_internal_error("Cannot create dir [$q] ($php_errormsg)!");
	1115		return FALSE;
	1116		}
	1117		}
	1118
	1119		$buf = serialize($a);
	1120		$file = sha1($buf);
	1121		$r = file_put_contents($q . "/" . $file, $buf);
	1122		if ($r === FALSE) {
	1123		rg_internal_error("Cannot store file in qstats ($php_errormsg)!");
1112	1124	return FALSE;	return FALSE;
1113	1125	}	}
1114	1126
1115		rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
1116		. " uid=$uid rights=$rights misc=" . rg_array2string($misc));
	1127		return $file;
	1128		}
1117	1129
1118		$r = rg_rights_set($db, "repo", $ri['repo_id'], $uid, $rights, $misc);
1119		if ($r !== TRUE) {
1120		rg_repo_set_error("cannot alter rights (" . rg_rights_error() . ")!");
1121		return FALSE;
	1130		/*
	1131		* Add some useful fileds to rights
	1132		*/
	1133		function rg_repo_rights_cosmetic($db, &$a)
	1134		{
	1135		if (isset($a['target_user'])) {
	1136		if (strcmp($a['target_user'], "*") == 0) {
	1137		$a['uid'] = 0;
	1138		} else {
	1139		$ui = rg_user_info($db, 0, $a['target_user'], "");
	1140		if ($ui['exists'] != 1)
	1141		$a['uid'] = "?";
	1142		else
	1143		$a['uid'] = $ui['uid'];
	1144		}
	1145		} else {
	1146		if ($a['target_uid'] == 0) {
	1147		$a['target_user'] = "*";
	1148		} else {
	1149		$ui = rg_user_info($db, $a['target_uid'], "", "");
	1150		if ($ui['exists'] != 1)
	1151		$a['target_user'] = "?" . $a['target_uid'] . "?";
	1152		else
	1153		$a['target_user'] = $ui['username'];
	1154		}
	1155		}
	1156
	1157		if (isset($a['who'])) {
	1158		$ui = rg_user_info($db, $a['who'], "", "");
	1159		if ($ui['exists'] != 1)
	1160		$a['who_name'] = "?" . $a['who'] . "?";
	1161		else
	1162		$a['who_name'] = $ui['username'];
1122	1163	}	}
1123	1164
	1165		if (empty($a['ip']))
	1166		$a['ip'] = "Any";
	1167
1124	1168	return TRUE;	return TRUE;
1125	1169	}	}
1126	1170
1127	1171	/*	/*
1128		* List rights for a repo
	1172		* Add some useful fileds to rights
1129	1173	*/	*/
1130		function rg_repo_rights_load($db, $ri)
	1174		function rg_repo_rights_cosmetic_list($db, &$a)
1131	1175	{	{
1132		rg_log("rg_repo_rights_load: repo_id=" . $ri['repo_id']);
	1176		foreach ($a as $k => &$v)
	1177		rg_repo_rights_cosmetic($db, $v);
	1178		}
1133	1179
1134		$r = rg_rights_load($db, "repo", $ri['repo_id']);
1135		if ($r === FALSE) {
1136		rg_repo_set_error("Cannot list rights (" . rg_rights_error() . ")");
1137		return FALSE;
	1180		/*
	1181		* High level function to delete rights ids
	1182		*/
	1183		function rg_repo_admin_delete_rights($db, $rg, $obj_id, &$errmsg)
	1184		{
	1185		$errmsg = array();
	1186
	1187		$list = rg_var_str("rights_delete_ids");
	1188
	1189		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1190		$errmsg[] = "invalid token; try again";
	1191		return;
1138	1192	}	}
1139	1193
1140		return $r;
	1194		$r = rg_repo_rights_delete_list($db, $obj_id, $list);
	1195		if ($r === FALSE) {
	1196		$errmsg[] = rg_rights_error();
	1197		return;
	1198		}
1141	1199	}	}
1142	1200
1143	1201	/*	/*
1144		* Add in queue a statistic file
	1202		* High level function for Repo -> Admin -> Rights -> Repo/Refs rights menu.
1145	1203	*/	*/
1146		function rg_repo_stats_push2file($a)
	1204		function rg_repo_admin_rights($db, $rg, $type)
1147	1205	{	{
1148		global $rg_state_dir;
	1206		rg_log("rg_repo_admin_repo_rights type=$type");
	1207
	1208		/* 'repo' is correct here, we test for granting rights on repo */
	1209		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "G", $rg['ip'], "") !== TRUE)
	1210		return rg_template("user/repo/rights/deny.html", $rg);
	1211
	1212		$ret = "";
	1213
	1214		$a = array();
	1215		$a['right_id'] = rg_var_uint("right_id");
	1216		$a['edit_id'] = rg_var_uint("edit_id");
	1217		$a['target_user'] = rg_var_str("target_user");
	1218		$a['rights'] = rg_rights_a2s(rg_var_str("rights"));
	1219		$a['misc'] = rg_var_str("misc");
	1220		$a['ip'] = rg_var_str("ip");
	1221		$a['prio'] = rg_var_uint("prio");
	1222		rg_log_ml("CHECK: a(POST)=" . print_r($a, TRUE));
	1223
	1224		$errmsg = array();
	1225		$list_errmsg = array();
	1226
	1227		$load_defaults = 1;
	1228
	1229		$delete = rg_var_bool("delete");
	1230		while ($delete == 1) {
	1231		$list = rg_var_uint("rights_delete_ids");
	1232		if (empty($list)) {
	1233		$list_errmsg[] = "please select at least one item";
	1234		break;
	1235		}
1149	1236
1150		$q = $rg_state_dir . "/qstats";
1151		if (!is_dir($q)) {
1152		$r = @mkdir($q, 0700);
	1237		$my_list = array();
	1238		foreach ($list as $k => $junk)
	1239		$my_list[] = $k;
	1240
	1241		$r = rg_rights_delete_list($db, $rg['ri']['repo_id'], $my_list);
1153	1242	if ($r !== TRUE) {	if ($r !== TRUE) {
1154		rg_internal_error("Cannot create dir [$q] ($php_errormsg)!");
1155		return FALSE;
	1243		$list_errmsg[] = "cannot delete rights: " . rg_rights_error();
	1244		break;
1156	1245	}	}
	1246
	1247		$ret .= rg_template("user/repo/rights/delete_ok.html", $rg);
	1248		break;
1157	1249	}	}
1158	1250
1159		$buf = serialize($a);
1160		$file = sha1($buf);
1161		$r = file_put_contents($q . "/" . $file, $buf);
1162		if ($r === FALSE) {
1163		rg_internal_error("Cannot store file in qstats ($php_errormsg)!");
1164		return FALSE;
	1251		// edit
	1252		while ($a['edit_id'] > 0) {
	1253		// TODO: check rights
	1254
	1255		$r = rg_rights_get($db, $type, $rg['ri']['repo_id'],
	1256		$rg['login_ui']['uid'], $a['edit_id']);
	1257		if ($r['ok'] != 1) {
	1258		$list_errmsg[] = "cannot load rights: " . rg_rights_error();
	1259		break;
	1260		}
	1261
	1262		if (empty($r['list'])) {
	1263		$list_errmsg[] = "right not found";
	1264		break;
	1265		}
	1266
	1267		$a = $r['list'][0];
	1268
	1269		// fill 'target_user' field
	1270		rg_repo_rights_cosmetic($db, $a);
	1271
	1272		$load_defaults = 0;
	1273		break;
1165	1274	}	}
1166	1275
1167		return $file;
	1276		$grant = rg_var_bool("grant");
	1277		while ($grant == 1) {
	1278		$load_defaults = 0;
	1279
	1280		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1281		$errmsg[] = "invalid token; try again";
	1282		break;
	1283		}
	1284
	1285		$r = rg_rights_validate_ip($a['ip']);
	1286		if ($r !== TRUE) {
	1287		$errmsg[] = rg_rights_error();
	1288		break;
	1289		}
	1290
	1291		// lookup user
	1292		rg_repo_rights_cosmetic($db, $a);
	1293
	1294		$a['obj_id'] = $rg['ri']['repo_id'];
	1295		$a['who'] = $rg['login_ui']['uid'];
	1296		$r = rg_rights_set($db, $type, $a);
	1297		if ($r !== TRUE) {
	1298		$errmsg[] = rg_repo_error();
	1299		break;
	1300		}
	1301
	1302		$ret .= rg_template("user/repo/rights/grant_ok.html", $rg);
	1303
	1304		$load_defaults = 1;
	1305		break;
	1306		}
	1307
	1308		if ($load_defaults == 1) {
	1309		$rg['right_id'] = $a['right_id'];
	1310		$rg['target_user'] = "";
	1311		$rg['rights'] = rg_rights_default($type);
	1312		$rg['misc'] = "";
	1313		$rg['ip'] = "";
	1314		$rg['prio'] = 100;
	1315		} else {
	1316		$rg = rg_array_merge($rg, "", $a);
	1317		}
	1318
	1319		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	1320		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	1321		$rg['HTML:list_errmsg'] = rg_template_errmsg($list_errmsg);
	1322		$rg['HTML:rights_checkboxes'] = rg_rights_checkboxes($type, "rights",
	1323		$rg['rights']);
	1324
	1325		// list rights
	1326		$rights_list = rg_rights_load($db, $type, $rg['ri']['repo_id']);
	1327		rg_repo_rights_cosmetic_list($db, $rights_list);
	1328		if ($rights_list === FALSE)
	1329		$ret .= rg_warning("Cannot load rights. Try later.");
	1330		else
	1331		$ret .= rg_template_table("user/repo/rights/list_" . $type,
	1332		$rights_list, $rg);
	1333
	1334		$ret .= rg_template("user/repo/rights/form_" . $type . ".html", $rg);
	1335
	1336		// hints
	1337		$hints = array();
	1338		$hints[]['HTML:hint'] = rg_template("hints/repo/edit_rights.html", $rg);
	1339		$hints[]['HTML:hint'] = rg_template("hints/repo/edit_" . $type . "_rights.html", $rg);
	1340		$ret .= rg_template_table("hints/list", $hints, $rg);
	1341
	1342		return $ret;
	1343		}
	1344
	1345		/*
	1346		* High level function for repo deletion
	1347		*/
	1348		function rg_repo_admin_delete($db, $rg)
	1349		{
	1350		$ret = "";
	1351
	1352		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "D", $rg['ip'], "") !== TRUE)
	1353		return rg_template("user/repo/delete/deny.html", $rg);
	1354
	1355		$are_you_sure = rg_var_uint("are_you_sure");
	1356
	1357		$errmsg = array();
	1358
	1359		$show_form = 1;
	1360
	1361		do {
	1362		if ($rg['doit'] != 1)
	1363		break;
	1364
	1365		if ($are_you_sure == 0) {
	1366		$ret .= rg_template("user/repo/delete/no.html", $rg);
	1367		$show_form = 0;
	1368		break;
	1369		}
	1370
	1371		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1372		$errmsg[] = "invalid token; try again";
	1373		break;
	1374		}
	1375
	1376		rg_log_ml("CHECK: rg: " . print_r($rg, TRUE));
	1377		$r = rg_repo_delete($db, $rg['ri']['repo_id'], $rg['login_ui']);
	1378		if ($r === FALSE) {
	1379		$errmsg[] = rg_repo_error();
	1380		break;
	1381		}
	1382
	1383		$ret .= rg_template("user/repo/delete/done.html", $rg);
	1384		$show_form = 0;
	1385		} while (0);
	1386
	1387		if ($show_form == 1) {
	1388		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	1389		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	1390		$ret .= rg_template("user/repo/delete/sure.html", $rg);
	1391		}
	1392
	1393		return $ret;
	1394		}
	1395
	1396		/*
	1397		* High level function creating/editing a repo
	1398		*/
	1399		function rg_repo_edit_high_level($db, $rg)
	1400		{
	1401		rg_log("rg_repo_edit_high_level");
	1402
	1403		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") !== TRUE)
	1404		return rg_template("user/repo/deny_edit.html", $rg);
	1405
	1406		$ret = "";
	1407
	1408		$errmsg = array();
	1409		$load_form = TRUE;
	1410		do {
	1411		if ($rg['doit'] != 1) {
	1412		if (!isset($rg['ri'])) {
	1413		// Defaults
	1414		$rg['ri']['repo_id'] = "0";
	1415		$rg['ri']['master'] = "0";
	1416		$rg['ri']['name'] = "";
	1417		$rg['ri']['max_commit_size'] = "0";
	1418		$rg['ri']['description'] = "";
	1419		$rg['ri']['master_repo_id'] = "0";
	1420		$rg['ri']['public'] = "1";
	1421		}
	1422		break;
	1423		}
	1424
	1425		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1426		// TODO: replace all of these with a template
	1427		$errmsg[] = "invalid token; try again.";
	1428		break;
	1429		}
	1430
	1431		$rg['ri']['repo_id'] = rg_var_uint("repo_id");
	1432		$rg['ri']['name'] = rg_var_str("name"); // TODO: filter name!
	1433		$rg['ri']['max_commit_size'] = rg_var_uint("max_commit_size");
	1434		$rg['ri']['description'] = rg_var_str("description");
	1435		$rg['ri']['public'] = rg_var_bool("public");
	1436		$rg['ri']['master'] = rg_var_uint("master");
	1437
	1438		$r = rg_repo_edit($db, $rg['login_ui'], $rg['ri']);
	1439		if ($r === FALSE) {
	1440		$errmsg[] = rg_repo_error();
	1441		break;
	1442		}
	1443		$rg['ri.renamed'] = $r['renamed'];
	1444
	1445		$rg['ri']['home'] = rg_re_repopage($rg['login_ui'],
	1446		$rg['ri']['name']);
	1447		if ($rg['ri']['repo_id'] == 0) {
	1448		$ret .= rg_template("repo/create_ok.html", $rg);
	1449		} else {
	1450		$ret .= rg_template("repo/edit_ok.html", $rg);
	1451		}
	1452
	1453		$load_form = FALSE;
	1454		} while (0);
	1455
	1456		if ($load_form) {
	1457		if ($rg['ri']['master'] > 0) {
	1458		$rg['ri']['master_name'] = $rg['ri']['master'];
	1459		$_mi = repo_info($db, $rg['ri']['master'], "");
	1460		if ($_mi['exists'] == 1)
	1461		$rg['ri']['master_name'] = $_mi['name'];
	1462		} else {
	1463		$rg['ri']['master_name'] = "";
	1464		}
	1465
	1466		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	1467		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	1468		$hints = array();
	1469		$hints[]['HTML:hint'] = rg_template("hints/repo/create_repo.html", $rg);
	1470		$rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
	1471		$ret .= rg_template("repo/add_edit.html", $rg);
	1472		}
	1473
	1474		return $ret;
1168	1475	}	}
1169	1476
	1477		/*
	1478		* High level function for 'Repo -> Admin' menu
	1479		*/
	1480		function rg_repo_admin($db, $rg, $paras)
	1481		{
	1482		rg_log("rg_repo_admin paras=" . rg_array2string($paras));
	1483
	1484		$ret = "";
	1485
	1486		$_op = empty($paras) ? "edit" : array_shift($paras);
	1487
	1488		$rg['menu']['repo'][$_op] = 1;
	1489		$ret .= rg_template("user/repo/menu.html", $rg);
	1490
	1491		switch ($_op) {
	1492		case 'repo_rights':
	1493		$ret .= rg_repo_admin_rights($db, $rg, "repo");
	1494		break;
	1495
	1496		case 'refs_rights':
	1497		$ret .= rg_repo_admin_rights($db, $rg, "repo_refs");
	1498		break;
	1499
	1500		case 'path_rights':
	1501		$ret .= rg_repo_admin_rights($db, $rg, "repo_path");
	1502		break;
	1503
	1504		case 'delete':
	1505		$ret .= rg_repo_admin_delete($db, $rg);
	1506		break;
	1507
	1508		default:
	1509		$rg['form_url'] = $rg['url_repo'] . "/admin";
	1510		$ret .= rg_repo_edit_high_level($db, $rg);
	1511		break;
	1512		}
	1513
	1514		return $ret;
	1515		}
1170	1516
1171	1517	?>	?>

File inc/repo/repo.php changed (mode: 100644) (index 5823907..73ad594)
1	1	<?php	<?php
2		rg_log("/inc/repo/repo");
	2		rg_log("FILE: /inc/repo/repo");
3	3
4		$repo_more = $more;
5		$_repo = "";
6
7		if ($login_ui['uid'] == 0) {
8		$_repo .= rg_warning("You do not have access here!");
9		return;
10		}
	4		// This page is shown when user press main menu "Repositories"
11	5
12		$name = rg_var_str("name");
13		$max_commit_size = rg_var_uint("max_commit_size");
14		$description = rg_var_str("description");
15		$master_repo_id = rg_var_uint("master_repo_id");
16		$repo_id = rg_var_uint("repo_id");
	6		$_repo = "";
17	7
18	8	$errmsg = array();	$errmsg = array();
19	9
20	10	$_subop = empty($paras) ? "list" : array_shift($paras);	$_subop = empty($paras) ? "list" : array_shift($paras);
21
22		// menu
23		$_m = array(
24		"list" => array(
25		"text" => "List",
26		"op" => "list"
27		),
28		"create" => array(
29		"text" => "Create",
30		"op" => "create"
31		),
32		"search" => array(
33		"text" => "Search",
34		"op" => "search"
35		)
36		);
37		rg_menu_add($rg_menu, $_m, $_subop);
38
39	11	switch ($_subop) {	switch ($_subop) {
40	12	case 'list':	case 'list':
41		$_repo .= rg_repo_list($db, "", $login_ui);
	13		$_repo .= rg_repo_list($db, $rg, "", $rg['login_ui']);
42	14	break;	break;
43	15
44	16	case 'create':	case 'create':
45		if ($doit == 1) {
46		$rights = rg_rights_a2s(rg_var_str("rights"));
47
48		do {
49		$_r = rg_repo_create($db, $master_repo_id, $login_ui, $name,
50		$max_commit_size, $description, $rights);
51		if ($_r === FALSE) {
52		$errmsg[] = rg_repo_error();
53		break;
54		}
55
56		// redirect to repo page
57		$url = rg_re_repopage($login_ui, $name);
58		rg_redirect($url);
59		} while (0);
60		} else { // load defaults
61		$rights = $rg_repo_rights_default;
62		}
63
64		if ($master_repo_id > 0) {
65		$master_name = $master_repo_id;
66		$_mi = repo_info($db, $master_repo_id, "");
67		if ($_mi['exists'] == 1)
68		$master_name = $_mi['name'];
69		$repo_more['master_name'] = $master_name;
70		} else {
71		$repo_more['master_name'] = "";
72		}
73
74		$repo_more['title'] = "Create repository";
75		$repo_more['button'] = "Create";
76		$repo_more['name'] = $name;
77		$repo_more['max_commit_size'] = $max_commit_size;
78		$repo_more['description'] = $description;
79		$repo_more['master_repo_id'] = $master_repo_id;
80		$repo_more['HTML:rights'] = rg_rights_checkboxes("repo", $rights);
81		$repo_more['repo_id'] = $repo_id;
82		$repo_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
83		$repo_more['rg_form_token'] = rg_token_get($db, $sid);
84
85		$hints = array();
86		$hints[]['HTML:hint'] = rg_template("hints/repo/create_repo.html", $repo_more);
87		$repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);
88
89		$_repo .= rg_template("repo/add_edit.html", $repo_more);
	17		$rg['form_url'] = "/op/repo/create";
	18		$_repo .= rg_repo_edit_high_level($db, $rg);
90	19	break;	break;
91	20
92	21	case 'search':	case 'search':
93	22	$q = rg_var_str("q");	$q = rg_var_str("q");
94	23
95		while ($doit == 1) {
96		$_t = rg_repo_search($db, $login_ui, $q);
	24		while ($rg['doit'] == 1) {
	25		$_t = rg_repo_search($db, $rg['login_ui'], $q);
97	26	if ($_t === FALSE) {	if ($_t === FALSE) {
98	27	$errmsg[] = rg_repo_error();	$errmsg[] = rg_repo_error();
99	28	break;	break;
...	...	case 'search':
103	32	break;	break;
104	33	}	}
105	34
106		$repo_more['q'] = $q;
107		$repo_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
108		$_repo .= rg_template("repo/search.html", $repo_more);
	35		$rg['q'] = $q;
	36		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	37		$_repo .= rg_template("repo/search.html", $rg);
109	38	break;	break;
110	39	}	}
111	40
	41		$rg['menu']['sub1'][$_subop] = 1;
	42		$rg['HTML:submenu1'] = rg_template("repo/menu.html", $rg);
	43
112	44	?>	?>

File inc/rights.inc.php changed (mode: 100644) (index 2d4baaa..6101110)
...	...	require_once($INC . "/sql.inc.php");
5	5	require_once($INC . "/user.inc.php");	require_once($INC . "/user.inc.php");
6	6	require_once($INC . "/git.inc.php");	require_once($INC . "/git.inc.php");
7	7
8		define("RG_RIGHTS_FILL_EXISTS", 1);
9
10	8	$rg_rights = array();	$rg_rights = array();
	9		$rg_rights_default = array();
11	10
12	11	$rg_rights_error = "";	$rg_rights_error = "";
13	12
...	...	function rg_rights_error()
26	25	/*	/*
27	26	* Register a set of rights	* Register a set of rights
28	27	*/	*/
29		function rg_rights_register($type, $rights)
	28		function rg_rights_register($type, $rights, $default_rights)
30	29	{	{
31	30	global $rg_rights;	global $rg_rights;
	31		global $rg_rights_default;
32	32
33	33	$rg_rights[$type] = $rights;	$rg_rights[$type] = $rights;
	34		$rg_rights_default[$type] = $default_rights;
34	35	}	}
35	36
36	37	/*	/*
...	...	function rg_rights_all($type)
73	74	return $ret;	return $ret;
74	75	}	}
75	76
	77		/*
	78		* Returns default rights for a type
	79		*/
	80		function rg_rights_default($type)
	81		{
	82		global $rg_rights_default;
	83
	84		if (!isset($rg_rights_default[$type])) {
	85		rg_log("WARN: type [$type] is not registered!");
	86		return "";
	87		}
	88
	89		return $rg_rights_default[$type];
	90		}
	91
76	92	/*	/*
77	93	* Rights -> form	* Rights -> form
78	94	*/	*/
79		function rg_rights_checkboxes($type, $passed_rights)
	95		function rg_rights_checkboxes($type, $name, $passed_rights)
80	96	{	{
81	97	global $rg_rights;	global $rg_rights;
82	98
...	...	function rg_rights_checkboxes($type, $passed_rights)
90	106	$add = "";	$add = "";
91	107	if (strstr($passed_rights, $right))	if (strstr($passed_rights, $right))
92	108	$add = " checked=\"checked\"";	$add = " checked=\"checked\"";
93		$ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
	109		$ret .= "<input type=\"checkbox\""
	110		. " name=\"" . $name . "[$right]\""
94	111	. $add . " />$info<br />\n";	. $add . " />$info<br />\n";
95	112	}	}
96	113
...	...	function rg_rights_a2s($a)
127	144	{	{
128	145	$rights = "";	$rights = "";
129	146
	147		if (empty($a))
	148		return "";
	149
130	150	if (!is_array($a)) {	if (!is_array($a)) {
131	151	rg_internal_error("Rights array is not an array");	rg_internal_error("Rights array is not an array");
132	152	return "";	return "";
...	...	function rg_rights_a2s($a)
140	160
141	161	/*	/*
142	162	* Get rights for an object	* Get rights for an object
143		* TODO: caching in RAM?
	163		* @uid - the uid of the (normally) logged in user.
	164		* @right_id - optional id (used by edit)
144	165	*/	*/
145		function rg_rights_get($db, $type, $obj_id, $uid)
	166		$rg_rights_get_cache = array();
	167		function rg_rights_get($db, $type, $obj_id, $uid, $right_id)
146	168	{	{
147	169	global $rg_rights;	global $rg_rights;
	170		global $rg_rights_get_cache;
	171
	172		$key = $type . "|" . $obj_id . "|" . $uid . "|" . $right_id;
	173		if (isset($rg_rights_get_cache[$key])) {
	174		rg_log("CHECK: rights returned from cache for key $key");
	175		return $rg_rights_get_cache[$key];
	176		}
148	177
149	178	rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid...");	rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid...");
150	179	rg_prof_start("rights_get");	rg_prof_start("rights_get");
151	180
152	181	$ret = array();	$ret = array();
153	182	$ret['ok'] = 0;	$ret['ok'] = 0;
154		$ret['rights'] = "";
	183		$ret['list'] = array();
155	184	do {	do {
	185		// No rights possible for not logged in user
156	186	if ($uid == 0) {	if ($uid == 0) {
157	187	$ret['ok'] = 1;	$ret['ok'] = 1;
158	188	break;	break;
159	189	}	}
160	190
161		$params = array($type, $uid, $obj_id);
162		$sql = "SELECT itime, rights, misc, prio FROM rights"
163		. " WHERE type = $1"
164		. " AND uid = $2"
165		. " AND obj_id = $3"
	191		$add = "";
	192		if ($right_id > 0)
	193		$add = " AND right_id = @@right_id@@";
	194		else
	195		$add = " AND (uid = @@uid@@ OR uid = 0)";
	196
	197		$params = array("type" => $type,
	198		"uid" => $uid,
	199		"obj_id" => $obj_id,
	200		"right_id" => $right_id);
	201		$sql = "SELECT * FROM rights"
	202		. " WHERE type = @@type@@"
	203		. " AND obj_id = @@obj_id@@"
	204		. $add
166	205	. " ORDER BY prio";	. " ORDER BY prio";
167	206	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
168	207	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_rights_get($db, $type, $obj_id, $uid)
170	209	break;	break;
171	210	}	}
172	211
173		$ret['ok'] = 1;
174		$ret['exists'] = 0;
175		$rows = rg_sql_num_rows($res);
176		if ($rows > 0)
177		$row = rg_sql_fetch_array($res);
	212		while (($row = rg_sql_fetch_array($res))) {
	213		$row['target_uid'] = $row['uid']; unset($row['uid']);
	214		$row['rights_text'] = implode(", ",
	215		rg_rights_text($type, $row['rights']));
	216		$ret['list'][] = $row;
	217		}
178	218	rg_sql_free_result($res);	rg_sql_free_result($res);
179		if ($rows == 0)
180		break;
181	219
182		$ret['itime'] = $row['itime'];
183		$ret['rights'] = $row['rights'];
184		$ret['misc'] = empty($row['misc']) ? array() : unserialize($row['misc']);
185		$ret['prio'] = $row['prio'];
186		$ret['exists'] = 1;
	220		$ret['ok'] = 1;
	221		$rg_rights_get_cache[$key] = $ret;
187	222	} while (0);	} while (0);
188	223
189		rg_log("\tdb rights: [" . $ret['rights'] . "].");
	224		rg_log("\tdb rights: " . rg_array2string($ret['list']));
190	225
191	226	rg_prof_end("rights_get");	rg_prof_end("rights_get");
192	227	return $ret;	return $ret;
...	...	function rg_rights_get($db, $type, $obj_id, $uid)
195	230	/*	/*
196	231	* Set rights for an object	* Set rights for an object
197	232	*/	*/
198		function rg_rights_set($db, $type, $obj_id, $uid, $rights, $misc)
	233		function rg_rights_set($db, $type, $a)
199	234	{	{
200		rg_log("rg_rights_set: type=$type obj_id=$obj_id"
201		. " uid=$uid rights=$rights misc=" . rg_array2string($misc));
202
203		if (empty($rights)) {
204		$params = array($type, $uid, $obj_id);
205		$sql = "DELETE FROM rights"
206		. " WHERE type = $1"
207		. " AND uid = $2"
208		. " AND obj_id = $3";
209		} else {
210		$r = rg_rights_get($db, $type, $obj_id, $uid);
211		if ($r['ok'] != 1)
212		return $r;
213		rg_log("r: " . rg_array2string($r));
214
215		if ($r['exists'] == 1) {
216		$params = array($rights, serialize($misc), $type, $uid,
217		$obj_id);
218		$sql = "UPDATE rights"
219		. " SET rights = $1"
220		. ", misc = $2"
221		. " WHERE type = $3"
222		. " AND uid = $4"
223		. " AND obj_id = $5";
224		} else {
225		$params = array($type, $uid, $obj_id, $rights,
226		serialize($misc), time());
227		$sql = "INSERT INTO rights (type, uid, obj_id, rights"
228		. ", misc, itime)"
229		. " VALUES ($1, $2, $3, $4, $5, $6)";
230		}
231		}
232
233		$res = rg_sql_query_params($db, $sql, $params);
	235		rg_log("rg_rights_set: type=$type paras=" . rg_array2string($a));
	236
	237		$a['type'] = $type;
	238		$a['now'] = time();
	239		if ($a['right_id'] > 0)
	240		$sql = "UPDATE rights SET"
	241		. " type = @@type@@"
	242		. ", uid = @@uid@@"
	243		. ", obj_id = @@obj_id@@"
	244		. ", rights = @@rights@@"
	245		. ", misc = @@misc@@"
	246		. ", ip = @@ip@@"
	247		. ", prio = @@prio@@"
	248		. ", itime = @@now@@"
	249		. ", who = @@who@@"
	250		. " WHERE right_id = @@right_id@@";
	251		else
	252		$sql = "INSERT INTO rights (type, uid, obj_id, rights"
	253		. ", misc, ip, prio, itime, who)"
	254		. " VALUES (@@type@@, @@uid@@, @@obj_id@@, @@rights@@"
	255		. ", @@misc@@, @@ip@@, @@prio@@, @@now@@, @@who@@)";
	256		$res = rg_sql_query_params($db, $sql, $a);
234	257	if ($res === FALSE) {	if ($res === FALSE) {
235	258	rg_rights_set_error("cannot alter rights (" . rg_sql_error() . ")!");	rg_rights_set_error("cannot alter rights (" . rg_sql_error() . ")!");
236	259	return FALSE;	return FALSE;
...	...	function rg_rights_set($db, $type, $obj_id, $uid, $rights, $misc)
242	265
243	266	/*	/*
244	267	* Returns an array with the rights, for all users	* Returns an array with the rights, for all users
	268		* TODO: we have a circular depenedncy on user.inc. Remove the lookup and brake
	269		* the dependency.
245	270	*/	*/
246	271	function rg_rights_load($db, $type, $obj_id)	function rg_rights_load($db, $type, $obj_id)
247	272	{	{
...	...	function rg_rights_load($db, $type, $obj_id)
252	277
253	278	$ret = FALSE;	$ret = FALSE;
254	279	do {	do {
255		$params = array($type, $obj_id);
	280		$params = array("obj_id" => $obj_id,
	281		"type" => $type);
	282
256	283	$sql = "SELECT * FROM rights"	$sql = "SELECT * FROM rights"
257		. " WHERE type = $1"
258		. " AND obj_id = $2";
	284		. " WHERE obj_id = @@obj_id@@";
	285
	286		if (strcmp($type, "*") != 0)
	287		$sql .= " AND type = @@type@@";
	288
259	289	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
260	290	if ($res === FALSE) {	if ($res === FALSE) {
261	291	rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");	rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");
...	...	function rg_rights_load($db, $type, $obj_id)
264	294
265	295	$ret = array();	$ret = array();
266	296	while (($row = rg_sql_fetch_array($res))) {	while (($row = rg_sql_fetch_array($res))) {
267		$row['username'] = "?";
268		$_ui = rg_user_info($db, $row['uid'], "", "");
269		if ($_ui['exists'] == 1)
270		$row['username'] = $_ui['username'];
271
272		$_r = rg_rights_text($type, $row['rights']);
	297		if ($row['uid'] == 0) {
	298		$row['username'] = "*";
	299		} else {
	300		$_ui = rg_user_info($db, $row['uid'], "", "");
	301		if ($_ui['exists'] == 1)
	302		$row['username'] = $_ui['username'];
	303		else
	304		$row['username'] = "?";
	305		}
	306
	307		$_r = rg_rights_text($row['type'], $row['rights']);
273	308	$row['rights_text'] = implode(", ", $_r);	$row['rights_text'] = implode(", ", $_r);
274	309
275	310	$row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);	$row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
276	311
277	312	// To avoid confusion	// To avoid confusion
278		$row['right_uid'] = $row['uid']; unset($row['uid']);
	313		$row['target_uid'] = $row['uid']; unset($row['uid']);
279	314
280	315	$ret[] = $row;	$ret[] = $row;
281	316	}	}
...	...	function rg_rights_mask($val, $mask)
301	336	return $ret;	return $ret;
302	337	}	}
303	338
	339		/*
	340		* Splits ip/prefix in components and apply the prefix len mask
	341		* Returns FALSE if something is wrong
	342		*/
	343		function rg_rights_split_ip($ip)
	344		{
	345		$ret = array();
	346
	347		$ret['prefix_len'] = -1;
	348		if (strstr($ip, "/")) { /* prefix len */
	349		$t = explode("/", $ip);
	350		$ip2 = $t[0];
	351		$ret['prefix_len'] = $t[1];
	352		} else {
	353		$ip2 = $ip;
	354		}
	355
	356		if (preg_match('/^[a-fA-F0-9:]*$/', $ip2)) { /* ipv6 */
	357		if ($ret['prefix_len'] == -1) {
	358		$ret['prefix_len'] = 128;
	359		} else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 128)) {
	360		rg_rights_set_error("invalid prefix len for [$ip]");
	361		return FALSE;
	362		}
	363
	364		$t = explode("::", $ip2);
	365		if (count($t) > 2) {
	366		rg_rights_set_error("invalid IPv6 IP [$ip] (multiple ::)");
	367		return FALSE;
	368		}
	369		if (count($t) == 2) { /* we have :: */
	370		$ipv6 = array();
	371		/* count non-empty groups ($good) */
	372		$t = explode(":", $ip2);
	373		$good = 0;
	374		foreach ($t as $p) {
	375		if (!empty($p))
	376		$good++;
	377		}
	378
	379		$i = 0;
	380		$fill = 1;
	381		foreach ($t as $p) {
	382		if (!empty($p)) {
	383		$ipv6[$i++] = hexdec($p);
	384		continue;
	385		}
	386
	387		if ($fill == 0)
	388		continue;
	389
	390		for ($j = 0; $j < 8 - $good; $j++)
	391		$ipv6[$i++] = 0;
	392		$fill = 0;
	393		}
	394		} else {
	395		$ipv6 = explode(":", $ip2);
	396		if (count($ipv6) != 8) {
	397		rg_rights_set_error("invalid IPv6 IP [$ip]");
	398		return FALSE;
	399		}
	400
	401		foreach ($ipv6 as $k => $p)
	402		$ipv6[$k] = hexdec($p);
	403		}
	404
	405		// apply mask
	406		for ($i = 0; $i < 8; $i++) {
	407		if ($ret['prefix_len'] >= ($i + 1) * 16)
	408		continue;
	409
	410		$len = ($i + 1) * 16 - $ret['prefix_len'];
	411		if ($len >= 16) {
	412		$ipv6[$i] = 0;
	413		} else {
	414		$mask = 0xFFFF - (pow(2, $len) - 1);
	415		$ipv6[$i] &= $mask;
	416		}
	417		}
	418
	419		$new = array();
	420		foreach ($ipv6 as $k => $p)
	421		$new[$k] = sprintf("%x", $p);
	422		$ret['ip'] = implode(":", $new);
	423		$ret['type'] = "ipv6";
	424		} else if (preg_match('/^[0-9\.]*$/', $ip2)) { /* ipv4 */
	425		if ($ret['prefix_len'] == -1) {
	426		$ret['prefix_len'] = 32;
	427		} else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 32)) {
	428		rg_rights_set_error("invalid prefix len for [$ip]");
	429		return FALSE;
	430		}
	431
	432		$ipv4 = explode(".", $ip2);
	433		if (count($ipv4) != 4) {
	434		rg_rights_set_error("invalid IPv4 IP [$ip]");
	435		return FALSE;
	436		}
	437
	438		foreach ($ipv4 as $k => $p) {
	439		if (($p < 0) || ($p > 255)) {
	440		rg_rights_set_error("invalid IPv4 IP [$ip]");
	441		return FALSE;
	442		}
	443
	444		$ipv4[$k] = ltrim($p, "0");
	445		}
	446
	447		// apply mask
	448		for ($i = 0; $i < 4; $i++) {
	449		if ($ret['prefix_len'] >= ($i + 1) * 8)
	450		continue;
	451
	452		$len = ($i + 1) * 8 - $ret['prefix_len'];
	453		if ($len >= 8) {
	454		$ipv4[$i] = "0";
	455		} else {
	456		$ipv4[$i] &= 0xFF - (pow(2, $len) - 1);
	457		}
	458		}
	459
	460		$ret['ip'] = implode(".", $ipv4);
	461		$ret['type'] = "ipv4";
	462		} else {
	463		rg_rights_set_error("invalid address [$ip]");
	464		return FALSE;
	465		}
	466
	467		return $ret;
	468		}
	469
	470		/*
	471		* Validates a list of IPs to be correct
	472		*/
	473		function rg_rights_validate_ip($list)
	474		{
	475		$list = preg_replace("/[,\n]/", " ", $list);
	476		$list = trim($list);
	477		if (empty($list))
	478		return TRUE;
	479
	480		$list = explode(" ", $list);
	481
	482		foreach ($list as $junk => $ip) {
	483		if (empty($ip))
	484		continue;
	485
	486		$r = rg_rights_split_ip($ip);
	487		if ($r === FALSE)
	488		return FALSE;
	489		}
	490
	491		return TRUE;
	492		}
	493
	494		/*
	495		* Test if an IP match the allowed list
	496		*/
	497		function rg_rights_test_ip($list, $ip)
	498		{
	499		$r = rg_rights_split_ip($ip);
	500		if ($r === FALSE) {
	501		rg_log("An invalid IP was specified [$ip]. Ignore it.");
	502		return FALSE;
	503		}
	504
	505		$list = explode(" ", $list);
	506		foreach ($list as $junk => $ip0) {
	507		if (empty($ip0))
	508		continue;
	509
	510		$r0 = rg_rights_split_ip($ip0);
	511		if ($r0 === FALSE) {
	512		rg_log("An invalid IP was specified [$ip0]. Ignore it.");
	513		continue;
	514		}
	515
	516		$new_ip = rg_rights_split_ip($ip . "/" . $r0['prefix_len']);
	517		if (strcmp($new_ip['type'], $r0['type']) != 0)
	518		continue;
	519
	520		if (strcmp($new_ip['ip'], $r0['ip']) == 0) {
	521		rg_log("$ip matches $ip0");
	522		return TRUE;
	523		}
	524
	525		rg_log("no match " . $new_ip['ip'] . " != " . $r0['ip']);
	526		}
	527
	528		return FALSE;
	529		}
	530
304	531	/*	/*
305	532	* Returns TRUE if all 'needed_rights' are included in 'rights'	* Returns TRUE if all 'needed_rights' are included in 'rights'
	533		* @list - an array of rights
	534		* needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
	535		*/
	536		function rg_rights_allow($list, $needed_rights, $ip, $misc)
	537		{
	538		rg_log("rg_rights_allow: needed_rights=$needed_rights ip=$ip"
	539		. " misc=$misc list:" . rg_array2string($list));
	540
	541		$ret = FALSE;
	542
	543		if (!is_array($list)) {
	544		rg_rights_set_error("list is not array");
	545		return $ret;
	546		}
	547
	548		if (empty($needed_rights))
	549		return TRUE;
	550
	551		$needed = explode("|", $needed_rights);
	552
	553		foreach ($list as $k => $v) {
	554		// Test IP
	555		if (rg_rights_test_ip($v['ip'], $ip) !== TRUE) {
	556		rg_log("CHECK: ip does not match with " . $v['ip']);
	557		continue;
	558		}
	559
	560		foreach ($needed as $needed1) {
	561		$r = rg_rights_mask($v['rights'], $needed1);
	562		if (strcmp($r, $needed1) != 0) {
	563		rg_log("rights_allow: [$r] != [$needed1]! Continue.");
	564		continue;
	565		}
	566		rg_log("rights_allow: [$r] = [$needed1]! Allow.");
	567		$ret = TRUE;
	568		break;
	569		}
	570
	571		if ($ret === FALSE)
	572		continue;
	573
	574		// Test 'misc' match
	575		if ($misc !== FALSE) {
	576		if (empty($v['misc']))
	577		break;
	578
	579		rg_log("Check misc [$misc] against [" . $v['misc'] . "]");
	580		if (!stristr($misc, $v['misc']))
	581		continue;
	582		}
	583
	584		break;
	585		}
	586
	587		return $ret;
	588		}
	589
	590		/*
	591		* Delete a list of rights
	592		* Caller must be sure that the user is allowed to operate on 'obj_id'.
306	593	*/	*/
307		function rg_rights_allow($rights, $needed_rights)
	594		function rg_rights_delete_list($db, $obj_id, $list)
308	595	{	{
309		$r = rg_rights_mask($rights, $needed_rights);
310		if (strcmp($r, $needed_rights) != 0) {
311		rg_log("rights_allow: [$r] != [$needed_rights]!");
	596		$db_list = implode(",", $list);
	597
	598		$params = array("obj_id" => $obj_id);
	599		$sql = "DELETE FROM rights"
	600		. " WHERE obj_id = @@obj_id@@"
	601		. " AND right_id IN (" . $db_list . ")";
	602		$res = rg_sql_query_params($db, $sql, $params);
	603		if ($res === FALSE) {
	604		rg_rights_set_error("cannot mass delete (" . rg_sql_error() . ")!");
312	605	return FALSE;	return FALSE;
313	606	}	}
314	607
315	608	return TRUE;	return TRUE;
316	609	}	}
	610
317	611	?>	?>

File inc/sess.inc.php changed (mode: 100644) (index cbf461f..59ef247)
...	...	function rg_sess_add($db, $uid, $sid, $session_time, $lock_ip)
21	21
22	22	$ret = FALSE;	$ret = FALSE;
23	23	do {	do {
24		$params = array($sid, $uid, $now + $session_time, $session_time, $ip);
	24		$params = array("sid" => $sid,
	25		"uid" => $uid,
	26		"expire" => $now + $session_time,
	27		"session_time" => $session_time,
	28		"ip" => $ip);
25	29	$sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)"	$sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)"
26		. " VALUES ($1, $2, $3, $4, $5)";
	30		. " VALUES (@@sid@@, @@uid@@, @@expire@@"
	31		. ", @@session_time@@, @@ip@@)";
27	32	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
28	33	if ($res === FALSE) {	if ($res === FALSE) {
29	34	rg_log("\tCannot insert (" . rg_sql_error() . ")!");	rg_log("\tCannot insert (" . rg_sql_error() . ")!");
...	...	function rg_sess_add($db, $uid, $sid, $session_time, $lock_ip)
31	36	}	}
32	37	rg_sql_free_result($res);	rg_sql_free_result($res);
33	38
34		$row = array("sid" => $sid, "uid" => $uid,
35		"expire" => $now + $session_time,
36		"session_time" => $session_time, "ip" => $ip,
37		"last_db_write" => $now);
38		rg_cache_set("sess::" . $sid, serialize($row));
	39		$params['last_db_write'] = $now;
	40		rg_cache_set("sess::" . $sid, serialize($params));
39	41
40	42	$ret = TRUE;	$ret = TRUE;
41	43	} while (0);	} while (0);
...	...	function rg_sess_valid($db, $sid)
60	62	$r = unserialize($r);	$r = unserialize($r);
61	63
62	64	if ($r === FALSE) {	if ($r === FALSE) {
63		$params = array($sid);
64		$sql = "SELECT * FROM sess WHERE sid = $1";
	65		$params = array("sid" => $sid);
	66		$sql = "SELECT * FROM sess WHERE sid = @@sid@@";
65	67	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
66	68	if ($res === FALSE) {	if ($res === FALSE) {
67	69	rg_log("\tCannot select (" . rg_sql_error() . ")!");	rg_log("\tCannot select (" . rg_sql_error() . ")!");
...	...	function rg_sess_valid($db, $sid)
95	97	}	}
96	98
97	99	$uid = $r['uid'];	$uid = $r['uid'];
98		rg_log("\tSession valid, uid=$uid, expire=+" . ($r['expire'] - $now));
	100		rg_log("\tSession valid, uid=$uid, expire=+"
	101		. ($r['expire'] - $now) . "s");
99	102	$ret = $r;	$ret = $r;
100	103	} while (0);	} while (0);
101	104
...	...	function rg_sess_update($db, $sess)
113	116	rg_prof_start("sess_update");	rg_prof_start("sess_update");
114	117	rg_log("sess_update: sess=" . rg_array2string($sess));	rg_log("sess_update: sess=" . rg_array2string($sess));
115	118
	119		$now = time();
	120
116	121	$ret = FALSE;	$ret = FALSE;
117	122	do {	do {
118		if ($sess['last_db_write'] + 60 > time()) {
119		$_diff = time() - $sess['last_db_write'];
120		rg_log("DEBUG: last_db_write is fresh enough ($_diff).");
	123		if ($sess['last_db_write'] + 60 > $now) {
	124		$_diff = $now - $sess['last_db_write'];
	125		rg_log("DEBUG: last_db_write is fresh enough (" . $_diff . "s).");
121	126	$ret = TRUE;	$ret = TRUE;
122	127	break;	break;
123	128	}	}
124	129
125		$params = array(time(), $sess['sid']);
126		$sql = "UPDATE sess SET expire = $1 + session_time"
127		. " WHERE sid = $2";
128		$res = rg_sql_query_params($db, $sql, $params);
	130		$sess['expire'] = $now + $sess['session_time'];
	131		$sql = "UPDATE sess SET expire = @@expire@@"
	132		. " WHERE sid = @@sid@@";
	133		$res = rg_sql_query_params($db, $sql, $sess);
129	134	if ($res === FALSE) {	if ($res === FALSE) {
130	135	rg_log("\tCannot update (" . rg_sql_error() . ")!");	rg_log("\tCannot update (" . rg_sql_error() . ")!");
131		break;
	136		// We will not exit here. At least in cache to be ok
	137		} else {
	138		$sess['last_db_write'] = $now;
	139		rg_sql_free_result($res);
132	140	}	}
133		rg_sql_free_result($res);
134	141
135		$sess['last_db_write'] = time();
136	142	rg_cache_set("sess::" . $sess['sid'], serialize($sess));	rg_cache_set("sess::" . $sess['sid'], serialize($sess));
137	143
138	144	$ret = TRUE;	$ret = TRUE;
...	...	function rg_sess_destroy($db, $sid, &$ui)
152	158
153	159	$ret = FALSE;	$ret = FALSE;
154	160	do {	do {
155		$params = array($sid);
156		$sql = "DELETE FROM sess WHERE sid = $1";
	161		$params = array("sid" => $sid);
	162		$sql = "DELETE FROM sess WHERE sid = @@sid@@";
157	163	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
158	164	if ($res === FALSE) {	if ($res === FALSE) {
159	165	rg_log("\tCannot delete (" . rg_sql_error() . ")!");	rg_log("\tCannot delete (" . rg_sql_error() . ")!");
...	...	function rg_sess_destroy($db, $sid, &$ui)
167	173	$ui = array();	$ui = array();
168	174	$ui['uid'] = 0;	$ui['uid'] = 0;
169	175	$ui['is_admin'] = 0;	$ui['is_admin'] = 0;
170		$ui['rights'] = "";
171	176
172	177	rg_cache_unset("sess::" . $sid);	rg_cache_unset("sess::" . $sid);
173	178

File inc/sql.inc.php changed (mode: 100644) (index d8fe504..606263e)
...	...	function rg_sql_query($h, $sql)
162	162
163	163	/*	/*
164	164	* Queries using params	* Queries using params
	165		* @params - array of fields -> values
	166		* Examples: $params = array("id" => "1", "name" = "bau")
	167		* $sql = "UPDATE x SET name = @@name@@ WHERE id = @@id@@ AND @@name@@ = @@name@@"
	168		* $sql2 = "UPDATE x SET name = $1 WHERE id = $2 AND name = $1"
165	169	*/	*/
166	170	function rg_sql_query_params($h, $sql, $params)	function rg_sql_query_params($h, $sql, $params)
167	171	{	{
...	...	function rg_sql_query_params($h, $sql, $params)
174	178	if ($db === FALSE)	if ($db === FALSE)
175	179	return FALSE;	return FALSE;
176	180
	181		// Transforms @params into $x system
	182		$params2 = array();
	183		$i = 1;
	184		foreach ($params as $k => $v) {
	185		$what = "/@@" . $k . "@@/";
	186		$value = "\\$" . $i;
	187		$sql = preg_replace($what, $value, $sql, -1, $count);
	188
	189		//rg_log("rg_sql_query_params: k=[$k] value=$value count=$count");
	190		if ($count > 0) {
	191		$params2[] = $v;
	192		$i++;
	193		}
	194		}
	195		//rg_log("new sql: $sql");
	196		//rg_log("params2: " . rg_array2string($params2));
	197
177	198	$_s = microtime(TRUE);	$_s = microtime(TRUE);
178		$res = @pg_query_params($db, $sql, $params);
	199		$res = @pg_query_params($db, $sql, $params2);
179	200	return rg_sql_query0($db, $sql, $res, $_s);	return rg_sql_query0($db, $sql, $res, $_s);
180	201	}	}
181	202

File inc/ssh.inc.php changed (mode: 100644) (index 5d75c18..28b8c81)
...	...	function rg_ssh_status($db, $uid)
18	18	exit(0);	exit(0);
19	19	}	}
20	20
	21		/*
	22		* List repos
	23		*/
21	24	function rg_ssh_repos($db, $uid)	function rg_ssh_repos($db, $uid)
22	25	{	{
23	26	rg_log("ssh_repos");	rg_log("ssh_repos");
...	...	function rg_ssh_repos($db, $uid)
40	43	exit(0);	exit(0);
41	44	}	}
42	45
	46		/*
	47		* Info about a repo
	48		*/
43	49	function rg_ssh_repo($db, $uid, $paras)	function rg_ssh_repo($db, $uid, $paras)
44	50	{	{
45	51	rg_log("ssh_repo: " . rg_array2string($paras));	rg_log("ssh_repo: " . rg_array2string($paras));
...	...	function rg_ssh_repo($db, $uid, $paras)
53	59
54	60	$ri = rg_repo_info($db, 0, $uid, $repo_name);	$ri = rg_repo_info($db, 0, $uid, $repo_name);
55	61	if ($ri === FALSE) {	if ($ri === FALSE) {
56		echo "Unknown repo!\n";
	62		echo "Error: unknown repo.\n";
57	63	exit(0);	exit(0);
58	64	}	}
59	65
60	66	echo "Repo: " . $ri['name'] . "\n";	echo "Repo: " . $ri['name'] . "\n";
	67		echo "Repo type: " . ($ri['public'] == 1 ? "public" : "private") . "\n";
61	68	echo "Description:\n";	echo "Description:\n";
62	69	$_d = explode("\n", $ri['description']);	$_d = explode("\n", $ri['description']);
63	70	if (!empty($_d)) {	if (!empty($_d)) {
...	...	function rg_ssh_repo($db, $uid, $paras)
66	73	}	}
67	74	echo "Creation time: " . gmdate("Y-m-d", $ri['itime']) . " UTC\n";	echo "Creation time: " . gmdate("Y-m-d", $ri['itime']) . " UTC\n";
68	75	echo "Disk used: " . rg_1024($ri['disk_used_mb']) . "\n";	echo "Disk used: " . rg_1024($ri['disk_used_mb']) . "\n";
69		$rights = implode(", ", rg_rights_text("repo", $ri['default_rights']));
70		echo "Default rights: " . $rights . "\n";
71	76
72	77	if ($ri['master'] > 0) {	if ($ri['master'] > 0) {
73	78	$mri = rg_repo_info($db, $ri['master'], 0, "");	$mri = rg_repo_info($db, $ri['master'], 0, "");
...	...	function rg_ssh_dispatch($db, $uid, $cmd)
85	90	$cmd = array_shift($paras);	$cmd = array_shift($paras);
86	91
87	92	switch ($cmd) {	switch ($cmd) {
88		case 'status': rg_ssh_status($db, $uid); break;
89		case 'repos': rg_ssh_repos($db, $uid); break;
90		case 'repo': rg_ssh_repo($db, $uid, $paras); break;
	93		case 'status': rg_ssh_status($db, $uid); break;
	94		case 'repos': rg_ssh_repos($db, $uid); break;
	95		case 'repo': rg_ssh_repo($db, $uid, $paras); break;
91	96	case '':	case '':
92	97	echo "Available commmands: status, repos, repo.\n";	echo "Available commmands: status, repos, repo.\n";
93	98	exit(0);	exit(0);

File inc/state.inc.php changed (mode: 100644) (index 0850743..14e5d73)
...	...	function rg_state_get($db, $var)
34	34	break;	break;
35	35	}	}
36	36
37		$params = array($var);
38		$sql = "SELECT value FROM state WHERE var = $1 LIMIT 1";
	37		$params = array("var" => $var);
	38		$sql = "SELECT value FROM state WHERE var = @@var@@ LIMIT 1";
39	39	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
40	40	if ($res === FALSE) {	if ($res === FALSE) {
41	41	rg_state_set_error(rg_sql_error());	rg_state_set_error(rg_sql_error());
...	...	function rg_state_set($db, $var, $value)
79	79
80	80	$ret = FALSE;	$ret = FALSE;
81	81	do {	do {
82		$params = array($var, $value);
	82		$params = array("var" => $var, "value" => $value);
83	83	if (rg_state_get($db, $var) === "") {	if (rg_state_get($db, $var) === "") {
84	84	$sql = "INSERT INTO state (var, value)"	$sql = "INSERT INTO state (var, value)"
85		. " VALUES ($1, $2)";
	85		. " VALUES (@@var@@, @@value@@)";
86	86	} else {	} else {
87		$sql = "UPDATE state SET value = $2"
88		. " WHERE var = $1";
	87		$sql = "UPDATE state SET value = @@value@@"
	88		. " WHERE var = @@var@@";
89	89	}	}
90	90	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
91	91	if ($res === FALSE) {	if ($res === FALSE) {

File inc/struct.inc.php changed (mode: 100644) (index 8df7662..32c3b7d)
...	...	$rg_sql_struct[14]['tables'] = array(
256	256	. ", itime INT NOT NULL)"	. ", itime INT NOT NULL)"
257	257	);	);
258	258	$rg_sql_struct[14]['other'] = array(	$rg_sql_struct[14]['other'] = array(
259		"users_renames_index_old_name" => "CREATE INDEX users_renames_i_old_name"
260		. " ON repos_renames(old_name)"
	259		"users_renames_index_old_name" =>
	260		"CREATE INDEX users_renames_i_old_name ON repos_renames(old_name)"
261	261	);	);
262	262
263	263
...	...	$rg_sql_struct[20]['other'] = array(
324	324	$rg_sql_struct[21] = array();	$rg_sql_struct[21] = array();
325	325	$rg_sql_struct[21]['tables'] = array();	$rg_sql_struct[21]['tables'] = array();
326	326	$rg_sql_struct[21]['other'] = array(	$rg_sql_struct[21]['other'] = array(
327		"plans_max_public_repos" => "ALTER TABLE plans ADD max_public_repos INT NOT NULL DEFAULT 0",
328		"plans_max_private_repos" => "ALTER TABLE plans ADD max_private_repos INT NOT NULL DEFAULT 0"
	327		"plans_max_public_repos" =>
	328		"ALTER TABLE plans ADD max_public_repos INT NOT NULL DEFAULT 0",
	329		"plans_max_private_repos" =>
	330		"ALTER TABLE plans ADD max_private_repos INT NOT NULL DEFAULT 0"
329	331	);	);
330	332
331	333	$rg_sql_struct[22] = array();	$rg_sql_struct[22] = array();
...	...	$rg_sql_struct[22]['other'] = array(
335	337	. " ADD last_ip TEXT NOT NULL DEFAULT '?'"	. " ADD last_ip TEXT NOT NULL DEFAULT '?'"
336	338	);	);
337	339
	340		$rg_sql_struct[23] = array();
	341		$rg_sql_struct[23]['tables'] = array();
	342		$rg_sql_struct[23]['other'] = array(
	343		"repo_public_private" => "ALTER TABLE repos"
	344		. " ADD public INT NOT NULL DEFAULT 0"
	345		);
	346
	347		$rg_sql_struct[24] = array();
	348		$rg_sql_struct[24]['tables'] = array();
	349		$rg_sql_struct[24]['other'] = array(
	350		"default_rights are not used anymore" => "ALTER TABLE repos"
	351		. " DROP default_rights"
	352		);
	353
	354		$rg_sql_struct[25] = array();
	355		$rg_sql_struct[25]['tables'] = array();
	356		$rg_sql_struct[25]['other'] = array(
	357		"we must record who gave rights" => "ALTER TABLE rights"
	358		. " ADD who INTEGER NOT NULL DEFAULT 0",
	359		"we need an int id for rights" => "ALTER TABLE rights"
	360		. " ADD right_id SERIAL"
	361		);
	362
	363		$rg_sql_struct[26] = array();
	364		$rg_sql_struct[26]['tables'] = array();
	365		$rg_sql_struct[26]['other'] = array(
	366		"we implement IP access in generic rights" => "ALTER TABLE rights"
	367		. " ADD ip TEXT NOT NULL DEFAULT ''",
	368		"we need a new misc field for path" => "ALTER TABLE rights"
	369		. " ADD misc2 TEXT NOT NULL DEFAULT ''"
	370		);
	371
	372		$rg_sql_struct[27] = array();
	373		$rg_sql_struct[27]['tables'] = array();
	374		$rg_sql_struct[27]['other'] = array(
	375		"we need to lookup rights fast" =>
	376		"CREATE INDEX rights_i_type_obj_id ON rights(type, obj_id)",
	377		"record who deleted a bug" =>
	378		"ALTER TABLE bugs ADD deleted_who INTEGER NOT NULL DEFAULT 0"
	379		);
	380
	381		$rg_sql_struct[28] = array();
	382		$rg_sql_struct[28]['tables'] = array();
	383		$rg_sql_struct[28]['other'] = array(
	384		"add repos.last_bug_id" =>
	385		"ALTER TABLE repos ADD last_bug_id INTEGER NOT NULL DEFAULT 0"
	386		);
	387
338	388	// This must be the last line	// This must be the last line
339	389	$rg_sql_schema_ver = count($rg_sql_struct);	$rg_sql_schema_ver = count($rg_sql_struct);
340	390

File inc/token.inc.php changed (mode: 100644) (index 354ce7f..c943ccd)
...	...	function rg_token_delete($db, $sid, $token)
28	28	$ret = array();	$ret = array();
29	29	$ret['ok'] = 0;	$ret['ok'] = 0;
30	30
31		$params = array($sid);
	31		$params = array("sid" => $sid, "token" => $token);
32	32	$add_token = "";	$add_token = "";
33		if (!empty($token)) {
34		$params[] = $token;
35		$add_token = " AND token = $2";
36		}
	33		if (!empty($token))
	34		$add_token = " AND token = @@token@@";
37	35
38	36	$sql = "DELETE FROM tokens"	$sql = "DELETE FROM tokens"
39		. " WHERE sid = $1"
	37		. " WHERE sid = @@sid@@"
40	38	. $add_token;	. $add_token;
41	39	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
42	40	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_token_valid($db, $sid, $token)
57	55	{	{
58	56	rg_log("rg_token_get: sid=$sid token=$token");	rg_log("rg_token_get: sid=$sid token=$token");
59	57
60		$params = array($token, $sid);
	58		$params = array("sid" => $sid, "token" => $token);
61	59	$sql = "SELECT 1 AS junk FROM tokens"	$sql = "SELECT 1 AS junk FROM tokens"
62		. " WHERE token = $1"
63		. " AND sid = $2";
	60		. " WHERE token = @@token@@"
	61		. " AND sid = @@sid@@";
64	62	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
65	63	if ($res === FALSE) {	if ($res === FALSE) {
66	64	rg_token_set_error("cannot get token (" . rg_sql_error() . ")");	rg_token_set_error("cannot get token (" . rg_sql_error() . ")");
...	...	function rg_token_insert($db, $sid, $token)
89	87
90	88	$now = time();	$now = time();
91	89
92		$params = array($sid, $token, $now + 24 * 3600);
	90		$params = array("sid" => $sid,
	91		"token" => $token,
	92		"expire" => $now + 24 * 3600);
93	93	$sql = "INSERT INTO tokens (sid, token, expire)"	$sql = "INSERT INTO tokens (sid, token, expire)"
94		. " VALUES ($1, $2, $3)";
	94		. " VALUES (@@sid@@, @@token@@, @@expire@@)";
95	95	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
96	96	if ($res === FALSE) {	if ($res === FALSE) {
97	97	rg_token_set_error("cannot insert token (" . rg_sql_error() . ")!");	rg_token_set_error("cannot insert token (" . rg_sql_error() . ")!");

File inc/user.inc.php changed (mode: 100644) (index 724f6fb..0123c0b)
...	...	$rg_user_rights = array(
17	17	"G" => "Grant rights"	"G" => "Grant rights"
18	18	);	);
19	19
20		rg_rights_register("user", $rg_user_rights);
	20		rg_rights_register("user", $rg_user_rights, "");
21	21
22	22	$rg_user_error = "";	$rg_user_error = "";
23	23
...	...	function rg_user_path_by_name($name)
172	172	*/	*/
173	173	function rg_user_url($ui)	function rg_user_url($ui)
174	174	{	{
175		$prefix = "";
176	175	if ($ui['organization'] == 0)	if ($ui['organization'] == 0)
177	176	$prefix = "/user";	$prefix = "/user";
	177		else
	178		$prefix = "";
178	179
179	180	return $prefix . "/" . $ui['username'];	return $prefix . "/" . $ui['username'];
180	181	}	}
...	...	function rg_user_lookup_by_old_name($db, $old_name)
243	244	break;	break;
244	245	}	}
245	246
246		$params = array($old_name);
	247		$params = array("old_name" => $old_name);
247	248	$sql = "SELECT uid FROM users_renames"	$sql = "SELECT uid FROM users_renames"
248		. " WHERE old_name = $1";
	249		. " WHERE old_name = @@old_name@@";
249	250	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
250	251	if ($res === FALSE) {	if ($res === FALSE) {
251	252	rg_user_set_error("cannot lookup old name ("	rg_user_set_error("cannot lookup old name ("
...	...	function rg_user_insert_rename($db, $uid, $old_name)
282	283	$r = rg_user_lookup_by_old_name($db, $old_name);	$r = rg_user_lookup_by_old_name($db, $old_name);
283	284	if ($r === FALSE)	if ($r === FALSE)
284	285	break;	break;
	286
	287		$params = array("uid" => $uid,
	288		"old_name" => $old_name,
	289		"now" => time());
	290
285	291	if ($r > 0) {	if ($r > 0) {
286		$params = array($uid, $old_name);
287	292	$sql = "UPDATE users_renames"	$sql = "UPDATE users_renames"
288		. " SET uid = $1"
289		. " WHERE old_name = $2";
	293		. " SET uid = @@uid@@"
	294		. " WHERE old_name = @@old_name@@";
290	295	} else {	} else {
291		$params = array($uid, $old_name, time());
292	296	$sql = "INSERT INTO users_renames (uid, old_name"	$sql = "INSERT INTO users_renames (uid, old_name"
293	297	. ", itime)"	. ", itime)"
294		. " VALUES ($1, $2, $3)";
	298		. " VALUES (@@uid@@, @@old_name@@, @@now@@)";
295	299	}	}
296	300	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
297	301	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_user_edit($db, $d)
426	430	$d['salt'] = rg_id(40);	$d['salt'] = rg_id(40);
427	431	$d['pass_crypted'] = rg_user_pass($d['salt'], $d['pass']);	$d['pass_crypted'] = rg_user_pass($d['salt'], $d['pass']);
428	432
	433		$params = array("username" => $d['username'],
	434		"realname" => $d['realname'],
	435		"salt" => $d['salt'],
	436		"pass_crypted" => $d['pass_crypted'],
	437		"email" => $d['email'],
	438		"now" => $now,
	439		"is_admin" => $d['is_admin'],
	440		"rights" => $d['rights'],
	441		"session_time" => $d['session_time'],
	442		"confirmed" => $confirmed,
	443		"confirm_token" => $d['confirm_token'],
	444		"plan_id" => $d['plan_id'],
	445		"uid" => $d['uid']);
	446
429	447	if ($d['uid'] == 0) { // add	if ($d['uid'] == 0) { // add
430	448	if (rg_user_pass_ok($d['pass']) !== TRUE)	if (rg_user_pass_ok($d['pass']) !== TRUE)
431	449	break;	break;
432	450
433		$params = array($d['username'], $d['realname'], $d['salt'],
434		$d['pass_crypted'], $d['email'], $now, $d['is_admin'],
435		$d['rights'], $d['session_time'], $confirmed,
436		$d['confirm_token'], $d['plan_id']);
437	451	$sql = "INSERT INTO users (username, realname, salt, pass"	$sql = "INSERT INTO users (username, realname, salt, pass"
438	452	. ", email, itime"	. ", email, itime"
439	453	. ", is_admin, rights, session_time"	. ", is_admin, rights, session_time"
440	454	. ", confirmed, confirm_token, plan_id)"	. ", confirmed, confirm_token, plan_id)"
441		. " VALUES ($1, $2, $3, $4, $5, $6, $7"
442		. ", $8, $9, $10, $11, $12)"
	455		. " VALUES (@@username@@, @@realname@@, @@salt@@"
	456		. ", @@pass_crypted@@, @@email@@, @@now@@"
	457		. ", @@is_admin@@, @@rights@@, @@session_time@@"
	458		. ", @@confirmed@@, @@confirm_token@@, @@plan_id@@)"
443	459	. " RETURNING uid";	. " RETURNING uid";
444	460	} else { // edit	} else { // edit
445		$params = array($d['username'], $d['realname'],
446		$d['email'], $d['is_admin'], $d['rights'],
447		$d['session_time'], $d['uid']);
448
449	461	$salt_pass_add = "";	$salt_pass_add = "";
450	462	if (!empty($d['pass'])) {	if (!empty($d['pass'])) {
451		$params[] = $d['pass_crypted'];
452		$params[] = $d['salt'];
453		$salt_pass_add = ", pass = $8, salt = $9";
	463		$params['pass_crtypted'] = $d['pass_crypted'];
	464		$params['salt'] = $d['salt'];
	465		$salt_pass_add = ", pass = @@pass_crypted@@"
	466		. ", salt = @@salt@@";
454	467	}	}
455	468
456	469	$sql = "UPDATE users"	$sql = "UPDATE users"
457		. " SET username = $1"
458		. ", realname = $2"
459		. ", email = $3"
460		. ", is_admin = $4"
461		. ", rights = $5"
462		. ", session_time = $6"
	470		. " SET username = @@username@@"
	471		. ", realname = @@realname@@"
	472		. ", email = @@email@@"
	473		. ", is_admin = @@is_admin@@"
	474		. ", rights = @@rights@@"
	475		. ", session_time = @@session_time@@"
463	476	. $salt_pass_add	. $salt_pass_add
464		. " WHERE uid = $7"
	477		. " WHERE uid = @@uid@@"
465	478	. " RETURNING uid";	. " RETURNING uid";
466	479	}	}
467	480
...	...	function rg_user_edit($db, $d)
503	516	/*	/*
504	517	* Delete a user	* Delete a user
505	518	*/	*/
506		function rg_user_remove($db, $uid)
	519		function rg_user_remove($db, $rg, $uid)
507	520	{	{
508	521	rg_prof_start("user_remove");	rg_prof_start("user_remove");
509	522	rg_log("user_remove: uid=$uid");	rg_log("user_remove: uid=$uid");
510	523
511	524	$ret = FALSE;	$ret = FALSE;
512	525	do {	do {
513		$login_ui = rg_get_login_ui();
514		if (!rg_rights_allow($login_ui['rights'], "R"))
	526		if (!rg_rights_allow($rg['login_ui']['rights'], "R", $rg['ip'], ""))
515	527	break;	break;
516	528
517		$params = array($uid);
518		$sql = "DELETE FROM users WHERE uid = $1";
	529		$params = array("uid" => $uid);
	530		$sql = "DELETE FROM users WHERE uid = @@uid@@";
519	531	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
520	532	if ($res === FALSE) {	if ($res === FALSE) {
521	533	rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")");	rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")");
...	...	function rg_user_info($db, $uid, $user, $email)
553	565	while (1) {	while (1) {
554	566	//rg_log("user_info: uid=$uid user=$user email=$email.");	//rg_log("user_info: uid=$uid user=$user email=$email.");
555	567
	568		$params = array("uid" => $uid,
	569		"user" => $user,
	570		"email" => $email);
	571
556	572	if ($uid > 0) {	if ($uid > 0) {
557	573	$c = rg_cache_get("user::" . $uid);	$c = rg_cache_get("user::" . $uid);
558	574	if ($c !== FALSE) {	if ($c !== FALSE) {
...	...	function rg_user_info($db, $uid, $user, $email)
562	578	break;	break;
563	579	}	}
564	580
565		$params = array($uid);
566		$sql = "SELECT * FROM users WHERE uid = $1";
	581		$sql = "SELECT * FROM users WHERE uid = @@uid@@";
567	582	$set_cache = TRUE;	$set_cache = TRUE;
568	583	} else if (!empty($user)) {	} else if (!empty($user)) {
569	584	if (rg_user_ok($user) !== TRUE)	if (rg_user_ok($user) !== TRUE)
...	...	function rg_user_info($db, $uid, $user, $email)
575	590	continue;	continue;
576	591	}	}
577	592
578		$params = array($user);
579		$sql = "SELECT * FROM users WHERE username = $1";
	593		$sql = "SELECT * FROM users WHERE username = @@user@@";
580	594	$set_cache_user = TRUE;	$set_cache_user = TRUE;
581	595	} else if (!empty($email)) {	} else if (!empty($email)) {
582	596	$c = rg_cache_get("email_to_uid::" . $email);	$c = rg_cache_get("email_to_uid::" . $email);
...	...	function rg_user_info($db, $uid, $user, $email)
585	599	continue;	continue;
586	600	}	}
587	601
588		$params = array($email);
589		$sql = "SELECT * FROM users WHERE email = $1";
	602		$sql = "SELECT * FROM users WHERE email = @@email@@";
590	603	$set_cache_email = TRUE;	$set_cache_email = TRUE;
591	604	} else {	} else {
592	605	break;	break;
...	...	function rg_user_info($db, $uid, $user, $email)
632	645	/*	/*
633	646	* Loads ui based on sid, if possible	* Loads ui based on sid, if possible
634	647	*/	*/
635		function rg_user_login_by_sid($db, $sid, &$ui)
	648		function rg_user_login_by_sid($db, &$rg)
636	649	{	{
637	650	rg_prof_start("user_login_by_sid");	rg_prof_start("user_login_by_sid");
638		rg_log("user_login_by_sid: sid=$sid...");
	651		rg_log("user_login_by_sid: sid=" . $rg['sid']);
639	652
640	653	// Make sure it is not passed by client	// Make sure it is not passed by client
641		$ui = array();
642		$ui['uid'] = 0;
643		$ui['is_admin'] = 0;
644		$ui['rights'] = "";
645		$ui['username'] = "";
	654		$rg['login_ui'] = array();
	655		$rg['login_ui']['uid'] = 0;
	656		$rg['login_ui']['is_admin'] = 0;
	657		$rg['login_ui']['rights'] = "";
	658		$rg['login_ui']['username'] = "";
646	659
647	660	$ret = FALSE;	$ret = FALSE;
648	661	do {	do {
649		if (empty($sid)) {
	662		if (empty($rg['sid'])) {
650	663	rg_log("\tNo sid!");	rg_log("\tNo sid!");
651	664	break;	break;
652	665	}	}
653	666
654		$sess = rg_sess_valid($db, $sid);
	667		$sess = rg_sess_valid($db, $rg['sid']);
655	668	if ($sess == FALSE) {	if ($sess == FALSE) {
656	669	rg_log("session is not valid");	rg_log("session is not valid");
657	670	break;	break;
658	671	}	}
659	672
660	673	$uid = $sess['uid'];	$uid = $sess['uid'];
661		$ui = rg_user_info($db, $uid, "", "");
662		if ($ui['exists'] != 1) {
	674		$rg['login_ui'] = rg_user_info($db, $uid, "", "");
	675		if ($rg['login_ui']['exists'] != 1) {
663	676	rg_log("\tUid $uid does not exists (" . rg_user_error() . ")!");	rg_log("\tUid $uid does not exists (" . rg_user_error() . ")!");
664	677	rg_user_set_error("invalid uid");	rg_user_set_error("invalid uid");
665	678	break;	break;
...	...	function rg_user_login_by_sid($db, $sid, &$ui)
667	680
668	681	rg_sess_update($db, $sess);	rg_sess_update($db, $sess);
669	682
670		rg_user_set_last_seen($db, $ui['uid']);
	683		rg_user_set_last_seen($db, $rg['login_ui']['uid']);
671	684
672	685	$ret = TRUE;	$ret = TRUE;
673	686	} while (0);	} while (0);
...	...	function rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, &$ui)
797	810	* Suspend an account	* Suspend an account
798	811	* 1=suspend, 0=unsuspend	* 1=suspend, 0=unsuspend
799	812	*/	*/
800		function rg_user_suspend($db, $uid, $op)
	813		function rg_user_suspend($db, $rg, $uid, $op)
801	814	{	{
802	815	rg_log("user_suspend: uid=$uid, op=$op");	rg_log("user_suspend: uid=$uid, op=$op");
803	816
804		$login_ui = rg_get_login_ui();
805		if (!rg_rights_allow($login_ui['rights'], "S"))
	817		if (!rg_rights_allow($rg['login_ui']['rights'], "S", $rg['ip'], ""))
806	818	return FALSE;	return FALSE;
807	819
808	820	$now = time();	$now = time();
...	...	function rg_user_suspend($db, $uid, $op)
812	824	else	else
813	825	$v = 0;	$v = 0;
814	826
815		$params = array($v, $uid);
816		$sql = "UPDATE users SET suspended = $1 WHERE uid = $2";
	827		$params = array("suspeneded" => $v,
	828		"uid" => $uid);
	829		$sql = "UPDATE users SET suspended = @@suspended@@"
	830		. " WHERE uid = @@uid@@";
817	831	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
818	832	if ($res === FALSE) {	if ($res === FALSE) {
819	833	rg_user_set_error("cannot suspend (" . rg_sql_error() . ")");	rg_user_set_error("cannot suspend (" . rg_sql_error() . ")");
...	...	function rg_user_suspend($db, $uid, $op)
829	843
830	844	/*	/*
831	845	* Make/remove admin	* Make/remove admin
832		* 1=make, 0=remove
	846		* @op: 1=make, 0=remove
833	847	*/	*/
834		function rg_user_make_admin($db, $uid, $op)
	848		function rg_user_make_admin($db, $rg, $uid, $op)
835	849	{	{
836	850	rg_log("user_make_admin: uid=$uid, op=$op");	rg_log("user_make_admin: uid=$uid, op=$op");
837	851	rg_prof_start("user_make_admin");	rg_prof_start("user_make_admin");
838	852
839	853	$ret = FALSE;	$ret = FALSE;
840	854	do {	do {
841		$login_ui = rg_get_login_ui();
842		if (!rg_rights_allow($login_ui['rights'], "A"))
	855		// BIG TODO: here how do we specify the target repo?!
	856		// Why should we?! It is about a user to become admin
	857		// not about a repo!
	858		// Also, we need to do a rg_rights_get to obtain the list of
	859		// rights
	860		if (!rg_rights_allow($rg['login_ui']['rights'], "A", $rg['ip'], ""))
843	861	return FALSE;	return FALSE;
844	862
845		$params = array($op, $uid);
846		$sql = "UPDATE users SET is_admin = $1 WHERE uid = $2";
	863		$params = array("op" => $op, "uid" => $uid);
	864		$sql = "UPDATE users SET is_admin = @@op@@"
	865		. " WHERE uid = @@uid@@";
847	866	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
848	867	if ($res === FALSE) {	if ($res === FALSE) {
849	868	rg_user_set_error("cannot make admin (" . rg_sql_error() . ")");	rg_user_set_error("cannot make admin (" . rg_sql_error() . ")");
...	...	function rg_user_make_admin($db, $uid, $op)
851	870	}	}
852	871	rg_sql_free_result($res);	rg_sql_free_result($res);
853	872
854		// Invalidate cache.
855		rg_cache_unset("user::" . $uid);
	873		// TODO: check if this is working
	874		rg_cache_set("user::" . $uid . "::is_admin", 1);
856	875	$ret = TRUE;	$ret = TRUE;
857	876	} while (0);	} while (0);
858	877
...	...	function rg_user_set_last_seen($db, $uid)
871	890
872	891	$IP = $_SERVER['REMOTE_ADDR'];	$IP = $_SERVER['REMOTE_ADDR'];
873	892
874		$params = array($now, $IP, $uid);
875		$sql = "UPDATE users SET last_seen = $1, last_ip = $2 WHERE uid = $3";
	893		$params = array("now" => $now,
	894		"IP" => $IP,
	895		"uid" => $uid);
	896		$sql = "UPDATE users SET last_seen = @@now@@, last_ip = @@IP@@"
	897		. " WHERE uid = @@uid@@";
876	898	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
877	899	if ($res === FALSE) {	if ($res === FALSE) {
878	900	rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")");	rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")");
...	...	function rg_user_forgot_pass_uid($db, $token)
990	1012
991	1013	$now = time();	$now = time();
992	1014
993		$params = array($token, $now);
	1015		$params = array("token" => $token, "now" => $now);
994	1016	$sql = "SELECT uid FROM forgot_pass"	$sql = "SELECT uid FROM forgot_pass"
995		. " WHERE token = $1"
996		. " AND expire > $2";
	1017		. " WHERE token = @@token@@"
	1018		. " AND expire > @@now@@";
997	1019	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
998	1020	if ($res === FALSE) {	if ($res === FALSE) {
999	1021	rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")");	rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")");
...	...	function rg_user_forgot_pass_mail_prepare($db, $email)
1041	1063	$uid = $r['uid'];	$uid = $r['uid'];
1042	1064
1043	1065	// store token in database	// store token in database
1044		$params = array($token, $uid, $expire);
	1066		$params = array("token" => $token,
	1067		"uid" => $uid,
	1068		"expire" => $expire);
1045	1069	$sql = "INSERT INTO forgot_pass (token, uid, expire)"	$sql = "INSERT INTO forgot_pass (token, uid, expire)"
1046		. " VALUES ($1, $2, $3)";
	1070		. " VALUES (@@token@@, @@uid@@, @@expire@@)";
1047	1071	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1048	1072	if ($res === FALSE) {	if ($res === FALSE) {
1049	1073	rg_user_set_error("cannot query (" . rg_sql_error() . ")");	rg_user_set_error("cannot query (" . rg_sql_error() . ")");
...	...	function rg_user_forgot_pass_destroy($db, $uid)
1111	1135	{	{
1112	1136	rg_log("user_forgot_pass_destroy: uid=$uid");	rg_log("user_forgot_pass_destroy: uid=$uid");
1113	1137
1114		$params = array($uid);
1115		$sql = "DELETE FROM forgot_pass WHERE uid = $1";
	1138		$params = array("uid" => $uid);
	1139		$sql = "DELETE FROM forgot_pass WHERE uid = @@uid@@";
1116	1140	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1117	1141	if ($res === FALSE) {	if ($res === FALSE) {
1118	1142	rg_user_set_error("cannot query (" . rg_sql_error() . ")");	rg_user_set_error("cannot query (" . rg_sql_error() . ")");
...	...	function rg_user_set_pass($db, $uid, $pass)
1130	1154	$salt = rg_id(40);	$salt = rg_id(40);
1131	1155	$pass = rg_user_pass($salt, $pass);	$pass = rg_user_pass($salt, $pass);
1132	1156
1133		$params = array($salt, $pass, $uid);
	1157		$params = array("salt" => $salt,
	1158		"pass" => $pass,
	1159		"uid" => $uid);
1134	1160	$sql = "UPDATE users SET"	$sql = "UPDATE users SET"
1135		." salt = $1"
1136		. ", pass = $2"
1137		. " WHERE uid = $3";
	1161		." salt = @@salt@@"
	1162		. ", pass = @@pass@@"
	1163		. " WHERE uid = @@uid@@";
1138	1164	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1139	1165	if ($res === FALSE) {	if ($res === FALSE) {
1140	1166	rg_user_set_error("cannot update pass (" . rg_sql_error() . ")");	rg_user_set_error("cannot update pass (" . rg_sql_error() . ")");
...	...	function rg_user_confirm($db, $token)
1166	1192	break;	break;
1167	1193	}	}
1168	1194
1169		$params = array($token);
1170		$sql = "SELECT uid FROM users WHERE confirm_token = $1";
	1195		$params = array("token" => $token);
	1196		$sql = "SELECT uid FROM users WHERE confirm_token = @@token@@";
1171	1197	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1172	1198	if ($res === FALSE) {	if ($res === FALSE) {
1173	1199	rg_user_set_error("cannot search for token (" . rg_sql_error() . ")");	rg_user_set_error("cannot search for token (" . rg_sql_error() . ")");
...	...	function rg_user_confirm($db, $token)
1184	1210	$uid = $row['uid'];	$uid = $row['uid'];
1185	1211
1186	1212	// "< 2" because we mark with "1" if "no need to confirm"	// "< 2" because we mark with "1" if "no need to confirm"
1187		$params = array($now, $uid);
1188		$sql = "UPDATE users SET confirmed = $1"
1189		. " WHERE uid = $2"
	1213		$params = array("now" => $now, "uid" => $uid);
	1214		$sql = "UPDATE users SET confirmed = @@now@@"
	1215		. " WHERE uid = @@uid@@"
1190	1216	. " AND confirmed < 2";	. " AND confirmed < 2";
1191	1217	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1192	1218	if ($res === FALSE) {	if ($res === FALSE) {
...	...	function rg_user_confirm($db, $token)
1209	1235	*/	*/
1210	1236	function rg_user_suggestion($db, $uid, $email, $suggestion)	function rg_user_suggestion($db, $uid, $email, $suggestion)
1211	1237	{	{
1212		$params = array($uid, $email, $suggestion);
	1238		rg_log("user_suggestion: uid=$uid email=$email suggestion=$suggestion");
	1239
	1240		$params = array("uid" => $uid,
	1241		"email" => $email,
	1242		"sug" => $suggestion);
1213	1243	$sql = "INSERT INTO suggestions (uid, email, suggestion)"	$sql = "INSERT INTO suggestions (uid, email, suggestion)"
1214		. " VALUES ($1, $2, $3)";
	1244		. " VALUES (@@uid@@, @@email@@, @@sug@@)";
1215	1245	$res = rg_sql_query_params($db, $sql, $params);	$res = rg_sql_query_params($db, $sql, $params);
1216	1246	if ($res === FALSE) {	if ($res === FALSE) {
1217	1247	rg_user_set_error("cannot add suggestion (" . rg_sql_error() . ")");	rg_user_set_error("cannot add suggestion (" . rg_sql_error() . ")");
...	...	function rg_user_over_limit($db, $ui, &$max)
1244	1274	return FALSE;	return FALSE;
1245	1275	}	}
1246	1276
1247		/*
1248		* Returns the login structure of the logged-in user
1249		*/
1250		function rg_user_get_login_ui()
1251		{
1252		global $login_ui;
1253
1254		return $login_ui;
1255		}
1256
1257		/*
1258		* Returns the login structure of the target user (admin section)
1259		*/
1260		function rg_user_get_target_ui()
1261		{
1262		global $target_ui;
1263
1264		return $target_ui;
1265		}
1266
1267	1277	/*	/*
1268	1278	* Test access of a login_user to an uid	* Test access of a login_user to an uid
1269	1279	* TODO: Admin will have access...	* TODO: Admin will have access...
1270	1280	*/	*/
1271		function rg_user_allow_access($login_ui, $uid)
	1281		function rg_user_allow_access($login_ui, $uid, $ip)
1272	1282	{	{
1273	1283	/* uid 0 does not exists */	/* uid 0 does not exists */
1274	1284	if ($uid == 0)	if ($uid == 0)
...	...	function rg_user_allow_access($login_ui, $uid)
1277	1287	if ($login_ui['uid'] == $uid)	if ($login_ui['uid'] == $uid)
1278	1288	return TRUE;	return TRUE;
1279	1289
1280		if (rg_rights_allow($login_ui['rights'], "U"))
	1290		if (rg_rights_allow($login_ui['rights'], "U", $ip, ""))
1281	1291	return TRUE;	return TRUE;
1282	1292
1283	1293	rg_security_violation_no_exit("uid " . $login_ui['uid']	rg_security_violation_no_exit("uid " . $login_ui['uid']
...	...	function rg_user_allow_access($login_ui, $uid)
1292	1302	/*	/*
1293	1303	* High-level function for editing a user	* High-level function for editing a user
1294	1304	*/	*/
1295		function rg_user_edit_high_level($db, $sid, $more)
	1305		function rg_user_edit_high_level($db, $rg)
1296	1306	{	{
1297	1307	rg_log("user_edit_high_level");	rg_log("user_edit_high_level");
1298	1308
1299	1309	$ret = "";	$ret = "";
1300	1310
1301		$login_ui = rg_user_get_login_ui();
1302		$target_ui = rg_user_get_target_ui();
1303		$doit = rg_var_uint("doit");
1304
1305		if (!rg_user_allow_access($login_ui, $target_ui['uid'])) {
1306		$ret .= rg_template("access_denied.html", $more);
	1311		// TODO: what this means?! it is not clear what below function does
	1312		if (!rg_user_allow_access($rg['login_ui'], $rg['target_ui']['uid'],
	1313		$rg['ip'])) {
	1314		$ret .= rg_template("access_denied.html", $rg);
1307	1315	return $ret;	return $ret;
1308	1316	}	}
1309	1317
1310		if (($target_ui['uid'] == 0) && ($more['rg_account_allow_creation'] != 1)) {
1311		$ret .= rg_template("user/create_na.html", $more);
	1318		if (($rg['target_ui']['uid'] == 0)
	1319		&& ($rg['rg_account_allow_creation'] != 1)) {
	1320		$ret .= rg_template("user/create_na.html", $rg);
1312	1321	return $ret;	return $ret;
1313	1322	}	}
1314	1323
1315		if ($target_ui['uid'] > 0)
1316		$more['create_mode'] = 0;
	1324		if ($rg['target_ui']['uid'] > 0)
	1325		$rg['create_mode'] = 0;
1317	1326	else	else
1318		$more['create_mode'] = 1;
	1327		$rg['create_mode'] = 1;
1319	1328
1320		if ($doit == 0) {
1321		if ($target_ui['uid'] > 0) {
	1329		if ($rg['doit'] == 0) {
	1330		if ($rg['target_ui']['uid'] > 0) {
1322	1331	// TODO: check also access rights?	// TODO: check also access rights?
1323		$ui = $target_ui;
	1332		$ui = $rg['target_ui'];
1324	1333	} else {	} else {
1325	1334	// Defaults	// Defaults
1326	1335	$ui = array();	$ui = array();
...	...	function rg_user_edit_high_level($db, $sid, $more)
1331	1340	$ui['pass'] = "";	$ui['pass'] = "";
1332	1341	$ui['pass2'] = "";	$ui['pass2'] = "";
1333	1342	$ui['is_admin'] = "0";	$ui['is_admin'] = "0";
1334		$ui['rights'] = rg_rights_checkboxes("user", "C"); // TODO
	1343		$ui['rights'] = rg_rights_checkboxes("user", "rights", "C"); // TODO
1335	1344	$ui['plan_id'] = 0;	$ui['plan_id'] = 0;
1336	1345	$ui['session_time'] = 600;	$ui['session_time'] = 600;
1337	1346	}	}
...	...	function rg_user_edit_high_level($db, $sid, $more)
1340	1349	$errmsg = array();	$errmsg = array();
1341	1350	$load_form = TRUE;	$load_form = TRUE;
1342	1351	do {	do {
1343		if ($doit != 1)
	1352		if ($rg['doit'] != 1)
	1353		break;
	1354
	1355		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	1356		$errmsg[] = "invalid token; try again";
1344	1357	break;	break;
	1358		}
1345	1359
1346	1360	$ui = array();	$ui = array();
1347		$ui['uid'] = $target_ui['uid'];
	1361		$ui['uid'] = $rg['target_ui']['uid'];
1348	1362	$ui['username'] = rg_var_str("username");	$ui['username'] = rg_var_str("username");
1349	1363	$ui['realname'] = rg_var_str("realname");	$ui['realname'] = rg_var_str("realname");
1350	1364	$ui['email'] = rg_var_str("email");	$ui['email'] = rg_var_str("email");
1351	1365	$ui['pass'] = rg_var_str("pass");	$ui['pass'] = rg_var_str("pass");
1352	1366	$ui['pass2'] = rg_var_str("pass2");	$ui['pass2'] = rg_var_str("pass2");
1353		$ui['is_admin'] = rg_var_uint("is_admin");
	1367		$ui['is_admin'] = rg_var_bool("is_admin");
1354	1368	$ui['rights'] = "C"; // TODO	$ui['rights'] = "C"; // TODO
1355	1369	$ui['plan_id'] = rg_var_uint("plan_id");	$ui['plan_id'] = rg_var_uint("plan_id");
1356	1370	$ui['session_time'] = rg_var_uint("session_time");	$ui['session_time'] = rg_var_uint("session_time");
1357	1371	$ui['confirm_token'] = rg_id(20);	$ui['confirm_token'] = rg_id(20);
1358	1372
1359		$token = rg_var_str("token");
1360
1361		if (!rg_token_valid($db, $sid, $token)) {
1362		$errmsg[] = "invalid token; try again";
	1373		if (($rg['login_ui']['is_admin'] != 1) && ($ui['is_admin'] != 0)) {
	1374		$errmsg[] = "you are not admin, you cannot give admin rights";
1363	1375	break;	break;
1364	1376	}	}
1365	1377
...	...	function rg_user_edit_high_level($db, $sid, $more)
1393	1405	// TODO: should we just redirect to login page?	// TODO: should we just redirect to login page?
1394	1406	// TODO: or to user page if there is no need to confirm the account?	// TODO: or to user page if there is no need to confirm the account?
1395	1407	if ($ui['uid'] == 0)	if ($ui['uid'] == 0)
1396		$ret = rg_template("user/create_ok.html", $more);
	1408		$ret = rg_template("user/create_ok.html", $rg);
1397	1409	else	else
1398		$ret = rg_template("user/edit_ok.html", $more);
	1410		$ret = rg_template("user/edit_ok.html", $rg);
1399	1411	$load_form = FALSE;	$load_form = FALSE;
1400	1412	} while (0);	} while (0);
1401	1413
1402	1414	if ($load_form) {	if ($load_form) {
1403		if (rg_rights_allow($login_ui['rights'], "U"))
1404		$more['admin_mode'] = 1;
1405		else
1406		$more['admin_mode'] = 0;
1407
1408		$more = array_merge($more, $ui);
1409		$more['HTML:select_plan'] = rg_plan_select($db, $ui['plan_id']);
1410		$more['HTML:checkbox_rights'] = rg_rights_checkboxes("user", $ui['rights']);
1411		$more['HTML:errmsg'] = rg_template_errmsg($errmsg);
1412		$more['rg_form_token'] = rg_token_get($db, $sid);
1413		$ret .= rg_template("user/add_edit.html", $more);
	1415		$rg = array_merge($rg, $ui);
	1416		$rg['HTML:select_plan'] = rg_plan_select($db, $ui['plan_id']);
	1417		$rg['HTML:checkbox_rights'] = rg_rights_checkboxes("user",
	1418		"rights", $ui['rights']);
	1419		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	1420		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	1421		$ret .= rg_template("user/add_edit.html", $rg);
1414	1422	}	}
1415	1423
1416	1424	return $ret;	return $ret;

File inc/user/confirm.php changed (mode: 100644) (index 9b91e35..2f4343b)
1	1	<?php	<?php
2		rg_log("/inc/user/confirm");
	2		rg_log("FILE: /inc/user/confirm");
3	3
4	4	$token = empty($paras) ? "" : array_shift($paras);	$token = empty($paras) ? "" : array_shift($paras);
5	5
...	...	$uid = rg_user_confirm($db, $token);
9	9	if ($uid !== FALSE) {	if ($uid !== FALSE) {
10	10	// auto-login	// auto-login
11	11	$lock_ip = 0; // TODO: What should we do here? Present a form?	$lock_ip = 0; // TODO: What should we do here? Present a form?
12		if (rg_user_auto_login($db, $uid, $lock_ip, $login_ui)) {
13		$url = rg_re_userpage($login_ui);
	12		if (rg_user_auto_login($db, $uid, $lock_ip, $rg['login_ui'])) {
	13		$url = rg_re_userpage($rg['login_ui']);
14	14	rg_redirect($url);	rg_redirect($url);
15	15	}	}
16	16	}	}
17	17
18	18	// error	// error
19		$_confirm = rg_template("user/bad_token.html", $more);
	19		$_confirm = rg_template("user/bad_token.html", $rg);
20	20
21	21	?>	?>

File inc/user/forgot.php changed (mode: 100644) (index 3e1332c..36b2170)
1	1	<?php	<?php
2		rg_log("/inc/user/forgot");
	2		rg_log("FILE: /inc/user/forgot");
3	3
4	4	$forgot_token = empty($paras) ? "" : array_shift($paras);	$forgot_token = empty($paras) ? "" : array_shift($paras);
5	5	$forgot_token = preg_replace("/[^A-Za-z0-9]/", "", $forgot_token);	$forgot_token = preg_replace("/[^A-Za-z0-9]/", "", $forgot_token);
6	6
7		$forgot_more = $more;
8	7	$pass1 = rg_var_str("pass1");	$pass1 = rg_var_str("pass1");
9	8	$pass2 = rg_var_str("pass2");	$pass2 = rg_var_str("pass2");
10	9	$lock_ip = rg_var_uint("lock_ip");	$lock_ip = rg_var_uint("lock_ip");
...	...	$_forgot = "";
13	12
14	13	$errmsg = array();	$errmsg = array();
15	14
16		if ($doit == 1) {
	15		if ($rg['doit'] == 1) {
17	16	if (strcmp($pass1, $pass2) != 0) {	if (strcmp($pass1, $pass2) != 0) {
18	17	$errmsg[] = "Passwords mismatch.";	$errmsg[] = "Passwords mismatch.";
19	18	} else {	} else {
...	...	if ($doit == 1) {
35	34
36	35	rg_user_forgot_pass_destroy($db, $r['uid']);	rg_user_forgot_pass_destroy($db, $r['uid']);
37	36	// auto-login	// auto-login
38		if (!rg_user_auto_login($db, $r['uid'], $lock_ip, $login_ui)) {
	37		if (!rg_user_auto_login($db, $r['uid'], $lock_ip, $rg['login_ui'])) {
39	38	$_forgot = rg_template("msg/internal.txt");	$_forgot = rg_template("msg/internal.txt");
40	39	return;	return;
41	40	}	}
42	41
43	42	// redirect to home	// redirect to home
44		$url = rg_re_userpage($login_ui);
	43		$url = rg_re_userpage($rg['login_ui']);
45	44	rg_redirect($url);	rg_redirect($url);
46	45	}	}
47	46	}	}
48	47
49		$forgot_more['forgot_token'] = $forgot_token;
50		$forgot_more['pass1'] = $pass1;
51		$forgot_more['pass2'] = $pass2;
52		$forgot_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
53		$_forgot .= rg_template("user/forgot.html", $forgot_more);
	48		$rg['forgot_token'] = $forgot_token;
	49		$rg['pass1'] = $pass1;
	50		$rg['pass2'] = $pass2;
	51		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	52		$_forgot .= rg_template("user/forgot.html", $rg);
54	53	?>	?>

File inc/user/forgot_send.php changed (mode: 100644) (index 0f964f4..edf6db4)
1	1	<?php	<?php
2		rg_log("/inc/user/forgot_send");
	2		rg_log("FILE: /inc/user/forgot_send");
3	3
4		$forgot_send_more = $more;
	4		$forgot_send_more = $rg;
5	5	$email = rg_var_str("email");	$email = rg_var_str("email");
6	6
7	7	$_forgot = "";	$_forgot = "";
...	...	$_forgot = "";
9	9	$errmsg = array();	$errmsg = array();
10	10
11	11	$_show_form = 1;	$_show_form = 1;
12		if ($doit == 1) {
	12		if ($rg['doit'] == 1) {
13	13	$r = rg_user_forgot_pass_mail($db, $email);	$r = rg_user_forgot_pass_mail($db, $email);
14	14	if ($r['ok'] == 0) {	if ($r['ok'] == 0) {
15	15	$errmsg[] = "Internal error! Try again later.";	$errmsg[] = "Internal error! Try again later.";

File inc/user/home-page.php changed (mode: 100644) (index d2bd67e..971f5cf)
1	1	<?php	<?php
2		rg_log("/inc/user/home-page");
	2		rg_log("FILE: /inc/user/home-page");
3	3
4	4	$_home = "";	$_home = "";
5	5
6	6	$page_ui = rg_user_info($db, 0, $user, "");	$page_ui = rg_user_info($db, 0, $user, "");
7	7	if ($page_ui['exists'] == 0) {	if ($page_ui['exists'] == 0) {
8		$_home .= rg_template("user/invalid.html", $more);
	8		$_home .= rg_template("user/invalid.html", $rg);
9	9	return;	return;
10	10	}	}
11	11
12	12	// list of repositories	// list of repositories
13		$_home .= rg_repo_list($db, "", $page_ui);
	13		$_home .= rg_repo_list($db, $rg, "", $page_ui);
14	14	?>	?>

File inc/user/keys/keys.php changed (mode: 100644) (index ab8a437..b99d68e)
1	1	<?php	<?php
2		rg_log("/inc/user/keys/keys");
	2		rg_log("FILE: /inc/user/keys/keys");
3	3
4	4	$add_errmsg = array();	$add_errmsg = array();
5	5	$del_errmsg = array();	$del_errmsg = array();
6		$_my_more = $more;
	6		$_my_more = $rg;
7	7
8	8	$_keys = "";	$_keys = "";
9	9
...	...	$key_delete_ids = rg_var_str("key_delete_ids");
15	15	// menu	// menu
16	16	$_url = rg_re_url($sparas);	$_url = rg_re_url($sparas);
17	17
	18		$_my_more['HTML:status'] = "";
	19
18	20	if (rg_var_uint("add") == 1) {	if (rg_var_uint("add") == 1) {
19	21	do {	do {
20		if (!rg_token_valid($db, $sid, $token)) {
	22		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
21	23	$add_errmsg[] = "Invalid token. Try again.";	$add_errmsg[] = "Invalid token. Try again.";
22	24	break;	break;
23	25	}	}
24	26
25		$_r = rg_keys_add($db, $login_ui, $key);
	27		$_r = rg_keys_add($db, $rg['login_ui'], $key);
26	28	if ($_r === FALSE)	if ($_r === FALSE)
27	29	$add_errmsg[] = rg_keys_error();	$add_errmsg[] = rg_keys_error();
28	30	} while (0);	} while (0);
29	31	} else if (rg_var_uint("delete") == 1) {	} else if (rg_var_uint("delete") == 1) {
30	32	do {	do {
31		if (!rg_token_valid($db, $sid, $token)) {
	33		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
32	34	$del_errmsg[] = "Invalid token. Try again.";	$del_errmsg[] = "Invalid token. Try again.";
33	35	break;	break;
34	36	}	}
...	...	if (rg_var_uint("add") == 1) {
38	40	break;	break;
39	41	}	}
40	42
41		if (rg_keys_remove($db, $login_ui, $key_delete_ids) !== TRUE) {
	43		if (rg_keys_remove($db, $rg['login_ui'], $key_delete_ids) !== TRUE) {
42	44	$del_errmsg[] = rg_keys_error();	$del_errmsg[] = rg_keys_error();
43	45	break;	break;
44	46	}	}
	47
	48		$_my_more['HTML:status'] =
	49		rg_template("user/keys/remove_ok.html", $_my_more);
45	50	} while (0);	} while (0);
46	51	}	}
47	52
...	...	$_my_more['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
50	55
51	56	$_my_more['HTML:add_form'] = rg_template("user/keys/add.html", $_my_more);	$_my_more['HTML:add_form'] = rg_template("user/keys/add.html", $_my_more);
52	57
53		$keys_list = rg_keys_list($db, $login_ui);
	58		$keys_list = rg_keys_list($db, $rg['login_ui']);
54	59	if ($keys_list === FALSE)	if ($keys_list === FALSE)
55	60	$_my_more['HTML:keys'] = rg_warning("Could not load keys. Try later."); // TODO	$_my_more['HTML:keys'] = rg_warning("Could not load keys. Try later."); // TODO
56	61	else	else
...	...	if ($rg_ssh_port != 0)
61	66	$hints[]['HTML:hint'] = rg_template("hints/ssh/key.html", $_my_more);	$hints[]['HTML:hint'] = rg_template("hints/ssh/key.html", $_my_more);
62	67	$_my_more['HTML:hints'] = rg_template_table("hints/list", $hints, $_my_more);	$_my_more['HTML:hints'] = rg_template_table("hints/list", $hints, $_my_more);
63	68
64		$_my_more['rg_form_token'] = rg_token_get($db, $sid);
	69		$_my_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
65	70	$_my_more['key'] = $key;	$_my_more['key'] = $key;
66	71
67	72	$_keys = rg_template("user/keys/main.html", $_my_more);	$_keys = rg_template("user/keys/main.html", $_my_more);

File inc/user/pass/pass.php changed (mode: 100644) (index fb012be..231c7fa)
1	1	<?php	<?php
2		rg_log("/inc/user/pass/pass");
3
4		$user_pass_more = $more;
	2		rg_log("FILE: /inc/user/pass/pass");
5	3
6	4	$errmsg = array();	$errmsg = array();
7	5
...	...	$pass2 = rg_var_str("pass2");
13	11
14	12	$show_form = 1;	$show_form = 1;
15	13	do {	do {
16		if ($doit != 1)
	14		if ($rg['doit'] != 1)
17	15	break;	break;
18	16
19		if (!rg_token_valid($db, $sid, $token)) {
	17		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
20	18	$errmsg[] = "invalid token; try again";	$errmsg[] = "invalid token; try again";
21	19	break;	break;
22	20	}	}
...	...	do {
26	24	break;	break;
27	25	}	}
28	26
29		if (!rg_user_pass_valid($db, $login_ui['uid'], $old_pass)) {
	27		if (!rg_user_pass_valid($db, $rg['login_ui']['uid'], $old_pass)) {
30	28	$errmsg[] = "old password is invalid";	$errmsg[] = "old password is invalid";
31	29	break;	break;
32	30	}	}
33	31
34		if (!rg_user_set_pass($db, $login_ui['uid'], $pass1)) {
	32		if (!rg_user_set_pass($db, $rg['login_ui']['uid'], $pass1)) {
35	33	$errmsg[] = rg_user_error();	$errmsg[] = rg_user_error();
36	34	break;	break;
37	35	}	}
38	36
39		$_pass .= rg_ok("Password was changed with success!");
	37		$_pass .= rg_template("user/pass_changed.html", $rg);
40	38	$show_form = 0;	$show_form = 0;
41	39	} while (0);	} while (0);
42	40
43	41	if ($show_form == 1) {	if ($show_form == 1) {
44		$user_pass_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
45		$user_pass_more['rg_form_token'] = rg_token_get($db, $sid);
46		$user_pass_more['old_pass'] = $old_pass;
47		$user_pass_more['pass1'] = $pass1;
48		$user_pass_more['pass2'] = $pass2;
	42		$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	43		$rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
	44		$rg['old_pass'] = $old_pass;
	45		$rg['pass1'] = $pass1;
	46		$rg['pass2'] = $pass2;
49	47
50		$_pass .= rg_template("user/pass.html", $user_pass_more);
	48		$_pass .= rg_template("user/pass.html", $rg);
51	49	}	}
52	50
53	51	?>	?>

File inc/user/repo-page.php changed (mode: 100644) (index f4e096f..60370f3)
1	1	<?php	<?php
2		rg_log("/inc/user/repo-page");
	2		rg_log("FILE: /inc/user/repo-page");
3	3
4	4	$_repo_page = "";	$_repo_page = "";
5		$repo_more = $more;
6		rg_log("DEBUG: repo_more: " . rg_array2string($repo_more));
7	5
8	6	if (rg_user_ok($user) !== TRUE) {	if (rg_user_ok($user) !== TRUE) {
9	7	$_repo_page .= rg_warning("Invalid user!");	$_repo_page .= rg_warning("Invalid user!");
10	8	return;	return;
11	9	}	}
12		$page_ui = rg_user_info($db, 0, $user, "");
13		if ($page_ui['ok'] != 1) {
	10		$rg['page_ui'] = rg_user_info($db, 0, $user, "");
	11		if ($rg['page_ui']['ok'] != 1) {
14	12	$_repo_page .= rg_warning("Internal error!");	$_repo_page .= rg_warning("Internal error!");
15	13	return;	return;
16	14	}	}
17		if ($page_ui['exists'] != 1) {
18		$_repo_page .= rg_template("user/invalid.html", $repo_more);
	15		if ($rg['page_ui']['exists'] != 1) {
	16		$_repo_page .= rg_template("user/invalid.html", $rg);
19	17	return;	return;
20	18	}	}
21	19
22	20	if (rg_repo_ok($repo) !== TRUE) {	if (rg_repo_ok($repo) !== TRUE) {
23		$_repo_page .= rg_template("repo/invalid.html", $repo_more);
	21		$_repo_page .= rg_template("repo/invalid.html", $rg);
24	22	return;	return;
25	23	}	}
26		$ri = rg_repo_info($db, 0, $page_ui['uid'], $repo);
27		if ($ri['ok'] != 1) {
	24		$rg['ri'] = rg_repo_info($db, 0, $rg['page_ui']['uid'], $repo);
	25		if ($rg['ri']['ok'] != 1) {
28	26	$_repo_page .= rg_warning("Internal error!");	$_repo_page .= rg_warning("Internal error!");
29	27	return;	return;
30	28	}	}
31		if ($ri['exists'] != 1) {
32		$_repo_page .= rg_template("repo/invalid.html", $repo_more);
	29		if ($rg['ri']['exists'] != 1) {
	30		$_repo_page .= rg_template("repo/invalid.html", $rg);
33	31	return;	return;
34	32	}	}
35	33
36		if ($ri['git_dir_done'] == 0) {
	34		if ($rg['ri']['git_dir_done'] == 0) {
37	35	// We will wait a little for the git dir to be done	// We will wait a little for the git dir to be done
38	36	// TODO: Should we really wait for this?!	// TODO: Should we really wait for this?!
39	37	// We may just consider that the repo is empty. Hm.	// We may just consider that the repo is empty. Hm.
40		$ev_id = "repo_create-" . $login_ui['uid'] . "-" . $ri['repo_id'] . "-git";
	38		$ev_id = "repo_create-" . $rg['login_ui']['uid'] . "-"
	39		. $rg['ri']['repo_id'] . "-git";
41	40	$timeout = 10 * 1000; // seconds	$timeout = 10 * 1000; // seconds
42	41	$r = rg_event_signal_daemon($ev_id, $timeout);	$r = rg_event_signal_daemon($ev_id, $timeout);
43	42	if ($r === FALSE) {	if ($r === FALSE) {
...	...	if ($ri['git_dir_done'] == 0) {
47	46	}	}
48	47	}	}
49	48
50		// We must not allow access to a private repo (check for fetch)
51		if (rg_repo_allow($db, $ri, $login_ui, "A") !== TRUE) {
52		$_repo_page .= rg_warning("Not existent repo!");
	49		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "A", $rg['ip'], "") !== TRUE) {
	50		$_repo_page .= rg_template("user/repo/deny.html", $rg);
53	51	return;	return;
54	52	}	}
55	53
56		$page_ui = rg_user_info($db, 0, $user, "");
57		if ($page_ui === FALSE) {
58		$_repo_page .= rg_warning("Invalid user!");
59		return;
60		}
61	54	// TODO: should we test against $ri?!	// TODO: should we test against $ri?!
62		$can_admin = (rg_repo_allow($db, $ri, $login_ui, "A") === TRUE) ? 1 : 0;
	55		$can_admin = rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") === TRUE ? 1 : 0;
63	56
64		$_t = array(
65		"owner" => $user,
66		"url_user" => rg_re_userpage($page_ui),
67		"url_repo" => rg_re_repopage($page_ui, $repo),
68		"ssh" => rg_re_repo_ssh($organization, $user, $repo),
69		"git" => rg_re_repo_git($organization, $user, $repo),
70		"can_admin" => $can_admin
71		);
72		$repo_more = array_merge($repo_more, $_t);
73		$repo_more = array_merge($repo_more, $ri);
74		$repo_more['default_rights'] = implode(", ", rg_rights_text("repo", $ri['default_rights']));
75		$repo_more['max_commit_size'] = $ri['max_commit_size'] == 0 ? "unlimited" : rg_1024($ri['max_commit_size']);
	57		$rg['url_user'] = rg_re_userpage($rg['page_ui']);
	58		$rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo);
	59		$rg['ssh'] = rg_re_repo_ssh($organization, $user, $repo);
	60		$rg['git'] = rg_re_repo_git($organization, $user, $repo);
	61		$rg['can_admin'] = $can_admin;
	62		$repo_more = $rg;
76	63	$repo_more['hints'] = "";	$repo_more['hints'] = "";
77	64
78		$repo_path = rg_repo_path_by_id($ri['uid'], $ri['repo_id']);
	65		$repo_path = rg_repo_path_by_id($rg['ri']['uid'], $rg['ri']['repo_id']);
79	66	rg_log("repo_path=$repo_path");	rg_log("repo_path=$repo_path");
80	67	putenv("GIT_DIR=$repo_path"); // TODO: this will be removed after all functios will got a path para	putenv("GIT_DIR=$repo_path"); // TODO: this will be removed after all functios will got a path para
81	68
82	69	$repo_more['repo_body'] = "";	$repo_more['repo_body'] = "";
83	70	$repo_more['repo_right'] = "";	$repo_more['repo_right'] = "";
84	71	$repo_more['branches_and_tags'] = "";	$repo_more['branches_and_tags'] = "";
	72		$repo_more['repo_submenu'] = "";
85	73	$_repo_body = "";	$_repo_body = "";
86	74	$_repo_right = "";	$_repo_right = "";
87	75
...	...	$repo_more['HTML:urls'] = rg_template_table("repo/urls", $urls, $repo_more);
97	85	$_subop = empty($paras) ? "history" : array_shift($paras);	$_subop = empty($paras) ? "history" : array_shift($paras);
98	86
99	87	if (strcmp($_subop, "history") == 0) {	if (strcmp($_subop, "history") == 0) {
100		$hist = rg_repo_history_load($db, $ri['repo_id'], 0, 20, 0);
	88		$hist = rg_repo_history_load($db, $rg['ri']['repo_id'], 0, 20, 0);
101	89	if ($hist === FALSE)	if ($hist === FALSE)
102	90	$_repo_body .= rg_warning("Cannot load history. Try again later.");	$_repo_body .= rg_warning("Cannot load history. Try again later.");
103	91	else	else
104	92	$_repo_body .= rg_template_table("repo/history", $hist, $repo_more);	$_repo_body .= rg_template_table("repo/history", $hist, $repo_more);
105	93	} else if (strcmp($_subop, "admin") == 0) {	} else if (strcmp($_subop, "admin") == 0) {
106		include($INC . "/user/repo/admin/admin.php");
107		$_repo_body .= $_admin;
	94		$_repo_body .= rg_repo_admin($db, $rg, $paras);
108	95	} else if (strcmp($_subop, "source") == 0) {	} else if (strcmp($_subop, "source") == 0) {
109	96	$_subsubop = empty($paras) ? "" : array_shift($paras);	$_subsubop = empty($paras) ? "" : array_shift($paras);
110	97
...	...	if (strcmp($_subop, "history") == 0) {
122	109	$hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more);	$hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more);
123	110	if ($rg_git_port != 0)	if ($rg_git_port != 0)
124	111	$hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more);	$hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more);
125		if (rg_rights_allow($ri['default_rights'], "H")) // anonymous push?
	112		if (rg_repo_allow($db, "repo_refs", $rg['ri'], $rg['login_ui'], "H", $rg['ip'], FALSE)) /* H = anon push */
126	113	$hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more);	$hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more);
127	114	$repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);	$repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);
128	115
...	...	if (strcmp($_subop, "history") == 0) {
239	226	if (empty($paras)) {	if (empty($paras)) {
240	227	$_repo_body .= rg_template("repo/mrs.html", $repo_more);	$_repo_body .= rg_template("repo/mrs.html", $repo_more);
241	228
242		$r = rg_mr_load($db, $ri['repo_id'], 20);
	229		$r = rg_mr_load($db, $rg['ri']['repo_id'], 20);
243	230	if ($r === FALSE) {	if ($r === FALSE) {
244	231	$_repo_body .= "Error getting merge request list ("	$_repo_body .= "Error getting merge request list ("
245	232	. rg_mr_error() . ").";	. rg_mr_error() . ").";
...	...	if (strcmp($_subop, "history") == 0) {
250	237	} else {	} else {
251	238	$mr = preg_replace('/[^0-9a-zA-Z_]/', '', array_shift($paras));	$mr = preg_replace('/[^0-9a-zA-Z_]/', '', array_shift($paras));
252	239	do {	do {
253		$mri = rg_mr_load_one($db, $ri['repo_id'], $mr);
	240		$mri = rg_mr_load_one($db, $rg['ri']['repo_id'], $mr);
254	241	if ($mri === FALSE) {	if ($mri === FALSE) {
255	242	$_repo_body .= "Error getting merge request (" . rg_mr_error() . ").";	$_repo_body .= "Error getting merge request (" . rg_mr_error() . ").";
256	243	break;	break;

File inc/user/repo/bug/main.php changed (mode: 100644) (index d8d059d..17e3998)
1	1	<?php	<?php
2		rg_log("/inc/user/repo/bug/main");
	2		rg_log("FILE: /inc/user/repo/bug/main");
3	3
4	4	$repo_bug_more = $repo_more;	$repo_bug_more = $repo_more;
5	5	$_bug_body = "";	$_bug_body = "";
6	6
7		$repo_bug_more['can_save'] = $login_ui['uid'] > 0 ? 1 : 0;
	7		$repo_bug_more['can_save'] = $rg['login_ui']['uid'] > 0 ? 1 : 0;
8	8
9	9	$_op = empty($paras) ? "list" : array_shift($paras);	$_op = empty($paras) ? "list" : array_shift($paras);
10	10	switch ($_op) {	switch ($_op) {
...	...	case 'search':
14	14	break;	break;
15	15
16	16	case 'add':	case 'add':
17		include($INC . "/user/repo/bug/add/add.php");
18		$_bug_body .= $_bug_add;
	17		$_bug_body .= rg_bug_edit_high_level($db, $repo_more);
19	18	break;	break;
20	19
21		case 'list': /* list */
	20		case 'list':
22	21	$_search = empty($paras) ? "All" : array_shift($paras);	$_search = empty($paras) ? "All" : array_shift($paras);
23	22
24		// Somebody pressed "Remove" button?
	23		// Somebody pressed "Remove" (search) button?
25	24	if (rg_var_uint("remove") == 1) {	if (rg_var_uint("remove") == 1) {
26		if (!rg_token_valid($db, $sid, $token)) {
	25		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
27	26	$_bug_body .= rg_warning("Error: invalid token. Try again."); // TODO	$_bug_body .= rg_warning("Error: invalid token. Try again."); // TODO
28		exit(1); // security_violation!
	27		exit(1); // security_violation?!
29	28	}	}
30	29
31		$r = rg_bug_search_remove($db, $ri['repo_id'], $login_ui['uid'],
32		$_search);
	30		$r = rg_bug_search_remove($db, $rg['ri']['repo_id'],
	31		$rg['login_ui']['uid'], $_search);
33	32	if ($r === FALSE)	if ($r === FALSE)
34	33	$_bug_body .= rg_warning("Error: cannot delete search!"); // TODO	$_bug_body .= rg_warning("Error: cannot delete search!"); // TODO
35	34	}	}
36	35
37		$r = rg_bug_search_load_all($db, $ri['repo_id'], $login_ui['uid']);
	36		$r = rg_bug_search_load_all($db, $rg['ri']['repo_id'], $rg['login_ui']['uid']);
38	37	if ($r === FALSE) {	if ($r === FALSE) {
39	38	$_bug_body .= rg_warning("Error: cannot load all searches!"); // TODO	$_bug_body .= rg_warning("Error: cannot load all searches!"); // TODO
40	39	} else {	} else {
...	...	case 'list': /* list */
42	41	$r, $repo_bug_more);	$r, $repo_bug_more);
43	42	}	}
44	43
45		$filter = rg_bug_search_load($db, $ri['repo_id'], $login_ui['uid'], $_search);
	44		$filter = rg_bug_search_load($db, $rg['ri']['repo_id'],
	45		$rg['login_ui']['uid'], $_search);
46	46	if ($filter === FALSE) {	if ($filter === FALSE) {
47	47	$_bug_body .= rg_warning("Error: cannot load search!"); // TODO	$_bug_body .= rg_warning("Error: cannot load search!"); // TODO
48	48	$filter = array();	$filter = array();
...	...	case 'list': /* list */
51	51	if (isset($filter['name']))	if (isset($filter['name']))
52	52	$repo_bug_more['search_name'] = $filter['name'];	$repo_bug_more['search_name'] = $filter['name'];
53	53
54		$r = rg_bug_search($db, $ri['repo_id'], $login_ui['uid'], $filter);
	54		$r = rg_bug_search($db, $rg['ri']['repo_id'], $rg['login_ui']['uid'], $filter);
55	55	if ($r === FALSE)	if ($r === FALSE)
56	56	$_bug_body .= rg_warning("Error: Cannot search bugs!"); // TODO: do something OK here!	$_bug_body .= rg_warning("Error: Cannot search bugs!"); // TODO: do something OK here!
57	57	else	else
...	...	case 'list': /* list */
61	61	// TODO: don't we check for uid also? Security problems?	// TODO: don't we check for uid also? Security problems?
62	62	if (isset($filter['standard']) && ($filter['standard'] == 0)) {	if (isset($filter['standard']) && ($filter['standard'] == 0)) {
63	63	$_remove_more = $repo_bug_more;	$_remove_more = $repo_bug_more;
64		$_remove_more['rg_form_token'] = rg_token_get($db, $sid);
	64		$_remove_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
65	65	$_remove_more['search_remove_errmsg'] = "";	$_remove_more['search_remove_errmsg'] = "";
66	66	$_bug_body .= rg_template("repo/bug/search/remove.html",	$_bug_body .= rg_template("repo/bug/search/remove.html",
67	67	$_remove_more);	$_remove_more);
68	68	}	}
69	69	break;	break;
70	70
71		default: // go directly to a bug
	71		default: // show - go directly to a bug
72	72	$bug_id = intval($_op);	$bug_id = intval($_op);
	73		$repo_bug_more['bug'] = array();
	74		$repo_bug_more['bug']['bug_id'] = $bug_id;
73	75	if ($bug_id > 0) {	if ($bug_id > 0) {
	76		$repo_bug_more['bug']['url'] = $rg['url_repo'] . "/bug/"
	77		. $repo_bug_more['bug']['bug_id'];
74	78	include($INC . "/user/repo/bug/show/show.php");	include($INC . "/user/repo/bug/show/show.php");
75	79	$_bug_body .= $_bug_show;	$_bug_body .= $_bug_show;
76	80	}	}
	81		break;
77	82	}	}
78	83
79	84	$repo_bug_more['HTML:bug_body'] = $_bug_body;	$repo_bug_more['HTML:bug_body'] = $_bug_body;

File inc/user/repo/bug/search/search.php changed (mode: 100644) (index 8731370..234a83c)
1	1	<?php	<?php
2		rg_log("/inc/user/repo/bug/search/search");
	2		rg_log("FILE: /inc/user/repo/bug/search/search");
3	3
4	4	$bug_search_more = $repo_bug_more;	$bug_search_more = $repo_bug_more;
5	5	$_bug_search = "";	$_bug_search = "";
6		$bug_errmsg = array();
	6		$errmsg = array();
7	7
8	8	$_x = array();	$_x = array();
9		if ($doit == 0) {
	9		if ($rg['doit'] == 0) {
10	10	// defaults	// defaults
11	11	$_x['reported_by'] = "";	$_x['reported_by'] = "";
12	12	$_x['assigned_to'] = "";	$_x['assigned_to'] = "";
...	...	if ($doit == 0) {
40	40	$_x['standard'] = 0;	$_x['standard'] = 0;
41	41
42	42	do {	do {
43		$bugs = rg_bug_search($db, $ri['repo_id'], $login_ui['uid'], $_x);
	43		$bugs = rg_bug_search($db, $rg['ri']['repo_id'],
	44		$rg['login_ui']['uid'], $_x);
44	45	if ($bugs === FALSE) {	if ($bugs === FALSE) {
45		$bug_errmsg[] = "Cannot search bug (" . rg_bug_error() . ").";
	46		$errmsg[] = "Cannot search bug (" . rg_bug_error() . ").";
46	47	break;	break;
47	48	}	}
48	49
...	...	if ($doit == 0) {
53	54	}	}
54	55
55	56	$bug_search_more = array_merge($bug_search_more, $_x);	$bug_search_more = array_merge($bug_search_more, $_x);
56		$bug_search_more['HTML:bug_errmsg'] = rg_template_errmsg($bug_errmsg);
	57		$bug_search_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
57	58	$_exclude = array();	$_exclude = array();
58	59	$bug_search_more['HTML:state_select'] = rg_bug_state_select($_x['state'], $_exclude);	$bug_search_more['HTML:state_select'] = rg_bug_state_select($_x['state'], $_exclude);
59	60	$_bug_search .= rg_template("repo/bug/search/search.html", $bug_search_more);	$_bug_search .= rg_template("repo/bug/search/search.html", $bug_search_more);

File inc/user/repo/bug/show/add_note.php changed (mode: 100644) (index f61e6c7..1271f8b)
1	1	<?php	<?php
2		rg_log("/inc/user/repo/bug/show/add_note");
	2		rg_log("FILE: /inc/user/repo/bug/show/add_note");
3	3
4	4	$note_add_doit = rg_var_uint("note_add_doit");	$note_add_doit = rg_var_uint("note_add_doit");
5	5
...	...	do {
14	14
15	15	$note = rg_var_str("note");	$note = rg_var_str("note");
16	16
17		if (!rg_token_valid($db, $sid, $token)) {
	17		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
18	18	$note_errmsg[] = "Invalid token. Try again.";	$note_errmsg[] = "Invalid token. Try again.";
19	19	break;	break;
20	20	}	}
21	21
22	22	if (empty($note)) {	if (empty($note)) {
23		$note_errmsg[] = "Cannot be empty";
	23		$note_errmsg[] = "note cannot be empty";
24	24	break;	break;
25	25	}	}
26	26
27	27	// add note	// add note
28	28	$_d = array();	$_d = array();
29	29	$_d['note'] = $note;	$_d['note'] = $note;
30		$ret = rg_bug_note_add($db, $ri['repo_id'], $bug_id, $login_ui['uid'], $_d);
	30		$ret = rg_bug_note_add($db, $rg['ri']['repo_id'], $bug_id,
	31		$rg['login_ui']['uid'], $_d);
31	32	if ($ret === FALSE) {	if ($ret === FALSE) {
32	33	$note_errmsg[] = "Cannot add note (" . rg_bug_error() . ")";	$note_errmsg[] = "Cannot add note (" . rg_bug_error() . ")";
33	34	break;	break;
...	...	do {
39	40
40	41	// add note form	// add note form
41	42	$add_note_more['HTML:note_errmsg'] = rg_template_errmsg($note_errmsg);	$add_note_more['HTML:note_errmsg'] = rg_template_errmsg($note_errmsg);
42		$add_note_more['rg_form_token'] = rg_token_get($db, $sid);
	43		$add_note_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
43	44	$add_note_more['note'] = $note;	$add_note_more['note'] = $note;
44	45	$repo_bug_show_more['HTML:note_add'] = rg_template("repo/bug/note_add.html", $add_note_more);	$repo_bug_show_more['HTML:note_add'] = rg_template("repo/bug/note_add.html", $add_note_more);
45	46	?>	?>

File inc/user/repo/bug/show/show.php changed (mode: 100644) (index 1d41eee..e9b9051)
1	1	<?php	<?php
2		rg_log("/inc/user/repo/bug/show");
	2		rg_log("FILE: /inc/user/repo/bug/show/show");
	3
	4		// TODO: security checks
3	5
4	6	$repo_bug_show_more = $repo_bug_more;	$repo_bug_show_more = $repo_bug_more;
5	7	$_bug_show = "";	$_bug_show = "";
6	8
7		$repo_bug_show_more['bug_id'] = $bug_id;
8	9	$repo_bug_show_more['HTML:bug_edit'] = "";	$repo_bug_show_more['HTML:bug_edit'] = "";
9	10
10		$ibug = rg_bug_info($db, $ri['repo_id'], $bug_id);
	11		$ibug = rg_bug_info($db, $rg['ri']['repo_id'],
	12		$repo_bug_show_more['bug']['bug_id']);
11	13	if ($ibug === FALSE)	if ($ibug === FALSE)
12	14	rg_fatal("Cannot lookup bug!");	rg_fatal("Cannot lookup bug!");
	15
	16		$repo_bug_show_more['bug'] = array_merge($repo_bug_show_more['bug'], $ibug);
	17
13	18	if ($ibug['exists'] != 1) {	if ($ibug['exists'] != 1) {
14	19	$_bug_body .= rg_template("repo/bug/not_found.html", $repo_bug_show_more);	$_bug_body .= rg_template("repo/bug/not_found.html", $repo_bug_show_more);
15	20	return;	return;
16	21	}	}
17	22
	23		// If bug is deleted and the user does not have 'delete' rights, deny access.
	24		if ($ibug['deleted'] > 0) {
	25		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
	26		$_bug_body .= rg_template("repo/bug/deleted.html", $repo_bug_show_more);
	27		return;
	28		}
	29		}
	30
18	31	// load labels	// load labels
19		$labels = rg_bug_label_get($db, $ri['repo_id'], $bug_id);
	32		$labels = rg_bug_label_get($db, $rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
20	33	if ($labels === FALSE)	if ($labels === FALSE)
21	34	$repo_bug_show_more['HTML:labels_html'] = "Cannot load labels!";	$repo_bug_show_more['HTML:labels_html'] = "Cannot load labels!";
22	35	else	else
23	36	$repo_bug_show_more['HTML:labels_html'] = rg_bug_label_html($db, $labels);	$repo_bug_show_more['HTML:labels_html'] = rg_bug_label_html($db, $labels);
24		$repo_bug_show_more['labels'] = implode(" ", $labels);
	37		$repo_bug_show_more['bug']['labels'] = implode(" ", $labels);
25	38
26	39	// edit	// edit
27	40	$repo_bug_show_more['HTML:edit_form'] = rg_template("repo/bug/b_edit.html",	$repo_bug_show_more['HTML:edit_form'] = rg_template("repo/bug/b_edit.html",
28	41	$repo_bug_show_more);	$repo_bug_show_more);
29	42	if (rg_var_uint("edit") == 1) {	if (rg_var_uint("edit") == 1) {
30		include($INC . "/user/repo/bug/show/edit.php");
31		$repo_bug_show_more['HTML:bug_edit'] = $_bug_edit;
	43		$repo_bug_show_more['HTML:bug_edit'] =
	44		rg_bug_edit_high_level($db, $repo_bug_show_more);
32	45	}	}
33	46
34	47	// close/re-open	// close/re-open
...	...	do {
37	50	if (rg_var_uint("close_reopen") != 1)	if (rg_var_uint("close_reopen") != 1)
38	51	break;	break;
39	52
40		if (!rg_token_valid($db, $sid, $token)) {
	53		$ibug['state'] = rg_var_uint("state");
	54		$ibug['state_text'] = rg_bug_state($ibug['state']);
	55
	56		if ($ibug['state'] == 1) { // reopen
	57		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "r", $rg['ip'], "") !== TRUE) {
	58		rg_template("repo/bug/deny_reopen.html", $rg);
	59		break;
	60		}
	61		} else { // close
	62		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "C", $rg['ip'], "") !== TRUE) {
	63		rg_template("repo/bug/deny_close.html", $rg);
	64		break;
	65		}
	66		}
	67
	68		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
41	69	$close_reopen_error = "Invalid token. Try again.";	$close_reopen_error = "Invalid token. Try again.";
42	70	break;	break;
43	71	}	}
44	72
45		$ibug['state'] = rg_var_uint("state");
46		$ibug['state_text'] = rg_bug_state($ibug['state']);
47		$ret = rg_bug_edit($db, $ri, $login_ui, $ibug);
	73		$ret = rg_bug_edit($db, $rg['login_ui'], $rg['ri'], $ibug);
48	74	if ($ret === FALSE) {	if ($ret === FALSE) {
49	75	$close_reopen_error = "Cannot edit bug (" . rg_bug_error() . ")";	$close_reopen_error = "Cannot edit bug (" . rg_bug_error() . ")";
50	76	break;	break;
...	...	$repo_bug_show_more['HTML:close_form'] = rg_template($t, $repo_bug_show_more);
60	86	$repo_bug_show_more['HTML:button_error'] = rg_warning($close_reopen_error,	$repo_bug_show_more['HTML:button_error'] = rg_warning($close_reopen_error,
61	87	$repo_bug_show_more);	$repo_bug_show_more);
62	88
63		// add_note must be unconditionally included because we must insert the form
	89		// 'add_note' must be unconditionally included because we must insert the form
64	90	include($INC . "/user/repo/bug/show/add_note.php");	include($INC . "/user/repo/bug/show/add_note.php");
65	91
66	92	// load notes	// load notes
67		$notes = rg_bug_note_list($db, $ri['repo_id'], $bug_id, 0);
	93		$notes = rg_bug_note_list($db, $rg['ri']['repo_id'],
	94		$repo_bug_show_more['bug']['bug_id'], 0);
68	95	if ($notes === FALSE)	if ($notes === FALSE)
69	96	$repo_bug_show_more['HTML:notes'] = "Cannot load notes!";	$repo_bug_show_more['HTML:notes'] = "Cannot load notes!";
70	97	else	else
...	...	else
72	99
73	100	// watch	// watch
74	101	$watch_body = "";	$watch_body = "";
75		$watch = rg_watch_load($db, "bug", $login_ui['uid'], $ri['repo_id'], $bug_id);
	102		$watch = rg_watch_load($db, "bug", $rg['login_ui']['uid'], $rg['ri']['repo_id'],
	103		$repo_bug_show_more['bug']['bug_id']);
76	104	if ($watch === FALSE) {	if ($watch === FALSE) {
77	105	$watch_body .= rg_warning("Internal error.");	$watch_body .= rg_warning("Internal error.");
78	106	} else {	} else {
...	...	if ($watch === FALSE) {
80	108	// user does not watch the bug, present 'watch' form	// user does not watch the bug, present 'watch' form
81	109	if (rg_var_uint("watch") == 1) {	if (rg_var_uint("watch") == 1) {
82	110	// user pressed watch button	// user pressed watch button
83		$r = rg_watch_add($db, "bug", $login_ui['uid'],
84		$ri['repo_id'], $bug_id);
	111		$r = rg_watch_add($db, "bug", $rg['login_ui']['uid'],
	112		$rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
85	113	if ($r === FALSE)	if ($r === FALSE)
86	114	rg_internal_error("TODO: find something here");	rg_internal_error("TODO: find something here");
87	115	$watch = 1;	$watch = 1;
...	...	if ($watch === FALSE) {
90	118	// user is already watching the bug, present 'unwatch' option	// user is already watching the bug, present 'unwatch' option
91	119	if (rg_var_uint("unwatch") == 1) {	if (rg_var_uint("unwatch") == 1) {
92	120	// user pressed unwatch button	// user pressed unwatch button
93		$r = rg_watch_del($db, "bug", $login_ui['uid'],
94		$ri['repo_id'], $bug_id);
	121		$r = rg_watch_del($db, "bug", $rg['login_ui']['uid'],
	122		$rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
95	123	if ($r === FALSE)	if ($r === FALSE)
96	124	rg_internal_error("TODO: find something here");	rg_internal_error("TODO: find something here");
97	125	$watch = 0;	$watch = 0;
...	...	if ($watch === FALSE) {
102	130	$t = "repo/bug/b_watch.html";	$t = "repo/bug/b_watch.html";
103	131	else	else
104	132	$t = "repo/bug/b_unwatch.html";	$t = "repo/bug/b_unwatch.html";
105
106	133	$r = rg_template($t, $repo_bug_show_more);	$r = rg_template($t, $repo_bug_show_more);
107	134	if ($r !== FALSE)	if ($r !== FALSE)
108	135	$watch_body .= $r;	$watch_body .= $r;
109	136	}	}
110	137	$repo_bug_show_more['HTML:watch_form'] = $watch_body;	$repo_bug_show_more['HTML:watch_form'] = $watch_body;
111	138
112		//rg_log_ml("DEBUG: ibug: " . print_r($ibug, TRUE));
113		$repo_bug_show_more = array_merge($repo_bug_show_more, $ibug);
114		$repo_bug_show_more['rg_form_token'] = rg_token_get($db, $sid);
	139		// delete
	140		$delete_error = "";
	141		do {
	142		$del_undel = rg_var_uint("del_undel");
	143		if ($del_undel == 0)
	144		break;
	145
	146		if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
	147		rg_template("repo/bug/deny_delete.html", $rg);
	148		break;
	149		}
	150
	151		if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
	152		$delete_error = "Invalid token. Try again.";
	153		break;
	154		}
	155
	156		$ret = rg_bug_delete_undelete($db, $rg['login_ui']['uid'], $rg['ri']['repo_id'],
	157		$ibug['bug_id'], $del_undel);
	158		if ($ret === FALSE) {
	159		$delete_error = rg_bug_error();
	160		break;
	161		}
	162		} while (0);
	163		$repo_bug_show_more['HTML:button_error'] = rg_warning($delete_error,
	164		$repo_bug_show_more);
	165
	166
	167		// We must look it up again because it can be edited above; no prob, is in cache
	168		$ibug = rg_bug_info($db, $rg['ri']['repo_id'],
	169		$repo_bug_show_more['bug']['bug_id']);
	170		if ($ibug === FALSE)
	171		rg_fatal("Cannot lookup bug!");
	172		$repo_bug_show_more = rg_array_merge($repo_bug_show_more, "bug", $ibug);
115	173
	174		$repo_bug_show_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
116	175	$_bug_show .= rg_template("repo/bug/show.html", $repo_bug_show_more);	$_bug_show .= rg_template("repo/bug/show.html", $repo_bug_show_more);
117	176	?>	?>

File inc/user/settings.php changed (mode: 100644) (index 7140034..009ea25)
1	1	<?php	<?php
2		rg_log("/inc/user/settings");
	2		rg_log("FILE: /inc/user/settings");
3	3
4	4	$_settings = "";	$_settings = "";
5	5
6		if ($login_ui['uid'] == 0) {
7		$_settings .= rg_warning("You have no access here!");
	6		if ($rg['login_ui']['uid'] == 0) {
	7		$_settings .= rg_warning("Error: Not logged in.");
8	8	return;	return;
9	9	}	}
10	10
11		$target_ui = $login_ui;
	11		$rg['target_ui'] = $rg['login_ui'];
12	12
13	13	$errmsg = array();	$errmsg = array();
14	14
15	15	$_subop = empty($paras) ? "edit_info" : array_shift($paras);	$_subop = empty($paras) ? "edit_info" : array_shift($paras);
16
17		// menu
18		$_m = array(
19		"edit_info" => array(
20		"text" => "Edit info",
21		"op" => "edit_info"
22		),
23		"change_pass" => array(
24		"text" => "Change password",
25		"op" => "change_pass"
26		),
27		"keys" => array(
28		"text" => "SSH keys",
29		"op" => "keys"
30		)
31		);
32		rg_menu_add($rg_menu, $_m, $_subop);
33
34	16	switch ($_subop) {	switch ($_subop) {
35	17	case 'edit_info':	case 'edit_info':
36		$more['ask_for_pass'] = 0;
37		$_settings .= rg_user_edit_high_level($db, $sid, $more);
	18		$rg['ask_for_pass'] = 0;
	19		$_settings .= rg_user_edit_high_level($db, $rg);
38	20	break;	break;
39	21
40	22	case 'change_pass':	case 'change_pass':
...	...	case 'keys':
48	30	break;	break;
49	31	}	}
50	32
	33		$rg['menu']['sub1'][$_subop] = 1;
	34		$rg['HTML:submenu1'] = rg_template("user/settings/menu.html", $rg);
	35
51	36	?>	?>

File inc/util.inc.php changed (mode: 100644) (index 3f7c22f..571aab0)
...	...	function rg_re_userpage($ui)
140	140	{	{
141	141	if (!isset($ui['organization'])) {	if (!isset($ui['organization'])) {
142	142	rg_internal_error("rg_re_userpage called with wrong ui (no org)!");	rg_internal_error("rg_re_userpage called with wrong ui (no org)!");
	143		rg_log("ui: " . print_r($ui, TRUE));
143	144	exit(1);	exit(1);
144	145	}	}
145	146
...	...	function rg_re_userpage($ui)
155	156	function rg_re_repopage($ui, $repo_name)	function rg_re_repopage($ui, $repo_name)
156	157	{	{
157	158	if (!isset($ui['organization'])) {	if (!isset($ui['organization'])) {
158		rg_internal_error("rg_re_repopage called with wrong ui (no org)!");
	159		rg_internal_error("rg_re_repopage called with wrong ui"
	160		. " (no 'organization' field): " . rg_array2string($ui));
	161		rg_log("ui: " . print_r($ui, TRUE));
159	162	exit(1);	exit(1);
160	163	}	}
161	164
...	...	function rg_var_str($name)
251	254
252	255	function rg_var_int($name)	function rg_var_int($name)
253	256	{	{
254		return sprintf("%d", rg_var_str($name));
	257		$r = rg_var_str($name);
	258
	259		if (is_array($r)) {
	260		$ret2 = array();
	261		foreach ($r as $k => $v)
	262		$ret2[$k] = sprintf("%d", $v);
	263		return $ret2;
	264		}
	265		return sprintf("%d", $r);
255	266	}	}
256	267
257	268	function rg_var_uint($name)	function rg_var_uint($name)
258	269	{	{
259		return sprintf("%u", rg_var_str($name));
	270		$r = rg_var_str($name);
	271
	272		if (is_array($r)) {
	273		$ret2 = array();
	274		foreach ($r as $k => $v)
	275		$ret2[$k] = sprintf("%u", $v);
	276		return $ret2;
	277		}
	278		return sprintf("%u", $r);
	279		}
	280
	281		function rg_var_bool($name)
	282		{
	283		$r = rg_var_str($name);
	284		if (strcmp($r, "1") == 0)
	285		return 1;
	286
	287		return 0;
260	288	}	}
261	289
262	290	function rg_var_re($name, $re)	function rg_var_re($name, $re)
...	...	function rg_rmdir($dir)
318	346	return TRUE;	return TRUE;
319	347	}	}
320	348
321		/*
322		* Adds an submenu
323		* It is normal op to be empty
324		*/
325		function rg_menu_add(&$menu, $sub, $op)
326		{
327		if (isset($sub[$op]))
328		$sub[$op]['active'] = 1;
329
330		if (empty($menu)) {
331		$menu = $sub;
332		return;
333		}
334
335		// search for last active menu
336		foreach ($menu as $_op => &$_info) {
337		if (!isset($_info['active']))
338		continue;
339
340		if (!isset($_info['sub'])) {
341		// we found the correct place
342		$menu[$_op]['sub'] = $sub;
343		break;
344		}
345
346		// we are on parent of the correct menu
347		rg_menu_add($_info['sub'], $sub, $op);
348		break;
349		}
350		}
351
352		/*
353		* Generates a menu
354		*/
355		function rg_menu($a, $url, $ui)
356		{
357		$menu = array();
358		$submenu = "";
359		foreach ($a as $_id => $_info) {
360		$entry = array();
361
362		// we ignore fake menus like 'home'
363		if (!isset($_info['text']))
364		continue;
365
366		if (isset($_info['needs_admin']) && ($ui['is_admin'] == 0))
367		continue;
368
369		if (isset($_info['uid0']) && ($ui['uid'] > 0))
370		continue;
371
372		if (!isset($_info['uid0']) && ($ui['uid'] == 0))
373		continue;
374
375		$entry['text'] = $_info['text'];
376		$prefix = empty($url) ? "" : $url . "/";
377		$menu_url = $prefix . rg_re_url($_info['op']);
378		$entry['url'] = $menu_url;
379
380		$entry['selected'] = 0;
381		if (isset($_info['active']))
382		$entry['selected'] = 1;
383
384		$menu[] = $entry;
385
386		if (!isset($_info['sub']) || (count($_info['sub']) == 0))
387		continue;
388
389		// submenu
390		$submenu = rg_menu($_info['sub'], $menu_url, $ui);
391		}
392
393		// Build menu
394		$ret = rg_template_table("menu", $menu, array());
395		$ret .= $submenu;
396
397		return $ret;
398		}
399
400	349	/*	/*
401	350	* Provides a link to an image, taking in consideration the theme	* Provides a link to an image, taking in consideration the theme
402	351	* Used by rg_prepare_image.	* Used by rg_prepare_image.
...	...	function rg_prepare_image($line)
423	372	return preg_replace_callback('/@@IMG:(.*)@@/uU', "rg_image_callback", $line);	return preg_replace_callback('/@@IMG:(.*)@@/uU', "rg_image_callback", $line);
424	373	}	}
425	374
	375		/*
	376		* Helper for rg_prepare_replace
	377		*/
	378		function rg_prepare_replace_helper($a, $prefix, &$what, &$values)
	379		{
	380		foreach ($a as $k => $v) {
	381		if (empty($prefix))
	382		$add = "";
	383		else
	384		$add = ".";
	385
	386		$new_prefix = $prefix . $add . $k;
	387
	388		if (is_array($v)) {
	389		rg_prepare_replace_helper($v, $new_prefix,
	390		$what, $values);
	391		continue;
	392		}
	393
	394		if (strncmp($k, "HTML:", 5) == 0) {
	395		$new_prefix = $prefix . $add . substr($k, 5);
	396		} else {
	397		if (is_array($v))
	398		rg_log_ml("DEBUG: Invalid type for [$k]: " . print_r($v, TRUE));
	399		$v = htmlspecialchars($v);
	400		}
	401		$what[$new_prefix] = "/@@" . $new_prefix . "@@/uU";
	402		$values[$new_prefix] = $v;
	403		}
	404		}
	405
426	406	function rg_prepare_replace(&$data, &$what, &$values)	function rg_prepare_replace(&$data, &$what, &$values)
427	407	{	{
428	408	if (!empty($data)) {	if (!empty($data)) {
429	409	if (!is_array($data))	if (!is_array($data))
430		rg_internal_error("invalid type passed");
431		foreach ($data as $k => $v) {
432		if (is_array($v))
433		rg_fatal("value of key [$k] is array!"
434		. " data: " . print_r($data, TRUE));
	410		rg_internal_error("prepare_replace: invalid type passed");
435	411
436		if (strncmp($k, "HTML:", 5) == 0) {
437		$k = substr($k, 5);
438		} else {
439		if (is_array($v))
440		rg_log_ml("DEBUG: Invalid type for [$k]: " . print_r($v, TRUE));
441		$v = htmlspecialchars($v);
442		}
443		$what[$k] = "/@@" . $k . "@@/uU";
444		$values[$k] = $v;
445		}
	412		rg_prepare_replace_helper($data, "", $what, $values);
446	413	}	}
447	414
448	415	$what['DUMP'] = "/@@DUMP@@/uU";	$what['DUMP'] = "/@@DUMP@@/uU";
...	...	function rg_replace_conditionals_block($block, &$data, &$stack)
525	492	rg_internal_error("Invalid condition!");	rg_internal_error("Invalid condition!");
526	493	return FALSE;	return FALSE;
527	494	}	}
528		//rg_log("DEBUG: matches2: " . rg_array2string($matches2));
529	495	if (count($matches2) < 3) {	if (count($matches2) < 3) {
	496		rg_log("matches[3]: " . $matches[3]);
	497		rg_log("matches2: " . rg_array2string($matches2));
530	498	rg_internal_error("Cannot match condition.");	rg_internal_error("Cannot match condition.");
531	499	return FALSE;	return FALSE;
532	500	}	}
...	...	function rg_template_table($dir, &$data, $more)
680	648	return $head . $body . $foot;	return $head . $body . $foot;
681	649	}	}
682	650
	651		/*
	652		* Loads a template.
	653		* TODO: why we pass variable by reference?!
	654		*/
683	655	function rg_template($file, &$data)	function rg_template($file, &$data)
684	656	{	{
685	657	global $rg_theme_dir;	global $rg_theme_dir;
...	...	function rg_date2ts_last_second($s)
1096	1068
1097	1069	/*	/*
1098	1070	* Function to send e-mails	* Function to send e-mails
1099		* TODO: Replace mail() wil rg_mail everywhere.
	1071		* TODO: Replace mail() with rg_mail everywhere.
1100	1072	*/	*/
1101	1073	function rg_mail($template, $more)	function rg_mail($template, $more)
1102	1074	{	{
...	...	function rg_mail($template, $more)
1118	1090
1119	1091	$ret = mail($more['ui.email'], $subject, $body, $header, "-f $rg_admin_email");	$ret = mail($more['ui.email'], $subject, $body, $header, "-f $rg_admin_email");
1120	1092	if ($ret === FALSE)	if ($ret === FALSE)
1121		rg_log("Sending mail failed!");
	1093		rg_log("Sending mail failed to=" . $more['ui.email'] . " subject=$subject!");
1122	1094
1123	1095	rg_prof_end("mail");	rg_prof_end("mail");
1124	1096	return $ret;	return $ret;
...	...	function rg_array_merge($src, $namespace, $a)
1135	1107	if (empty($a))	if (empty($a))
1136	1108	return $ret;	return $ret;
1137	1109
	1110		if (!empty($namespace))
	1111		$namespace .= ".";
	1112
1138	1113	foreach ($a as $k => $v) {	foreach ($a as $k => $v) {
1139	1114	$t = explode(":", $k, 2);	$t = explode(":", $k, 2);
1140	1115	if (count($t) == 1)	if (count($t) == 1)
1141		$ret[$namespace . "." . $k] = $v;
	1116		$ret[$namespace . $k] = $v;
1142	1117	else	else
1143		$ret[$t[0] . ":" . $namespace . "." . $t[1]] = $v;
	1118		$ret[$t[0] . ":" . $namespace . $t[1]] = $v;
1144	1119	}	}
1145	1120
1146	1121	return $ret;	return $ret;

File inc/watch.inc.php changed (mode: 100644) (index f6190b3..02c78ad)
...	...	function rg_watch_error()
24	24	* Returns a watched entry	* Returns a watched entry
25	25	*/	*/
26	26	$rg_watch_load_cache = array();	$rg_watch_load_cache = array();
27		function rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2)
	27		function rg_watch_load($db, $type, $uid, $obj_id1, $obj_id2)
28	28	{	{
29	29	global $rg_watch_load_cache;	global $rg_watch_load_cache;
30	30
31		$key = $type . "-" . $login_uid . "-" . $obj_id1 . "-" . $obj_id2;
	31		$key = $type . "-" . $uid . "-" . $obj_id1 . "-" . $obj_id2;
32	32	if (isset($rg_watch_load_cache[$key]))	if (isset($rg_watch_load_cache[$key]))
33	33	return $rg_watch_load_cache[$key];	return $rg_watch_load_cache[$key];
34	34
35	35	rg_prof_start("watch_load");	rg_prof_start("watch_load");
36		rg_log("watch_load: type=$type login_uid=$login_uid obj_id=$obj_id1/$obj_id2");
	36		rg_log("watch_load: type=$type uid=$uid obj_id=$obj_id1/$obj_id2");
37	37
38	38	$ret = FALSE;	$ret = FALSE;
39	39	do {	do {
	40		$params = array("uid" => $uid,
	41		"obj_id1" => $obj_id1,
	42		"obj_id2" => $obj_id2);
40	43	if (strcmp($type, "bug") == 0) {	if (strcmp($type, "bug") == 0) {
41		$params = array($login_uid, $obj_id1, $obj_id2);
42	44	$sql = "SELECT 1 FROM watch_bug"	$sql = "SELECT 1 FROM watch_bug"
43		. " WHERE uid = $1"
44		. " AND repo_id = $2"
45		. " AND bug_id = $3";
	45		. " WHERE uid = @@uid@@"
	46		. " AND repo_id = @@obj_id1@@"
	47		. " AND bug_id = @@obj_id2@@";
46	48	} else if (strcmp($type, "repo") == 0) {	} else if (strcmp($type, "repo") == 0) {
47		$params = array($login_uid, $obj_id1);
48	49	$sql = "SELECT 1 FROM watch_repo"	$sql = "SELECT 1 FROM watch_repo"
49		. " WHERE uid = $1"
50		. " AND repo_id = $2";
	50		. " WHERE uid = @@uid@@"
	51		. " AND repo_id = @@obj_id1@@";
51	52	} else {	} else {
52	53	rg_internal_error("Invalid watch type!");	rg_internal_error("Invalid watch type!");
53	54	break;	break;
...	...	function rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2)
71	72	* Add somebody to the watch list	* Add somebody to the watch list
72	73	*/	*/
73	74	$rg_watch_add_state = array();	$rg_watch_add_state = array();
74		function rg_watch_add($db, $type, $login_uid, $obj_id1, $obj_id2)
	75		function rg_watch_add($db, $type, $uid, $obj_id1, $obj_id2)
75	76	{	{
76	77	global $rg_watch_add_state;	global $rg_watch_add_state;
77	78
78	79	// If watch already added, skip.	// If watch already added, skip.
79		$key = $type . "-" . $login_uid . "-" . $obj_id1 . "-" . $obj_id2;
	80		$key = $type . "-" . $uid . "-" . $obj_id1 . "-" . $obj_id2;
80	81	if (isset($rg_watch_add_state[$key]))	if (isset($rg_watch_add_state[$key]))
81	82	return $rg_watch_add_state[$key];	return $rg_watch_add_state[$key];
82	83
83	84	rg_prof_start("watch_add");	rg_prof_start("watch_add");
84		rg_log("watch_add type=$type, login_uid=$login_uid obj_id=$obj_id1/$obj_id2");
	85		rg_log("watch_add type=$type, uid=$uid obj_id=$obj_id1/$obj_id2");
85	86
86	87	$ret = FALSE;	$ret = FALSE;
87	88	do {	do {
88		$r = rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2);
	89		$r = rg_watch_load($db, $type, $uid, $obj_id1, $obj_id2);
89	90	if ($r === FALSE)	if ($r === FALSE)
90	91	break;	break;
91	92	if ($r === 1) { // already in watch list	if ($r === 1) { // already in watch list
...	...	function rg_watch_add($db, $type, $login_uid, $obj_id1, $obj_id2)
93	94	break;	break;
94	95	}	}
95	96
	97		$params = array("uid" => $uid,
	98		"obj_id1" => $obj_id1,
	99		"obj_id2" => $obj_id2);
	100
96	101	if (strcmp($type, "bug") == 0) {	if (strcmp($type, "bug") == 0) {
97		$params = array($login_uid, $obj_id1, $obj_id2);
98	102	$sql = "INSERT INTO watch_bug (uid, repo_id, bug_id)"	$sql = "INSERT INTO watch_bug (uid, repo_id, bug_id)"
99		. " VALUES ($1, $2, $3)";
	103		. " VALUES (@@uid@@, @@obj_id1@@, @@obj_id2@@)";
100	104	} else if (strcmp($type, "repo") == 0) {	} else if (strcmp($type, "repo") == 0) {
101		$params = array($login_uid, $obj_id1);
102	105	$sql = "INSERT INTO watch_repo (uid, repo_id)"	$sql = "INSERT INTO watch_repo (uid, repo_id)"
103		. " VALUES ($1, $2)";
	106		. " VALUES (@@uid@@, @@obj_id1@@)";
104	107	} else {	} else {
105	108	rg_internal_error("Invalid watch type!");	rg_internal_error("Invalid watch type!");
106	109	break;	break;
...	...	function rg_watch_load_by_obj_id($db, $type, $obj_id1, $obj_id2)
164	167
165	168	$ret = FALSE;	$ret = FALSE;
166	169	do {	do {
	170		$params = array("obj_id1" => $obj_id1,
	171		"obj_id2" => $obj_id2);
	172
167	173	if (strcmp($type, "bug") == 0) {	if (strcmp($type, "bug") == 0) {
168		$params = array($obj_id1, $obj_id2);
169	174	$sql = "SELECT uid FROM watch_bug"	$sql = "SELECT uid FROM watch_bug"
170		. " WHERE repo_id = $1"
171		. " AND bug_id = $2";
	175		. " WHERE repo_id = @@obj_id1@@"
	176		. " AND bug_id = @@obj_id2@@";
172	177	} else if (strcmp($type, "repo") == 0) {	} else if (strcmp($type, "repo") == 0) {
173		$params = array($obj_id1);
174	178	$sql = "SELECT uid FROM watch_repo"	$sql = "SELECT uid FROM watch_repo"
175		. " WHERE repo_id = $1";
	179		. " WHERE repo_id = @@obj_id1@@";
176	180	} else {	} else {
177	181	rg_internal_error("Invalid watch type!");	rg_internal_error("Invalid watch type!");
178	182	break;	break;

File root/index.php changed (mode: 100644) (index 70fa3af..43dae64)
2	2	error_reporting(E_ALL);	error_reporting(E_ALL);
3	3	ini_set("track_errors", "On");	ini_set("track_errors", "On");
4	4
5		$more = array();
6		$INC = dirname(__FILE__) . "/../inc";
	5		$rg = array();
	6
7	7	require_once("/etc/rocketgit/config.php");	require_once("/etc/rocketgit/config.php");
	8		$INC = dirname(__FILE__) . "/../inc";
8	9	require_once($INC . "/init.inc.php");	require_once($INC . "/init.inc.php");
9	10	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
10	11	include_once($INC . "/sql.inc.php");	include_once($INC . "/sql.inc.php");
...	...	rg_prof_start("MAIN");
24	25
25	26	rg_log_set_file($rg_web_log_dir . "/main.log");	rg_log_set_file($rg_web_log_dir . "/main.log");
26	27
27		// Last time fixes for configurations options that were added after
28		if (!isset($rg_theme_dir))
29		$rg_theme_dir = $rg_scripts . "/root/themes";
30
31		// Store confirguration into 'more'
	28		// Store configuration into 'rg'
32	29	if (!isset($rg_account_email_confirm))	if (!isset($rg_account_email_confirm))
33	30	$rg_account_email_confirm = 1;	$rg_account_email_confirm = 1;
34		$more['rg_account_email_confirm'] = $rg_account_email_confirm;
	31		$rg['rg_account_email_confirm'] = $rg_account_email_confirm;
35	32	if (!isset($rg_account_allow_creation))	if (!isset($rg_account_allow_creation))
36	33	$rg_account_allow_creation = 0;	$rg_account_allow_creation = 0;
37		$more['rg_account_allow_creation'] = $rg_account_allow_creation;
	34		$rg['rg_account_allow_creation'] = $rg_account_allow_creation;
38	35
39	36	// Init variables	// Init variables
40	37	$THEME_URL = "/themes/" . $rg_theme;	$THEME_URL = "/themes/" . $rg_theme;
41	38	$sparas = "";	$sparas = "";
42		$login_ui = array();
43		$target_ui = array("ok" => 1, "exists" => 0, "uid" => 0);
	39		$rg['login_ui'] = array();
	40		$rg['target_ui'] = array("ok" => 1, "exists" => 0, "uid" => 0);
	41		$rg['ri'] = array("repo_id" => 0, "uid" => 0);
	42		$rg['bug'] = array("bug_id" => 0);
	43		$rg['HTML:submenu1'] = "";
	44		$rg['HTML:submenu2'] = "";
44	45
45	46	// We have variable 'vv' passed from webserver - build 'op' and rest of paras	// We have variable 'vv' passed from webserver - build 'op' and rest of paras
46	47	$sparas = rg_var_str("vv");	$sparas = rg_var_str("vv");
47	48	rg_log("DEBUG: sparas=$sparas.");	rg_log("DEBUG: sparas=$sparas.");
48		$more['url'] = $sparas;
	49		$rg['url'] = "/op";
49	50	$paras = explode("/", trim($sparas, "/"));	$paras = explode("/", trim($sparas, "/"));
50	51	$_t = empty($paras) ? "" : $paras[0];	$_t = empty($paras) ? "" : $paras[0];
51	52	rg_log("DEBUG: paras: " . rg_array2string($paras));	rg_log("DEBUG: paras: " . rg_array2string($paras));
...	...	if (strcmp($_t, "op") == 0) {
56	57	$_op = "";	$_op = "";
57	58	}	}
58	59
59		$doit = rg_var_uint("doit");
60		$sid = rg_var_re("sid", "/[^A-Za-z0-9]/");
61		$token = rg_var_re("token", "/[^A-Za-z0-9]/");
62		$user = ""; $repo = ""; $organization = 0;
	60		$rg['doit'] = rg_var_uint("doit");
	61		$rg['sid'] = rg_var_re("sid", "/[^A-Za-z0-9]/");
	62		$rg['token'] = rg_var_re("token", "/[^A-Za-z0-9]/");
	63		$user = ""; $repo = ""; $organization = 0; // TODO: those are really used?
63	64
64		rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
	65		$rg['ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
	66		rg_log("IP: " . $rg['ip']);
65	67	rg_log("_REQUEST: " . rg_array2string($_REQUEST));	rg_log("_REQUEST: " . rg_array2string($_REQUEST));
66	68	rg_log("_COOKIE: " . rg_array2string($_COOKIE));	rg_log("_COOKIE: " . rg_array2string($_COOKIE));
67	69	rg_log("Start! ver=$rocketgit_version");	rg_log("Start! ver=$rocketgit_version");
...	...	while ($tries > 0) {
92	94	sleep(1);	sleep(1);
93	95	}	}
94	96	if ($good == 0) {	if ($good == 0) {
95		// TODO: we must let if go to dispatcher instead of redirecting = another connection
	97		// TODO: we must let it go to dispatcher instead of redirecting = another connection
96	98	$url = rg_re_url("fatal");	$url = rg_re_url("fatal");
97	99	rg_fatal_web("Internal error", $url);	rg_fatal_web("Internal error", $url);
98	100	}	}
99	101
100		rg_user_login_by_sid($db, $sid, $login_ui);
101		rg_log("After login_by_sid, login_ui=" . rg_array2string($login_ui));
	102		rg_user_login_by_sid($db, $rg);
	103		rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui']));
102	104
103	105
104	106	$body = "";	$body = "";
105		$rg_menu = array();
106		// first level menu
107		$_m = array(
108		"login" => array(
109		"text" => "Login",
110		"uid0" => 1,
111		"op" => "/op/login"),
112		"settings" => array(
113		"text" => "Settings",
114		"op" => "/op/settings"),
115		"repo" => array(
116		"text" => "Repositories",
117		"op" => "/op/repo"),
118		"admin" => array(
119		"text" => "Admin",
120		"needs_admin" => 1,
121		"op" => "/op/admin"),
122		"suggestion"=> array(
123		"text" => "Suggestion",
124		"op" => "/op/suggestion"),
125		"logout" => array(
126		"text" => "Logout",
127		"op" => "/op/logout")
128		);
129		rg_menu_add($rg_menu, $_m, $_op);
130
131	107
132	108	rg_log("Dispatching to [$_op]");	rg_log("Dispatching to [$_op]");
133	109	include($INC . "/dispatch/dispatch.php");	include($INC . "/dispatch/dispatch.php");
134	110
135	111
136		$more['HTML:rg_menu'] = rg_menu($rg_menu, "", $login_ui);
137
138		if ($login_ui['uid'] > 0) {
139		$more['rg_username'] = $login_ui['username'];
140		$more['rg_homepage'] = rg_re_userpage($login_ui);
	112		if ($rg['login_ui']['uid'] > 0) {
	113		$rg['login_ui']['homepage'] = rg_re_userpage($rg['login_ui']);
141	114	} else {	} else {
142		$more['rg_username'] = "";
143		$more['rg_homepage'] = "";
	115		$rg['login_ui']['username'] = "";
	116		$rg['login_ui']['homepage'] = "";
144	117	}	}
145	118
146		// home page
147
148	119	// Some variables from the database	// Some variables from the database
149	120	$r = rg_state_get_uint($db, "first_install");	$r = rg_state_get_uint($db, "first_install");
150	121	if ($r > 0) {	if ($r > 0) {
151		$more['first_install_text'] = gmdate("Y-m-d", $r);
	122		$rg['first_install_text'] = gmdate("Y-m-d", $r);
152	123	} else {	} else {
153		$more['first_install_text'] = "?";
	124		$rg['first_install_text'] = "?";
154	125	}	}
155	126
156	127
157	128	rg_prof_end("MAIN");	rg_prof_end("MAIN");
158	129
159		// TODO: Do something with the profiling, here: log it in database etc.
160
161		$more['HTML:rg_theme_url'] = $THEME_URL;
162		$more['HTML:rg_body'] = $body;
163		echo rg_template("index.html", $more);
	130		$rg['HTML:rg_theme_url'] = $THEME_URL;
	131		$rg['HTML:rg_body'] = $body;
	132		echo rg_template("index.html", $rg);
164	133
165		rg_log("DONE!");
166	134	rg_prof_log("rg_log");	rg_prof_log("rg_log");
167
	135		rg_log("DONE!");
168	136	?>	?>

File root/themes/default/admin/menu.html changed (mode: 100644) (index e69de29..63ce6e3)
	1		<div class="menu">
	2		<ul>
	3		<li><a @@if(@@menu.sub1.plans@@ == 1){{class="selected"}}{{}} href="@@url@@/plans">Plans</a></li>
	4		<li><a @@if(@@menu.sub1.users@@ == 1){{class="selected"}}{{}} href="@@url@@/users">Users</a></li>
	5		<li><a @@if(@@menu.sub1.repos@@ == 1){{class="selected"}}{{}} href="@@url@@/repos">Repos</a></li>
	6		</ul>
	7		</div>

File root/themes/default/admin/plans/add_edit.html changed (mode: 100644) (index 8956b5c..605a96a)
1		@@DUMP@@
2	1	<div class="formarea">	<div class="formarea">
3	2
4	3	<div class="formarea_title">@@if(@@id@@ == 0){{Add a new plan}}{{Edit plan}}</div><br />	<div class="formarea_title">@@if(@@id@@ == 0){{Add a new plan}}{{Edit plan}}</div><br />
6	5	@@errmsg@@	@@errmsg@@
7	6
8	7	<form method="post" action="@@url@@">	<form method="post" action="@@url@@">
9		<input type="hidden" name="id" value="@@id@@" />
	8		<input type="hidden" name="pi.id" value="@@pi.id@@" />
10	9	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
11	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
12	11
13		<label for="position" class="form_item_title">Position in the list</label><br />
14		<input type="text" name="position" value="@@position@@" />
	12		<label for="pi.position" class="form_item_title">Position in the list</label><br />
	13		<input type="text" name="pi.position" value="@@pi.position@@" />
15	14	<br />	<br />
16	15	<br />	<br />
17	16
18		<label for="name" class="form_item_title">Name</label><br />
19		<input type="text" name="name" value="@@name@@" />
	17		<label for="pi.name" class="form_item_title">Name</label><br />
	18		<input type="text" name="pi.name" value="@@pi.name@@" />
20	19	<br />	<br />
21	20	<br />	<br />
22	21
23		<label for="description" class="form_item_title">Description</label><br />
24		<textarea name="description" rows="4" cols="50">@@description@@</textarea>
	22		<label for="pi.description" class="form_item_title">Description</label><br />
	23		<textarea name="pi.description" rows="4" cols="50">@@pi.description@@</textarea>
25	24	<br />	<br />
26	25	<br />	<br />
27	26
28		<label for="disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
29		<input type="text" name="disk_mb" value="@@disk_mb@@" />
	27		<label for="pi.disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
	28		<input type="text" name="pi.disk_mb" value="@@pi.disk_mb@@" />
30	29	<br />	<br />
31	30	<br />	<br />
32	31
33		<label for="users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
34		<input type="text" name="users" value="@@users@@" />
	32		<label for="pi.users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
	33		<input type="text" name="pi.users" value="@@pi.users@@" />
35	34	<br />	<br />
36	35	<br />	<br />
37	36
38		<label for="speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
39		<input type="text" name="speed" value="@@speed@@" />
	37		<label for="pi.speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
	38		<input type="text" name="pi.speed" value="@@pi.speed@@" />
40	39	<br />	<br />
41	40	<br />	<br />
42	41
43		<label for="bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
44		<input type="text" name="bw" value="@@bw@@" />
	42		<label for="pi.bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
	43		<input type="text" name="pi.bw" value="@@pi.bw@@" />
45	44	<br />	<br />
46	45	<br />	<br />
47	46
48		<label for="max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
49		<input type="text" name="max_public_repos" value="@@max_public_repos@@" />
	47		<label for="pi.max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
	48		<input type="text" name="pi.max_public_repos" value="@@pi.max_public_repos@@" />
50	49	<br />	<br />
51	50	<br />	<br />
52	51
53		<label for="max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
54		<input type="text" name="max_private_repos" value="@@max_private_repos@@" />
	52		<label for="pi.max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
	53		<input type="text" name="pi.max_private_repos" value="@@pi.max_private_repos@@" />
55	54	<br />	<br />
56	55	<br />	<br />
57	56
58		<input type="submit" name="button" value="@@if(@@id@@ == 0){{Add}}{{Edit}}" />
	57		<input type="submit" name="button" value="@@if(@@pi.id@@ == 0){{Add}}{{Edit}}" />
59	58
60	59	</form>	</form>
61	60	</div>	</div>

File root/themes/default/admin/plans/menu.html changed (mode: 100644) (index 63ce6e3..ee13f0b)
1	1	<div class="menu">	<div class="menu">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.sub1.plans@@ == 1){{class="selected"}}{{}} href="@@url@@/plans">Plans</a></li>
4		<li><a @@if(@@menu.sub1.users@@ == 1){{class="selected"}}{{}} href="@@url@@/users">Users</a></li>
5		<li><a @@if(@@menu.sub1.repos@@ == 1){{class="selected"}}{{}} href="@@url@@/repos">Repos</a></li>
	3		<li><a @@if(@@menu.sub2.list@@ == 1){{class="selected"}}{{}} href="@@url@@/list">List</a></li>
	4		<li><a @@if(@@menu.sub2.add@@ == 1){{class="selected"}}{{}} href="@@url@@/add">Add</a></li>
6	5	</ul>	</ul>
7	6	</div>	</div>

File root/themes/default/hints/repo/edit_repo_path_rights.html changed (mode: 100644) (index 3591855..8dbe040)
1		Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
2		spaces/tabs etc. will be allowed.
3		<br /><br />
4
5	1	Example rights for references:<br />	Example rights for references:<br />
6	2	<pre>	<pre>
7		refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
8		{USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
	3		doc/.*\.jpg None = User cannot push jpeg files<br />
	4		/user/{USER} Push = The pushing user (USER) is allowed to push files only in his folder inside /user/<br />
9	5	</pre>	</pre>

File root/themes/default/hints/repo/edit_repo_refs_rights.html changed (mode: 100644) (index e25af68..3591855)
1		You do not have to grant yourself rights.
2		You are the owner, so you have maximum rights.<br />
3		<br />
4
5		Priority is used to order the rights in the proper order.<br />
6		<br />
7
8	1	Bad whitespace: if checked, commits with mixed tabs and spaces, trailing	Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
9		spaces/tabs etc. will be allowed.<br />
10		<br />
	2		spaces/tabs etc. will be allowed.
	3		<br /><br />
11	4
12	5	Example rights for references:<br />	Example rights for references:<br />
	6		<pre>
13	7	refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />	refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
14	8	{USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />	{USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
	9		</pre>

File root/themes/default/hints/repo/edit_repo_rights.html changed (mode: 100644) (index 75f132b..d79e11a)
1		You do not have to grant yourself rights.<br />
2		You are the owner, so you have maximum rights.<br />
3		<br />
4
5		Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
6		spaces/tabs etc. will be allowed.<br />
7		<br />
8
9		Example rights for references:<br />
10		refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
11		{USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
	1		TODO: Some hints here?

File root/themes/default/hints/repo/merge.html changed (mode: 100644) (index 2ecc06b..3d0858e)
...	...	fetch = +refs/namespaces/*:refs/remotes/your_remote_name_for_example_origin/mr/*
13	13	</code>	</code>
14	14	After you run a git fetch, you will have all the merge requests localy.<br />	After you run a git fetch, you will have all the merge requests localy.<br />
15	15	You can do ???	You can do ???
16

File root/themes/default/hints/ssh/key.html changed (mode: 100644) (index 9212c74..5fa4eaa)
...	...	and paste it in the form above.<br />
8	8	<br />	<br />
9	9
10	10	To force the use of this key when you connect to the server,<br />	To force the use of this key when you connect to the server,<br />
11		add the following lines to ~/.ssh/config (use tab to indent):<br />
	11		add the following lines to your ~/.ssh/config (use tab to indent):<br />
12	12	<code>	<code>
13	13	Host @@rg_ssh_host@@<br />	Host @@rg_ssh_host@@<br />
14	14	&nbsp;&nbsp; User rocketgit<br />	&nbsp;&nbsp; User rocketgit<br />

File root/themes/default/index.html changed (mode: 100644) (index 4c782a0..699cf78)
19	19	<div class="logo"><a href="/">RocketGit</a></div>	<div class="logo"><a href="/">RocketGit</a></div>
20	20	</td>	</td>
21	21
22		@@if("@@rg_username@@" != ""){{
	22		@@if("@@login_ui.username@@" != ""){{
23	23	<td>	<td>
24		<div class="user"><a href="@@rg_homepage@@">@@rg_username@@</a></div>
	24		<div class="user"><a href="@@login_ui.homepage@@">@@login_ui.username@@</a></div>
25	25	</td>	</td>
26	26	}}{{}}	}}{{}}
27	27
28	28	<td>	<td>
29	29	<div id="menus">	<div id="menus">
30		@@rg_menu@@
	30		<!-- main menu -->
	31		<div class="menu">
	32		<ul>
	33		@@if(@@login_ui.uid@@ == 0){{<li><a @@if(@@menu.login@@ == 1){{class="selected"}}{{}} href="/op/login">Login</a></li>}}{{}}
	34		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.settings@@ == 1){{class="selected"}}{{}} href="/op/settings">Settings</a></li>}}{{}}
	35		<li><a @@if(@@menu.repo@@ == 1){{class="selected"}}{{}} href="/op/repo">Repositories</a></li>
	36		@@if(@@login_ui.is_admin@@ == 1){{<li><a @@if(@@menu.admin@@ == 1){{class="selected"}}{{}} href="/op/admin">Admin</a></li>}}{{}}
	37		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.suggestion@@ == 1){{class="selected"}}{{}} href="/op/suggestion">Suggestion</a></li>}}{{}}
	38		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.logout@@ == 1){{class="selected"}}{{}} href="/op/logout">Logout</a></li>}}{{}}
	39		</ul>
	40		</div>
	41		<!-- submenus -->
	42		@@submenu1@@
	43		@@submenu2@@
31	44	</div>	</div>
32	45	</td>	</td>
33	46	</tr>	</tr>

File root/themes/default/mail/user/key/del.body.txt changed (mode: 100644) (index 3901edf..b4b4b57)
...	...	Some SSH keys were removed from your account.
4	4
5	5	IP: @@IP@@	IP: @@IP@@
6	6
7		Thank you!
8
9	7	--	--
10	8	RocketGit Team	RocketGit Team
11	9	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/key/new.body.txt changed (mode: 100644) (index 09259a6..3e2e4a8)
...	...	A new SSH key was added to your account.
4	4
5	5	IP: @@IP@@	IP: @@IP@@
6	6
7		Thank you!
8
9	7	--	--
10	8	RocketGit Team	RocketGit Team
11	9	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/repo/bug/new.body.txt changed (mode: 100644) (index 9971814..a7395e9)
...	...	State: @@bug.state_text@@
12	12
13	13	Link to bug: @@bug.url@@	Link to bug: @@bug.url@@
14	14
15		Thank you!
16
17	15	--	--
18	16	RocketGit Team	RocketGit Team
19	17	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/repo/bug/new_note.body.txt changed (mode: 100644) (index 99a04fb..ecb9c56)
...	...	The note was added by '@@note.who_added_text@@'.
9	9
10	10	Link to bug: @@bug.url@@	Link to bug: @@bug.url@@
11	11
12		Thank you!
13
14	12	--	--
15	13	RocketGit Team	RocketGit Team
16	14	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/repo/del.body.txt changed (mode: 100644) (index 1d7797d..7b756eb)
...	...	Repository '@@ri.name@@' was deleted.
4	4
5	5	IP: @@IP@@	IP: @@IP@@
6	6
7		Thank you!
8
9	7	--	--
10	8	RocketGit Team	RocketGit Team
11	9	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/repo/new.body.txt changed (mode: 100644) (index 4befc1e..f2dc483)
...	...	Description:
11	11	Link to repository: @@ri.url@@.	Link to repository: @@ri.url@@.
12	12	IP: @@IP@@	IP: @@IP@@
13	13
14		Thank you!
15
16	14	--	--
17	15	RocketGit Team	RocketGit Team
18	16	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/repo/update.body.txt changed (mode: 100644) (index 3da201f..c00b67f)
...	...	Link to repository: @@ri.url@@.
12	12
13	13	IP: @@IP@@	IP: @@IP@@
14	14
15		Thank you!
16
17	15	--	--
18	16	RocketGit Team	RocketGit Team
19	17	http://rocketgit.net	http://rocketgit.net

File root/themes/default/mail/user/welcome.body.txt changed (mode: 100644) (index e9788ea..f1f8d09)
...	...	Thank you!
15	15
16	16	--	--
17	17	RocketGit Team	RocketGit Team
18		http://rocketgit.net
	18		http://rocketgit.net/

File root/themes/default/repo/add_edit.html changed (mode: 100644) (index 227d09d..ede60ce)
1	1	<div class="formarea">	<div class="formarea">
2	2
3		<div class="formarea_title">@@title@@</div><br />
	3		<div class="formarea_title">@@if(@@ri.repo_id@@ == 0){{Create repository}}{{Edit repository}}</div><br />
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
8		<input type="hidden" name="repo_id" value="@@repo_id@@" />
9		<input type="hidden" name="master_repo_id" value="@@master_repo_id@@" />
	7		<form method="post" action="@@form_url@@/@@if(@@ri.repo_id@@ == 0){{create}}{{edit}}">
	8		<input type="hidden" name="repo_id" value="@@ri.repo_id@@" />
	9		<input type="hidden" name="master" value="@@ri.master@@" />
10	10	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
11	11	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
12	12
13		@@if(@@master_name@@ != ){{Master repo: @@master_name@@<br />}}{{}}
	13		@@if("@@ri.master_name@@" != ""){{Master repo: @@ri.master_name@@<br />}}{{}}
14	14
15	15	<label for="name" class="form_item_title">Name</label><br />	<label for="name" class="form_item_title">Name</label><br />
16		<input type="text" name="name" value="@@name@@" />
	16		<input type="text" name="name" value="@@ri.name@@" />
17	17	<br />	<br />
18	18	<br />	<br />
19	19
20		<label for="max_commit_size" class="form_item_title">Max commit size (bytes)</label><br />
21		<input type="text" name="max_commit_size" value="@@max_commit_size@@" />
	20		<label for="max_commit_size" class="form_item_title">Max commit size (bytes, 0 = unlimited)</label><br />
	21		<input type="text" name="max_commit_size" value="@@ri.max_commit_size@@" />
22	22	<br />	<br />
23	23	<br />	<br />
24	24
25	25	<label for="description" class="form_item_title">Description</label><br />	<label for="description" class="form_item_title">Description</label><br />
26		<textarea name="description" rows="4" cols="30">@@description@@</textarea>
	26		<textarea name="description" rows="4" cols="30">@@ri.description@@</textarea>
27	27	<br />	<br />
28	28	<br />	<br />
29	29
30
31		<label for="default_rights" class="form_item_title">Default rights for anonymous access</label><br />
32		(un-check all for private repositories)<br />
33		@@rights@@
	30		<label for="public" class="form_item_title">Public or private</label><br />
	31		<select name="public">
	32		<option value="0"@@if(@@ri.public@@ == 0){{ selected="selected"}}{{}}>Private</option>
	33		<option value="1"@@if(@@ri.public@@ == 1){{ selected="selected"}}{{}}>Public</option>
	34		</select>
34	35	<br />	<br />
35	36
36		<input type="submit" name="button" value="@@button@@" />
	37		<input type="submit" name="button" value="@@if(@@ri.repo_id@@ == 0){{Create}}{{Update}}" />
37	38
38	39	</form>	</form>
39	40	</div>	</div>

File root/themes/default/repo/bug/b_close.html changed (mode: 100644) (index 99ddaef..c7415ad)
1		<form method="post" action="@@url@@">
	1		<form method="post" action="@@bug.url@@">
2	2	<input type="hidden" name="close_reopen" value="1" />	<input type="hidden" name="close_reopen" value="1" />
3	3	<input type="hidden" name="state" value="2" />	<input type="hidden" name="state" value="2" />
4	4	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />

File root/themes/default/repo/bug/b_edit.html changed (mode: 100644) (index 03d1a29..ee5c4b2)
1		<form method="post" action="@@url@@">
	1		<form method="post" action="@@bug.url@@">
2	2	<input type="hidden" name="edit" value="1" />	<input type="hidden" name="edit" value="1" />
3	3	<!-- no need for token -->	<!-- no need for token -->
4	4

File root/themes/default/repo/bug/b_reopen.html changed (mode: 100644) (index 0359587..d4b2497)
1		<form method="post" action="@@url@@">
	1		<form method="post" action="@@bug.url@@">
2	2	<input type="hidden" name="close_reopen" value="1" />	<input type="hidden" name="close_reopen" value="1" />
3	3	<input type="hidden" name="state" value="1" />	<input type="hidden" name="state" value="1" />
4	4	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />

File root/themes/default/repo/bug/b_unwatch.html changed (mode: 100644) (index 7348f81..a3e1789)
1		<form method="post" action="@@url@@">
	1		<form method="post" action="@@bug.url@@">
2	2	<input type="hidden" name="unwatch" value="1" />	<input type="hidden" name="unwatch" value="1" />
3	3	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
4	4

File root/themes/default/repo/bug/b_watch.html changed (mode: 100644) (index 9b7e138..6178b85)
1		<form method="post" action="@@url@@">
	1		<form method="post" action="@@bug.url@@">
2	2	<input type="hidden" name="watch" value="1" />	<input type="hidden" name="watch" value="1" />
3	3	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
4	4

File root/themes/default/repo/bug/bug_add_edit.html changed (mode: 100644) (index d046148..afa6036)
1	1	<div class="formarea">	<div class="formarea">
2	2
3		<div class="formarea_title">@@if(@@bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
	3		<div class="formarea_title">@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
4	4
5		@@bug_errmsg@@
	5		@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="@@url_repo@@/bug/@@if(@@bug.bug_id@@ == 0){{add}}{{@@bug.bug_id@@}}">
	8		<input type="hidden" name="edit" value="@@if(@@bug.bug_id@@ == 0){{0}}{{1}}" />
8	9	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9		<input type="hidden" name="bug_id" value="@@bug_id@@" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
11	11
12	12	<label for="title" class="form_item_title">Title</label><br />	<label for="title" class="form_item_title">Title</label><br />
13		<input type="text" name="title" value="@@title@@" size="80" />
	13		<input type="text" name="title" value="@@bug.title@@" size="80" />
14	14	<br />	<br />
15	15	<br />	<br />
16	16
17	17	<label for="body" class="form_item_title">Description</label><br />	<label for="body" class="form_item_title">Description</label><br />
18		<textarea name="body" rows="5" cols="80">@@body@@</textarea>
	18		<textarea name="body" rows="5" cols="80">@@bug.body@@</textarea>
19	19	<br />	<br />
20	20	<br />	<br />
21	21
22	22	<label for="state" class="form_item_title">State</label><br />	<label for="state" class="form_item_title">State</label><br />
23		@@state_select@@
	23		@@bug.state_select@@
24	24	<br />	<br />
25	25	<br />	<br />
26	26
27	27	<label for="assigned_to" class="form_item_title">Assign to</label><br />	<label for="assigned_to" class="form_item_title">Assign to</label><br />
28		<input type="text" name="assigned_to" value="@@assigned_to@@" size="80" />
	28		<input type="text" name="assigned_to" value="@@bug.assigned_to@@" size="80" />
29	29	<br />	<br />
30	30	<br />	<br />
31	31
32	32	<label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br />	<label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br />
33		<textarea name="labels" rows="3" cols="80">@@labels@@</textarea>
	33		<textarea name="labels" rows="3" cols="80">@@bug.labels@@</textarea>
34	34	<br />	<br />
35	35	<br />	<br />
36	36
37		<input type="submit" name="button" value="@@if(@@bug_id@@ == 0){{Add bug}}{{Update}}" />
	37		<input type="submit" name="button" value="@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Update}}" />
38	38
39	39	</form>	</form>
40	40	</div>	</div>
	41
	42		@@hints@@

File root/themes/default/repo/bug/deleted.html changed (mode: 100644) (index 6284a8c..0680a08)
1	1	<div class="error">	<div class="error">
2		You are not allowed to edit this bug.
	2		This bug was deleted.
3	3	</div>	</div>

File root/themes/default/repo/bug/deny_close.html changed (mode: 100644) (index 82c7199..030b690)
1	1	<div class="error">	<div class="error">
2		You are not allowed to edit this repo.
	2		You are not allowed to close bugs.
3	3	</div>	</div>

File root/themes/default/repo/bug/deny_delete.html changed (mode: 100644) (index 1db3cde..a5b5f33)
1	1	<div class="error">	<div class="error">
2		You are not allowed to reopen bugs.
	2		You are not allowed to delete bugs.
3	3	</div>	</div>

File root/themes/default/repo/bug/deny_edit.html changed (mode: 100644) (index 82c7199..6284a8c)
1	1	<div class="error">	<div class="error">
2		You are not allowed to edit this repo.
	2		You are not allowed to edit this bug.
3	3	</div>	</div>

File root/themes/default/repo/bug/deny_reopen.html changed (mode: 100644) (index 030b690..1db3cde)
1	1	<div class="error">	<div class="error">
2		You are not allowed to close bugs.
	2		You are not allowed to reopen bugs.
3	3	</div>	</div>

File root/themes/default/repo/bug/list/line.html changed (mode: 100644) (index 568a5f8..8437433)
1	1	<tr>	<tr>
2		<td><a href="@@url_repo@@/bug/@@bug_id@@">@@bug_id@@</a></td>
3		<td>@@creation@@</td>
4		<td><a href="@@url_repo@@/bug/@@bug_id@@">@@title@@</a></td>
5		<td>@@state_text@@</td>
6		<td>@@owner@@</td>
7		<td>@@if(@@assigned_to@@ == ){{-}}{{@@assigned_to@@}}</td>
8		<td>@@updated@@</td>
	2		<td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.bug_id@@</a></td>
	3		<td>@@bug.creation@@</td>
	4		<td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.title@@</a></td>
	5		<td>@@bug.state_text@@</td>
	6		<td>@@bug.owner@@</td>
	7		<td>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</td>
	8		<td>@@bug.updated@@</td>
9	9	</tr>	</tr>
10	10

File root/themes/default/repo/bug/list/nodata.html changed (mode: 100644) (index fce0f1f..e510296)
1		<div class="warning">
	1		<div class="ok">
2	2	No bugs found.	No bugs found.
3	3	</div>	</div>

File root/themes/default/repo/bug/not_found.html changed (mode: 100644) (index 1d11b35..121db38)
1	1	<div class="warning">	<div class="warning">
2		Bug <b>@@bug_id@@</b> not found.
	2		Bug <b>@@bug.bug_id@@</b> not found.
3	3	</div>	</div>

File root/themes/default/repo/bug/note_add.html changed (mode: 100644) (index 05fb9dc..dd3163e)
4	4
5	5	@@note_errmsg@@	@@note_errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="@@bug.url@@">
8	8	<input type="hidden" name="note_add_doit" value="1" />	<input type="hidden" name="note_add_doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10

File root/themes/default/repo/bug/search/search.html changed (mode: 100644) (index b387d70..1bd917b)
2	2
3	3	<div class="formarea_title">Search bugs</div><br />	<div class="formarea_title">Search bugs</div><br />
4	4
5		@@bug_errmsg@@
	5		@@errmsg@@
6	6
7	7	<form method="post" action="@@url@@">	<form method="post" action="@@url@@">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />

File root/themes/default/repo/bug/show.html changed (mode: 100644) (index 6f16b69..e23f4c8)
7	7	<td>@@edit_form@@</td>	<td>@@edit_form@@</td>
8	8	<td>@@watch_form@@</td>	<td>@@watch_form@@</td>
9	9	<td>@@close_form@@</td>	<td>@@close_form@@</td>
	10		<td>
	11		<form method="post" action="@@bug.url@@">
	12		<input type="hidden" name="del_undel" value="@@if(@@bug.deleted@@ == 0){{1}}{{2}}" />
	13		<input type="hidden" name="token" value="@@rg_form_token@@" />
	14		<input type="submit" name="button" value="@@if(@@bug.deleted@@ == 0){{Delete}}{{Undelete}}" />
	15		</form>
	16		</td>
10	17	</tr>	</tr>
11	18	</tbody>	</tbody>
12	19	</table>	</table>
16	23	@@bug_edit@@	@@bug_edit@@
17	24
18	25	<div class="bug_description">	<div class="bug_description">
19		<div class="bug_title">#@@bug_id@@ - @@title@@</div>
20		State: @@state_text@@<br />
21		Insertion date (UTC): @@creation@@<br />
22		Last update (UTC): @@updated@@<br />
23		Reporter: <b>@@owner@@</b><br />
24		Assigned to: <b>@@if(@@assigned_to@@ == ){{-}}{{@@assigned_to@@}}</b><br />
	26		<div class="bug_title">#@@bug.bug_id@@ - @@bug.title@@</div>
	27		State: @@bug.state_text@@<br />
	28		Insertion date (UTC): @@bug.creation@@<br />
	29		Last update (UTC): @@bug.updated@@<br />
	30		Reporter: <b>@@bug.owner@@</b><br />
	31		Assigned to: <b>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</b><br />
	32		@@if(@@bug.deleted@@ != 0){{
	33		<font color="red">Deleted by: @@bug.deleted_who_text@@ (@@bug.deleted_text@@ UTC)</font><br />
	34		}}{{}}
25	35	</div>	</div>
26	36
27	37	<div class="bug_body">	<div class="bug_body">
28		@@body@@
	38		@@bug.body@@
29	39	</div>	</div>
30	40
31	41	@@labels_html@@	@@labels_html@@

File root/themes/default/repo/create_ok.html changed (mode: 100644) (index 3b375f0..15e118c)
1	1	<div class="ok">	<div class="ok">
2		Repository was updated with success.
	2		Repository was created with success.
	3		Click <a href="@@ri.home@@">here</a> to go to the repository home.
3	4	</div>	</div>

File root/themes/default/repo/edit_ok.html changed (mode: 100644) (index 3b375f0..ae8743b)
1	1	<div class="ok">	<div class="ok">
2	2	Repository was updated with success.	Repository was updated with success.
	3		@@if(@@ri.renamed@@ == 1){{Go to new home <a href="@@ri.home@@">here</a>}}{{}}
3	4	</div>	</div>

File root/themes/default/repo/fstat/nodata.html changed (mode: 100644) (index f70717a..028c426)
1		<div class="warning">
	1		<div class="ok">
2	2	No file changed.	No file changed.
3	3	</div>	</div>

File root/themes/default/repo/history/header.html changed (mode: 100644) (index 9027dc6..b4fc9ee)
1	1	<table>	<table>
	2		<tr>
	3		<th>Date (UTC)</th>
	4		<th>Event</th>
	5		</tr>

File root/themes/default/repo/history/nodata.html changed (mode: 100644) (index 6b49479..75b9e0b)
1		<div class="warning">
	1		<div class="ok">
2	2	No history found.	No history found.
3	3	</div>	</div>

File root/themes/default/repo/list/header.html changed (mode: 100644) (index f2ac164..8ab11f2)
5	5	<th>Description</th>	<th>Description</th>
6	6	<th>Clone of</th>	<th>Clone of</th>
7	7	<th>Creation date (UTC)</th>	<th>Creation date (UTC)</th>
8		<th>Default rights</th>
	8		<th>Type</th>
9	9	<th>Disk used</th>	<th>Disk used</th>
10	10	</tr>	</tr>
11	11

File root/themes/default/repo/list/line.html changed (mode: 100644) (index 5e680a9..2f4a523)
3	3	<td><small>@@description@@</small></td>	<td><small>@@description@@</small></td>
4	4	<td>@@clone_of@@</td>	<td>@@clone_of@@</td>
5	5	<td>@@creation@@</td>	<td>@@creation@@</td>
6		<td>@@rights@@</td>
	6		<td>@@if(@@public@@ == 1){{Public}}{{Private}}</td>
7	7	<td>@@disk_used@@</td>	<td>@@disk_used@@</td>
8	8	</tr>	</tr>

File root/themes/default/repo/list/nodata.html changed (mode: 100644) (index e5cf84e..a9cbe64)
1		<div class="warning">
2		No repository found.
	1		<div class="ok">
	2		No repositories found.
3	3	</div>	</div>

File root/themes/default/repo/log/nodata.html changed (mode: 100644) (index 48fcc28..227cb23)
1		<div class="warning">
	1		<div class="ok">
2	2	No commit found.	No commit found.
3	3	</div>	</div>

File root/themes/default/repo/main.html changed (mode: 100644) (index 435c61f..d590770)
2	2	<div class="repo_header">	<div class="repo_header">
3	3	<div>	<div>
4	4	<div class="repo_title">	<div class="repo_title">
5		<a href="@@url_user@@">@@owner@@</a> / <a href="@@url_repo@@">@@name@@</a>
	5		<a href="@@url_user@@">@@page_ui.username@@</a> / <a href="@@url_repo@@">@@ri.name@@</a>
6	6	</div>	</div>
7	7	<div class="repo_desc">	<div class="repo_desc">
8		@@description@@
	8		@@ri.description@@
9	9	</div>	</div>
10	10
11	11	@@urls@@	@@urls@@
20	20	@@if(@@can_admin@@ == 1){{<li><a href="@@url_repo@@/admin">Admin</a></li>}}{{}}	@@if(@@can_admin@@ == 1){{<li><a href="@@url_repo@@/admin">Admin</a></li>}}{{}}
21	21	</ul>	</ul>
22	22	</div>	</div>
	23		@@repo_submenu@@
23	24	</div> <!-- repo_header -->	</div> <!-- repo_header -->
24	25
25	26	<div class="repo_right">	<div class="repo_right">

File root/themes/default/repo/menu.html changed (mode: 100644) (index 977f8d4..624a850)
1	1	<div class="menu">	<div class="menu">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.sub1.edit_info@@ == 1){{class="selected"}}{{}} href="@@url@@/edit_info">Edit info</a></li>
4		<li><a @@if(@@menu.sub1.change_pass@@ == 1){{class="selected"}}{{}} href="@@url@@/change_pass">Change password</a></li>
5		<li><a @@if(@@menu.sub1.keys@@ == 1){{class="selected"}}{{}} href="@@url@@/keys">SSH keys</a></li>
	3		<li>
	4		<a @@if(@@menu.sub1.list@@ == 1){{class="selected"}}{{}} href="/op/repo/list">List</a>
	5		</li>
	6		<li>
	7		@@if(@@login_ui.uid@@ != 0){{
	8		<a @@if(@@menu.sub1.create@@ == 1){{class="selected"}}{{}} href="/op/repo/create">Create</a>
	9		}}{{
	10		}}
	11		</li>
	12		<li>
	13		<a @@if(@@menu.sub1.search@@ == 1){{class="selected"}}{{}} href="/op/repo/search">Search</a>
	14		</li>
6	15	</ul>	</ul>
7		</div>
	16		</div>

File root/themes/default/repo/mr/list/nodata.html changed (mode: 100644) (index c217f3d..ba2dc17)
1		<div class="warning">
	1		<div class="ok">
2	2	No merge requests found.	No merge requests found.
3	3	</div>	</div>

File root/themes/default/repo/not_init.html changed (mode: 100644) (index 868ead5..0e8070c)
1		<!-- This is shown when the repo contains no commit -->
2
3		<div class="warning">
	1		<div class="ok">
4	2	This repo contains no commits.	This repo contains no commits.
5	3	</div>	</div>

File root/themes/default/repo/search.html changed (mode: 100644) (index d712ad7..7f44df0)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/repo/search">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9
10	10	<label for="q" class="form_item_title">Keyword</label><br />	<label for="q" class="form_item_title">Keyword</label><br />

File root/themes/default/repo/tree/nodata.html changed (mode: 100644) (index d5ef081..fa1a030)
1		<div class="warning">
	1		<div class="ok">
2	2	Empty tree.	Empty tree.
3	3	</div>	</div>

File root/themes/default/suggestion.html changed (mode: 100644) (index 2d5e2e5..be7dc80)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/suggestion">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10
	11		@@if(login_ui.uid == 0){{
	12		<label for="suggestion" class="form_item_title">Suggestion</label><br />
	13		<input type="text" name="email">@@email@@ />
	14		<br />
	15		<br />
	16		}}{{
	17		}}
	18
11	19	<label for="suggestion" class="form_item_title">Suggestion</label><br />	<label for="suggestion" class="form_item_title">Suggestion</label><br />
12	20	<textarea name="suggestion" rows="6" cols="50">@@suggestion@@</textarea>	<textarea name="suggestion" rows="6" cols="50">@@suggestion@@</textarea>
13	21	<br />	<br />

File root/themes/default/suggestion_sent.html changed (mode: 100644) (index 54b2283..eea9e80)
1	1	<div class="ok">	<div class="ok">
2		@@msg@@
	2		Suggestion sent. Thank you very much!
3	3	</div>	</div>

File root/themes/default/user/add_edit.html changed (mode: 100644) (index 3a9f2d1..139d15d)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/settings/edit_info">
8	8	<input type="hidden" name="uid" value="@@uid@@" />	<input type="hidden" name="uid" value="@@uid@@" />
9	9	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
34	34	<input type="password" name="pass2" value="@@pass2@@" />	<input type="password" name="pass2" value="@@pass2@@" />
35	35	<br />	<br />
36	36	<br />	<br />
	37		}}{{
37	38	}}	}}
38		{{}}
39	39
40		@@if(@@admin_mode@@ == 1){{
	40		@@if(@@login_ui.is_admin@@ == 1){{
41	41	<label for="is_admin" class="form_item_title">Admin?</label><br />	<label for="is_admin" class="form_item_title">Admin?</label><br />
42	42	<select name="is_admin">	<select name="is_admin">
43	43	<option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option>	<option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option>
45	45	</select>	</select>
46	46	<br />	<br />
47	47	<br />	<br />
	48		}}
48	49
49	50	<label for="plan" class="form_item_title">Plan</label><br />	<label for="plan" class="form_item_title">Plan</label><br />
50	51	@@select_plan@@	@@select_plan@@

File root/themes/default/user/create_na.html changed (mode: 100644) (index 4875389..fe39c81)
1	1	<div class="warning">	<div class="warning">
2		This site does not allow account creation. Talk with Admin.
	2		This site does not allow account creation. Talk with the Admin.
3	3	</div>	</div>

File root/themes/default/user/keys/add.html changed (mode: 100644) (index c70b229..d220990)
4	4
5	5	@@add_errmsg@@	@@add_errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/settings/keys">
8	8	<input type="hidden" name="add" value="1" />	<input type="hidden" name="add" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10

File root/themes/default/user/keys/list/header.html changed (mode: 100644) (index ac7e523..48edae8)
1	1	<div class="rg_keys_list">	<div class="rg_keys_list">
2	2
3	3	@@del_errmsg@@	@@del_errmsg@@
	4		@@status@@
4	5
5		<form method="post" action="@@url@@">
	6		<form method="post" action="/op/settings/keys">
6	7	<input type="hidden" name="delete" value="1" />	<input type="hidden" name="delete" value="1" />
7	8	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
8	9

File root/themes/default/user/keys/list/nodata.html changed (mode: 100644) (index 1e0d7fb..6e176db)
1		<div class="warning">
	1		<div class="ok">
2	2	No keys uploaded yet.	No keys uploaded yet.
3	3	</div>	</div>

File root/themes/default/user/keys/remove_ok.html changed (mode: 100644) (index 76ab87e..d3d98d1)
1	1	<div class="ok">	<div class="ok">
2		Information was updated with success.
	2		Selected keys were removed with success.
3	3	</div>	</div>

File root/themes/default/user/login.html changed (mode: 100644) (index ef80a59..7ae9168)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/login">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9
10	10	<label for="username" class="form_item_title">Username</label><br />	<label for="username" class="form_item_title">Username</label><br />

File root/themes/default/user/pass.html changed (mode: 100644) (index 0d73a62..1480306)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="/op/settings/change_pass">
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10

File root/themes/default/user/pass_changed.html changed (mode: 100644) (index 76ab87e..d446b2e)
1	1	<div class="ok">	<div class="ok">
2		Information was updated with success.
	2		Password was updated with success.
3	3	</div>	</div>

File root/themes/default/user/repo/delete/deny.html changed (mode: 100644) (index e69de29..3bc641a)
	1		<div class="error">
	2		You are not allowed to delete this repo.
	3		</div>

File root/themes/default/user/repo/delete/done.html changed (mode: 100644) (index 0457089..fc296c0)
	1		<div class="ok">
1	2	The repository was deleted.	The repository was deleted.
	3		</div>

File root/themes/default/user/repo/delete/no.html changed (mode: 100644) (index 69bcc79..57302d4)
1		I am glad the you changed your mind!
	1		<div class="ok">
	2		We are happy you changed your mind!
	3		</div>

File root/themes/default/user/repo/delete/sure.html changed (mode: 100644) (index a39fe9b..354309c)
2	2
3	3	<div class="formarea_title">Delete repository</div><br />	<div class="formarea_title">Delete repository</div><br />
4	4
5		<form method="post" action="@@url@@">
	5		<form method="post" action="@@url_repo@@/admin/delete">
6	6	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
7	7	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
8	8

File root/themes/default/user/repo/deny.html changed (mode: 100644) (index 82c7199..4dd0d6f)
1	1	<div class="error">	<div class="error">
2		You are not allowed to edit this repo.
	2		Cannot access non-existing or private repository.
3	3	</div>	</div>

File root/themes/default/user/repo/deny_edit.html changed (mode: 100644) (index 3bc641a..82c7199)
1	1	<div class="error">	<div class="error">
2		You are not allowed to delete this repo.
	2		You are not allowed to edit this repo.
3	3	</div>	</div>

File root/themes/default/user/repo/menu.html changed (mode: 100644) (index eecfcd6..fa41462)
1	1	<div class="menu submenu">	<div class="menu submenu">
2	2	<ul>	<ul>
3		<li><a href="@@url_admin@@/edit">Edit</a></li>
4		<li><a href="@@url_admin@@/rights">Rights</a></li>
5		<li><a href="@@url_admin@@/delete">Delete</a></li>
	3		<li><a @@if(@@menu.repo.edit@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/edit">Edit</a></li>
	4		<li><a @@if(@@menu.repo.repo_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/repo_rights">Repo rights</a></li>
	5		<li><a @@if(@@menu.repo.refs_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/refs_rights">Refs rights</a></li>
	6		<li><a @@if(@@menu.repo.path_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/path_rights">Path rights</a></li>
	7		<li><a @@if(@@menu.repo.delete@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/delete">Delete</a></li>
6	8	</ul>	</ul>
7	9	</div>	</div>

File root/themes/default/user/repo/rights/delete_ok.html changed (mode: 100644) (index d8a4857..c9cd4c6)
1	1	<div class="ok">	<div class="ok">
2		Rights granted with success.
	2		Rights deleted with success.
3	3	</div>	</div>

File root/themes/default/user/repo/rights/deny.html changed (mode: 100644) (index 3bc641a..cde12b4)
1	1	<div class="error">	<div class="error">
2		You are not allowed to delete this repo.
	2		You are not allowed to grant rights.
3	3	</div>	</div>

File root/themes/default/user/repo/rights/form_repo.html changed (mode: 100644) (index 6b26feb..9d52630)
1	1	<div class="formarea">	<div class="formarea">
2	2
3		<div class="formarea_title">Grant rights</div><br />
	3		<div class="formarea_title">Grant repo rights</div><br />
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
	7		<form method="post" action="@@url_repo@@/admin/repo_rights">
	8		<input type="hidden" name="right_id" value="@@right_id@@" />
8	9	<input type="hidden" name="grant" value="1" />	<input type="hidden" name="grant" value="1" />
9	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	11
13	14	<br />	<br />
14	15	<br />	<br />
15	16
16		<table>
17		<tr>
18		<th>For repository</th>
19		<th>For references</th>
20		</tr>
21
22		<tr>
23		<td>
24	17	<label class="form_item_title" for="rights">Rights</label><br />	<label class="form_item_title" for="rights">Rights</label><br />
25	18	@@rights_checkboxes@@	@@rights_checkboxes@@
26		</td>
27
28		<td>
29		<label class="form_item_title" for="ref">Reference</label><br />
30		<input type="text" name="ref" value="@@ref@@" />
31		<br />
32	19	<br />	<br />
33	20
34		<label class="form_item_title" for="path">Path</label><br />
35		<input type="text" name="path" value="@@path@@" />
	21		<label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
	22		<textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
36	23	<br />	<br />
37	24	<br />	<br />
38	25
39		<label class="form_item_title" for="rights">Rights</label><br />
40		@@refs_rights_checkboxes@@
	26		<label class="form_item_title" for="prio">Priority</label><br />
	27		<input type="text" name="prio" value="@@prio@@" />
	28		<br />
41	29	<br />	<br />
42		</td>
43		</tr>
44		</table>
45	30
46	31	<input type="submit" name="button" value="Grant" />	<input type="submit" name="button" value="Grant" />
47	32

File root/themes/default/user/repo/rights/form_repo_path.html changed (mode: 100644) (index de90e03..26428c8)
1	1	<div class="formarea">	<div class="formarea">
2	2
3		<div class="formarea_title">Grant refs rights</div><br />
	3		<div class="formarea_title">Grant path rights</div><br />
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url_repo@@/admin/refs_rights">
	7		<form method="post" action="@@url_repo@@/admin/path_rights">
8	8	<input type="hidden" name="right_id" value="@@right_id@@" />	<input type="hidden" name="right_id" value="@@right_id@@" />
9	9	<input type="hidden" name="grant" value="1" />	<input type="hidden" name="grant" value="1" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
14	14	<br />	<br />
15	15	<br />	<br />
16	16
17		<label class="form_item_title" for="ref">Reference (regexp)</label><br />
	17		<label class="form_item_title" for="ref">Path (regexp)</label><br />
18	18	<input type="text" name="misc" value="@@misc@@" />	<input type="text" name="misc" value="@@misc@@" />
19	19	<br />	<br />
20	20	<br />	<br />
23	23	@@rights_checkboxes@@	@@rights_checkboxes@@
24	24	<br />	<br />
25	25
26		<label class="form_item_title" for="ip">IP address/prefix</label><br />
27		<input type="text" name="ip" value="@@ip@@" />
	26		<label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
	27		<textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
28	28	<br />	<br />
29	29	<br />	<br />
30	30

File root/themes/default/user/repo/rights/form_repo_refs.html changed (mode: 100644) (index 4d35c6a..8c685a2)
1		<pre>@@DUMP@@</pre>
2	1	<div class="formarea">	<div class="formarea">
3	2
4		<div class="formarea_title">Grant rights</div><br />
	3		<div class="formarea_title">Grant refs rights</div><br />
5	4
6	5	@@errmsg@@	@@errmsg@@
7	6
8		<form method="post" action="@@url@@">
	7		<form method="post" action="@@url_repo@@/admin/refs_rights">
	8		<input type="hidden" name="right_id" value="@@right_id@@" />
9	9	<input type="hidden" name="grant" value="1" />	<input type="hidden" name="grant" value="1" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
11	11
14	14	<br />	<br />
15	15	<br />	<br />
16	16
17		<table>
18		<tr>
19		<th>For repository</th>
20		<th>For references</th>
21		</tr>
	17		<label class="form_item_title" for="ref">Reference (regexp)</label><br />
	18		<input type="text" name="misc" value="@@misc@@" />
	19		<br />
	20		<br />
22	21
23		<tr>
24		<td>
25	22	<label class="form_item_title" for="rights">Rights</label><br />	<label class="form_item_title" for="rights">Rights</label><br />
26	23	@@rights_checkboxes@@	@@rights_checkboxes@@
27		</td>
28
29		<td>
30		<label class="form_item_title" for="ref">Reference (regexp)</label><br />
31		<input type="text" name="ref" value="@@ref@@" />
32		<br />
33	24	<br />	<br />
34	25
35		<label class="form_item_title" for="path">Path (regexp)</label><br />
36		<input type="text" name="path" value="@@path@@" />
	26		<label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
	27		<textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
37	28	<br />	<br />
38	29	<br />	<br />
39	30
40		<label class="form_item_title" for="refs_rights">Rights</label><br />
41		@@refs_rights_checkboxes@@
	31		<label class="form_item_title" for="prio">Priority</label><br />
	32		<input type="text" name="prio" value="@@prio@@" />
	33		<br />
42	34	<br />	<br />
43		</td>
44		</tr>
45		</table>
46	35
47	36	<input type="submit" name="button" value="Grant" />	<input type="submit" name="button" value="Grant" />
48	37

File root/themes/default/user/repo/rights/grant_ok.html changed (mode: 100644) (index e69de29..d8a4857)
	1		<div class="ok">
	2		Rights granted with success.
	3		</div>

File root/themes/default/user/repo/rights/list_repo/header.html changed (mode: 100644) (index e8ec802..8e5634a)
1	1	<div class="repo_rights">	<div class="repo_rights">
2	2
3		@@del_errmsg@@
	3		@@list_errmsg@@
4	4
5		<form method="post" action="@@url@@">
	5		<form method="post" action="@@url_repo@@/admin/repo_rights">
6	6	<input type="hidden" name="delete" value="1" />	<input type="hidden" name="delete" value="1" />
7	7	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
8	8
9	9	<table>	<table>
10	10	<tr>	<tr>
11	11	<th>Select</th>	<th>Select</th>
12		<th>User</th>
	12		<th>Priority</th>
	13		<th>Who</th>
13	14	<th>Date (UTC)</th>	<th>Date (UTC)</th>
14		<th>Rights</th>
	15		<th>User</th>
	16		<th>IP</th>
	17		<th>Repo rights</th>
15	18	<th>Operations</th>	<th>Operations</th>
16	19	</tr>	</tr>

File root/themes/default/user/repo/rights/list_repo/line.html changed (mode: 100644) (index 88ed164..9cb9302)
1	1	<tr>	<tr>
2		<td><input type="checkbox" name="rights_delete_ids[@@right_uid@@]" /></td>
3		<td>@@username@@</td>
	2		<td><input type="checkbox" name="rights_delete_ids[@@right_id@@]" /></td>
	3		<td>@@prio@@</td>
	4		<td>@@who_name@@</td>
4	5	<td>@@itime_text@@</td>	<td>@@itime_text@@</td>
	6		<td>@@username@@</td>
	7		<td>@@ip@@</td>
5	8	<td>@@rights_text@@</td>	<td>@@rights_text@@</td>
6	9	<td>	<td>
7		<a href="@@url@@?edit_uid=@@right_uid@@">Edit</a>
	10		<a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a>
8	11	</td>	</td>
9	12	</tr>	</tr>
10

File root/themes/default/user/repo/rights/list_repo_path/header.html changed (mode: 100644) (index 9310164..e2065de)
14	14	<th>Date (UTC)</th>	<th>Date (UTC)</th>
15	15	<th>User</th>	<th>User</th>
16	16	<th>IP</th>	<th>IP</th>
17		<th>Ref</th>
18		<th>Refs rights</th>
	17		<th>Path</th>
	18		<th>Path rights</th>
19	19	<th>Operations</th>	<th>Operations</th>
20	20	</tr>	</tr>

File root/themes/default/user/repo/rights/list_repo_path/line.html changed (mode: 100644) (index 199836e..167e787)
8	8	<td>@@misc@@</td>	<td>@@misc@@</td>
9	9	<td>@@rights_text@@</td>	<td>@@rights_text@@</td>
10	10	<td>	<td>
11		<a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a>
	11		<a href="@@url_repo@@/admin/path_rights?edit_id=@@right_id@@">Edit</a>
12	12	</td>	</td>
13	13	</tr>	</tr>
14

File root/themes/default/user/repo/rights/list_repo_refs/footer.html copied from file root/themes/default/user/repo/rights/list_repo/footer.html (similarity 100%)

File root/themes/default/user/repo/rights/list_repo_refs/header.html copied from file root/themes/default/user/repo/rights/list_repo_path/header.html (similarity 100%)

File root/themes/default/user/repo/rights/list_repo_refs/line.html copied from file root/themes/default/user/repo/rights/list_repo_path/line.html (similarity 99%) (mode: 100644) (index 199836e..7b516c1)
11	11	<a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a>	<a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a>
12	12	</td>	</td>
13	13	</tr>	</tr>
14

File root/themes/default/user/repo/rights/list_repo_refs/nodata.html copied from file root/themes/default/errmsg/nodata.html (similarity 100%)

File root/themes/default/user/settings/menu.html changed (mode: 100644) (index e69de29..27a4339)
	1		<div class="menu">
	2		<ul>
	3		<li><a @@if(@@menu.sub1.edit_info@@ == 1){{class="selected"}}{{}} href="/op/settings/edit_info">Edit info</a></li>
	4		<li><a @@if(@@menu.sub1.change_pass@@ == 1){{class="selected"}}{{}} href="/op/settings/change_pass">Change password</a></li>
	5		<li><a @@if(@@menu.sub1.keys@@ == 1){{class="selected"}}{{}} href="/op/settings/keys">SSH keys</a></li>
	6		</ul>
	7		</div>

File scripts/remote.php changed (mode: 100644) (index 8589194..3d2c1fa)
...	...	if (isset($_SERVER['SSH_CONNECTION'])) {
130	130	}	}
131	131
132	132	// Extracts command and computes permissions	// Extracts command and computes permissions
133		if (strncmp($cmd_repo, "git-upload-pack", 15) == 0) {
	133		if (strncasecmp($cmd_repo, "git-upload-pack", 15) == 0) {
134	134	$cmd = "git-upload-pack";	$cmd = "git-upload-pack";
135	135	$needed_rights = "F";	$needed_rights = "F";
136	136	$push = 0;	$push = 0;
137		} else if (strncmp($cmd_repo, "git-receive-pack", 16) == 0) {
	137		} else if (strncasecmp($cmd_repo, "git-receive-pack", 16) == 0) {
138	138	$cmd = "git-receive-pack";	$cmd = "git-receive-pack";
139		// TODO: add a comment here why we need to check nothing
140		$needed_rights = "";
	139		// We need push or anonymous push
	140		$needed_rights = "P|H";
141	141	$push = 1;	$push = 1;
142	142	} else {	} else {
143	143	fatal("Unknown command [$cmd_repo]!");	fatal("Unknown command [$cmd_repo]!");
...	...	$owner_ui = rg_user_info($db, 0, $user, "");
169	169	if ($owner_ui['ok'] != 1)	if ($owner_ui['ok'] != 1)
170	170	fatal("Internal problems. Try again later, please.");	fatal("Internal problems. Try again later, please.");
171	171	if ($owner_ui['exists'] != 1)	if ($owner_ui['exists'] != 1)
172		fatal("User does not exists.");
	172		fatal("User does not exists (repo).");
173	173
174	174	// Load info about the connecting user	// Load info about the connecting user
175		/* Seems is not used now
176	175	$conn_ui = rg_user_info($db, $conn_uid, "", "");	$conn_ui = rg_user_info($db, $conn_uid, "", "");
177		if ($conn_ui['exists'] != 0)
178		fatal("User does not exists.");
179		*/
	176		if ($conn_ui['exists'] != 1)
	177		fatal("User does not exists (conn).");
180	178
181	179	// Loading info about the repository	// Loading info about the repository
182	180	if (rg_repo_ok($repo) !== TRUE)	if (rg_repo_ok($repo) !== TRUE)
...	...	if ($ri['deleted'] == 1)
192	190	$repo_path = rg_repo_path_by_id($owner_ui['uid'], $ri['repo_id']);	$repo_path = rg_repo_path_by_id($owner_ui['uid'], $ri['repo_id']);
193	191	rg_log("repo_path=$repo_path.");	rg_log("repo_path=$repo_path.");
194	192
195		// TODO: signal user that the repo moved and provide a hint how to move
	193		// TODO: signal user that the repo moved and provide a hint how to follow
196	194
197		// We must not use here the rg_repo_allow function because we need
198		// $rights variable below.
199		$ret = rg_repo_rights_get($db, $ri, $conn_uid, 0);
200		if ($ret['ok'] !== 1)
201		fatal("Internal error (rights_get)");
202		$rights = $ret['rights'];
203
204		if (rg_rights_allow($rights, $needed_rights) === FALSE)
	195		$misc = FALSE;
	196		$ret = rg_repo_allow($db, "repo_refs", $ri, $conn_ui, $needed_rights, $ip, $misc);
	197		if ($ret !== TRUE)
205	198	fatal("You have no rights to access this repo!");	fatal("You have no rights to access this repo!");
206	199
207	200	// TODO: limit per connection	// TODO: limit per connection
...	...	if (($push == 1) && rg_user_over_limit($db, $owner_ui, $max))
219	212	putenv("ROCKETGIT_UID=" . $conn_uid);	putenv("ROCKETGIT_UID=" . $conn_uid);
220	213	putenv("ROCKETGIT_KEY_ID=" . $key_id);	putenv("ROCKETGIT_KEY_ID=" . $key_id);
221	214	putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']);	putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']);
222		putenv("ROCKETGIT_REPO_RIGHTS=" . $rights);
223	215	putenv("ROCKETGIT_REPO_PATH=" . $repo_path);	putenv("ROCKETGIT_REPO_PATH=" . $repo_path);
224	216	putenv("ROCKETGIT_IP=$ip");	putenv("ROCKETGIT_IP=$ip");
225	217	putenv("ROCKETGIT_ITIME=" . microtime(TRUE));	putenv("ROCKETGIT_ITIME=" . microtime(TRUE));
...	...	if ($push == 1) {
228	220	rg_log("namespace is $namespace.");	rg_log("namespace is $namespace.");
229	221	putenv("GIT_NAMESPACE=" . $namespace);	putenv("GIT_NAMESPACE=" . $namespace);
230	222
231		// Prepare refs to avoid:
	223		// Prepare refs to avoid the following message:
232	224	// "No refs in common and none specified; doing nothing.	// "No refs in common and none specified; doing nothing.
233	225	// Perhaps you should specify a branch such as 'master'."	// Perhaps you should specify a branch such as 'master'."
234	226	$dst = $repo_path . "/refs/namespaces/" . $namespace . "/refs/heads";	$dst = $repo_path . "/refs/namespaces/" . $namespace . "/refs/heads";

File selinux/rocketgit.fc changed (mode: 100644) (index 255b678..16d650c)
5	5
6	6	/etc/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_conf_t,s0)	/etc/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_conf_t,s0)
7	7
8		/var/log/rocketgit(/.*)? -- gen_context(system_u:object_r:rocketgit_log_t,s0)
	8		/var/log/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_log_t,s0)
9	9	/var/log/rocketgit-web(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)	/var/log/rocketgit-web(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
10	10
11	11	/var/lib/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_var_t,s0)	/var/lib/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_var_t,s0)

File selinux/rocketgit.te changed (mode: 100644) (index 48bb18d..0079a3a)
1		policy_module(rocketgit,1.0.71)
	1		policy_module(rocketgit,1.0.73)
2	2
3	3	########################################	########################################
4	4	#	#
...	...	type rocketgit_log_t;
76	76	files_type(rocketgit_log_t)	files_type(rocketgit_log_t)
77	77	manage_files_pattern(rocketgit_t, rocketgit_log_t, rocketgit_log_t)	manage_files_pattern(rocketgit_t, rocketgit_log_t, rocketgit_log_t)
78	78	logging_log_filetrans(rocketgit_t, rocketgit_log_t, file)	logging_log_filetrans(rocketgit_t, rocketgit_log_t, file)
	79		# below line tries to allow httpd to create err-* files in /var/log/rocketgit-web
	80		#filetrans_pattern(httpd_t,dirtype?,rocketgit_log_t, file)
79	81	# allow rocketgit_t access to /var/log/rocketgit-web. Why?	# allow rocketgit_t access to /var/log/rocketgit-web. Why?
80	82	allow rocketgit_t httpd_log_t:dir { read open };	allow rocketgit_t httpd_log_t:dir { read open };
81	83

File tests/Makefile changed (mode: 100644) (index 9017f43..87f3c32)
...	...	hook_update_anon_nm:
54	54
55	55	.PHONY: clean	.PHONY: clean
56	56	clean:	clean:
57		@rm -f *.log *.strace *.out
	57		@rm -f *.log *.strace *.out *.lock

File tests/bug.php changed (mode: 100644) (index 55fccf9..b188b80)
...	...	require_once("common.php");
12	12
13	13	rg_log_set_file("bug.log");	rg_log_set_file("bug.log");
14	14
15		$db = rg_sql_open("dbname=trg");
16		if ($db === FALSE) {
17		rg_log("Cannot create a database (" . rg_sql_error() . ")!");
18		exit(1);
19		}
20
21		$r = rg_state_set($db, "schema_version", "0");
22		if ($r !== TRUE) {
23		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
24		exit(1);
25		}
26
27		$r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
28		if ($r !== TRUE) {
29		rg_log("Cannot create struct (" . rg_sql_error() . ")!");
30		exit(1);
31		}
32
33		$r = rg_fixes_update($db);
34		if ($r !== TRUE) {
35		rg_log("Cannot apply fixes!");
36		exit(1);
37		}
38
39		$r = rg_sql_struct_slaves_update($db);
40		if ($r !== TRUE) {
41		rg_log("Cannot create slaves!");
42		exit(1);
43		}
44
45	15	// defaults	// defaults
46	16	$uid = 1;	$uid = 1;
47	17	$ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro");	$ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro");
48	18	$repo_name = "A";	$repo_name = "A";
49	19
50	20	rg_log("Creating a repo");	rg_log("Creating a repo");
51		$repo_id = rg_repo_create($db, 0, $ui, $repo_name, 0, "desc", "F", 0);
	21		$new = array();
	22		$new['master'] = 0;
	23		$new['name'] = $repo_name;
	24		$new['max_commit_size'] = 0;
	25		$new['description'] = "desc";
	26		$new['git_dir_done'] = 0;
	27		$new['public'] = 1;
	28		$repo_id = rg_repo_edit($db, $ui, $new);
52	29	if ($repo_id === FALSE) {	if ($repo_id === FALSE) {
53	30	rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");	rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
54	31	exit(1);	exit(1);
...	...	if ($r === FALSE) {
108	85	}	}
109	86
110	87	$r = rg_bug_info($db, $repo_id, $bug_id);	$r = rg_bug_info($db, $repo_id, $bug_id);
111		if ($r === FALSE) {
112		rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
113		exit(1);
114		}
115	88	if ($r['exists'] != 1) {	if ($r['exists'] != 1) {
116		rg_log("Seems the bug does not exists!");
	89		rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
117	90	exit(1);	exit(1);
118	91	}	}
119	92
120	93	// test a non existing bug	// test a non existing bug
121	94	$r = rg_bug_info($db, $repo_id, 0);	$r = rg_bug_info($db, $repo_id, 0);
122		if ($r === FALSE) {
123		rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
124		exit(1);
125		}
126	95	if ($r['exists'] != 0) {	if ($r['exists'] != 0) {
127	96	rg_log("Wrong bug number (0) returned valid data!");	rg_log("Wrong bug number (0) returned valid data!");
128	97	exit(1);	exit(1);

File tests/cache.php changed (mode: 100644) (index 437109b..0d96d11)
...	...	if ($r !== $e) {
76	76	exit(1);	exit(1);
77	77	}	}
78	78
	79		echo "cache: OK!\n";
	80
79	81	?>	?>

File tests/common.php changed (mode: 100644) (index b223af9..9841fbf)
1	1	<?php	<?php
	2		$INC = "../inc";
	3		require_once($INC . "/state.inc.php");
	4		require_once($INC . "/sql.inc.php");
	5		require_once($INC . "/struct.inc.php");
	6		require_once($INC . "/fixes.inc.php");
2	7
3	8	// Defaults	// Defaults
4	9	$rg_base = dirname(__FILE__);	$rg_base = dirname(__FILE__);
...	...	$rg_lang = "en";
29	34	$rg_cache_enable = FALSE;	$rg_cache_enable = FALSE;
30	35	$rg_event_socket = "";	$rg_event_socket = "";
31	36
	37		$db = rg_sql_open("dbname=trg");
	38		if ($db === FALSE) {
	39		rg_log("Cannot create a database (" . rg_sql_error() . ")!");
	40		exit(1);
	41		}
	42
	43		$r = rg_state_set($db, "schema_version", "0");
	44		if ($r !== TRUE) {
	45		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
	46		exit(1);
	47		}
	48
	49		$r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
	50		if ($r !== TRUE) {
	51		rg_log("Cannot create struct (" . rg_sql_error() . ")!");
	52		exit(1);
	53		}
	54
	55		$r = rg_fixes_update($db);
	56		if ($r !== TRUE) {
	57		rg_log("Cannot apply fixes!");
	58		exit(1);
	59		}
	60
	61		$r = rg_sql_struct_slaves_update($db);
	62		if ($r !== TRUE) {
	63		rg_log("Cannot create slaves!");
	64		exit(1);
	65		}
	66
32	67	?>	?>

File tests/event.php changed (mode: 100644) (index 5d12c2a..362d0e1)
...	...	rg_log_set_file("event.log");
17	17
18	18	$rg_sql_debug = 1;	$rg_sql_debug = 1;
19	19
20		$db = rg_sql_open("dbname=trg");
21		if ($db === FALSE) {
22		rg_log("Cannot create a database (" . rg_sql_error() . ")!");
23		exit(1);
24		}
25
26		$r = rg_state_set($db, "schema_version", "0");
27		if ($r !== TRUE) {
28		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
29		exit(1);
30		}
31
32		$r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
33		if ($r !== TRUE) {
34		rg_log("Cannot create struct (" . rg_sql_error() . ")!");
35		exit(1);
36		}
37
38		$r = rg_fixes_update($db);
39		if ($r !== TRUE) {
40		rg_log("Cannot aply fixes!");
41		exit(1);
42		}
43
44		$r = rg_sql_struct_slaves_update($db);
45		if ($r !== TRUE) {
46		rg_log("Cannot create slaves!");
47		exit(1);
48		}
49
50	20	/*	/*
51	21	* This function will generate an array of sub-events	* This function will generate an array of sub-events
52	22	*/	*/

File tests/keys.php changed (mode: 100644) (index 10c3ffa..3df8dac)
...	...	$rg_sql_debug = 1;
18	18	// Defaults	// Defaults
19	19	$rg_admin_email = "rg@embedromix.ro";	$rg_admin_email = "rg@embedromix.ro";
20	20
21		$db = rg_sql_open("dbname=trg");
22		if ($db === FALSE) {
23		echo "Cannot create a database (" . rg_sql_error() . ")!\n";
24		exit(1);
25		}
26
27		$r = rg_state_set($db, "schema_version", "0");
28		if ($r !== TRUE) {
29		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
30		exit(1);
31		}
32
33		$r = rg_sql_struct_update($db, RG_DROP_TABLES);
34		if ($r !== TRUE) {
35		echo "Cannot create structure (" . rg_sql_error() . ")!\n";
36		exit(1);
37		}
38
39		$r = rg_fixes_update($db);
40		if ($r !== TRUE) {
41		echo "Cannot apply fixes!\n";
42		exit(1);
43		}
44
45		$r = rg_sql_struct_slaves_update($db);
46		if ($r !== TRUE) {
47		rg_log("Cannot create slaves!");
48		exit(1);
49		}
50
51		// clean all old keys
52		$sql = "DELETE FROM keys";
53		$res = rg_sql_query($db, $sql);
54		rg_sql_free_result($res);
55
56	21	$rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro");	$rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro");
57	22
58	23	// insert a key 1	// insert a key 1

File tests/repo.php changed (mode: 100644) (index 76813c1..268eeb8)
...	...	if ($c !== FALSE) {
78	78	exit(1);	exit(1);
79	79	}	}
80	80
81		$db = rg_sql_open("dbname=trg");
82		if ($db === FALSE) {
83		rg_log("Cannot create a database (" . rg_sql_error() . ")!");
84		exit(1);
85		}
86
87		$r = rg_state_set($db, "schema_version", "0");
88		if ($r !== TRUE) {
89		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
90		exit(1);
91		}
92
93		$r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
94		if ($r !== TRUE) {
95		rg_log("Cannot create struct (" . rg_sql_error() . ")!");
96		exit(1);
97		}
98
99		$r = rg_fixes_update($db);
100		if ($r !== TRUE) {
101		rg_log("Cannot apply fixes!");
102		exit(1);
103		}
104
105		$r = rg_sql_struct_slaves_update($db);
106		if ($r !== TRUE) {
107		rg_log("Cannot create slaves!");
108		exit(1);
109		}
110
111	81	$uid = time();	$uid = time();
112	82	rg_log("Inserting a fake user");	rg_log("Inserting a fake user");
113	83	$sql = "INSERT INTO users (uid, username, realname, salt, pass, email, itime, suspended"	$sql = "INSERT INTO users (uid, username, realname, salt, pass, email, itime, suspended"
...	...	if ($rg_ui['exists'] != 1) {
126	96	}	}
127	97
128	98	rg_log("Creating a repo");	rg_log("Creating a repo");
129		$repo_name = "A";
130		$repo_id = rg_repo_create($db, 0, $rg_ui, $repo_name, 0, "desc", "F", 0);
	99		$new = array();
	100		$new['master'] = 0;
	101		$new['name'] = "A";
	102		$new['max_commit_size'] = 0;
	103		$new['description'] = "desc";
	104		$new['git_dir_done'] = 0;
	105		$new['public'] = 1;
	106		$repo_id = rg_repo_edit($db, $ui, $new);
131	107	if ($repo_id === FALSE) {	if ($repo_id === FALSE) {
132	108	rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");	rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
133	109	exit(1);	exit(1);
...	...	if ($r === FALSE) {
158	134	}	}
159	135
160	136	rg_log("test giving rights");	rg_log("test giving rights");
	137		$right_id = 100;
	138		$who = 400;
161	139	$tuid = 10;	$tuid = 10;
162		$v = rg_repo_rights_set($db, $ri, $tuid, "P", array());
	140		$prio = 13;
	141		$ip = "1.1.1.1";
	142		$v = rg_rights_set($db, $right_id, $who, "repo", $ri['repo_id'],
	143		$tuid, "P", "", $ip, $prio);
163	144	if ($v === FALSE) {	if ($v === FALSE) {
164	145	rg_log("Cannot give rights (1)!");	rg_log("Cannot give rights (1)!");
165	146	exit(1);	exit(1);
166	147	}	}
167	148
168		rg_log("owner gets all rights");
169		$e = rg_rights_all("repo");
170		$r = rg_repo_rights_get($db, $ri, $uid, 0);
171		$c = $r['rights'];
172		if (strcmp($c, $e) != 0) {
173		rg_log("Owner did not get all rights: c=$c e=$e.");
174		exit(1);
175		}
176
177	149	rg_log("non-owner gets correct rights: F gets from default rights.");	rg_log("non-owner gets correct rights: F gets from default rights.");
	150		$right_id = 0;
	151		$who = 400;
178	152	$xuid = 12;	$xuid = 12;
179		$r = rg_repo_rights_set($db, $ri, $xuid, "P", array());
	153		$rights = "AaB";
	154		$prio = 50;
	155		$ip = "";
	156		$r = rg_rights_set($db, $right_id, $who, "repo", $ri['repo_id'],
	157		$xuid, $rights, "", $ip, $prio);
180	158	if ($r !== TRUE) {	if ($r !== TRUE) {
181		rg_log("Cannot set rights (" . rg_repo_error() . ")!");
	159		rg_log("Cannot set rights (" . rg_rights_error() . ")!");
182	160	exit(1);	exit(1);
183	161	}	}
184		$e = "FP";
185		$r = rg_repo_rights_get($db, $ri, $xuid, 0);
186		$c = $r['rights'];
	162		$e = "AaB";
	163		$r = rg_rights_get($db, "repo", $ri['repo_id'], $xuid);
	164		$c = $r['list'][0]['rights'];
187	165	if (strcmp($c, $e) != 0) {	if (strcmp($c, $e) != 0) {
188	166	rg_log("Non-owner did not get correct rights: c=$c e=$e.");	rg_log("Non-owner did not get correct rights: c=$c e=$e.");
189	167	exit(1);	exit(1);
190	168	}	}
191	169
192	170	rg_log("owner can set separate rights for him");	rg_log("owner can set separate rights for him");
193		$v = rg_repo_rights_set($db, $ri, $uid, "A", array());
	171		$uid = 500;
	172		$tuid = 500;
	173		$rights = "E";
	174		$prio = 100;
	175		$ip = "";
	176		$v = rg_rights_set($db, $right_id, $uid, "repo", $ri['repo_id'],
	177		$tuid, $rights, "", $ip, $prio);
194	178	if ($v === FALSE) {	if ($v === FALSE) {
195	179	rg_log("Owner cannot set separate rights for him!");	rg_log("Owner cannot set separate rights for him!");
196	180	exit(1);	exit(1);
197	181	}	}
198	182
199	183	rg_log("list1");	rg_log("list1");
200		$r = rg_repo_rights_load($db, $ri);
	184		$r = rg_rights_load($db, "repo", $ri['repo_id']);
201	185	if ($r === FALSE) {	if ($r === FALSE) {
202	186	rg_log("Cannot list rights (" . rg_repo_error() . ")");	rg_log("Cannot list rights (" . rg_repo_error() . ")");
203	187	exit(1);	exit(1);
204	188	}	}
	189		print_r($r);
205	190	// TODO: we should test if expected fields are returned!	// TODO: we should test if expected fields are returned!
206	191
207	192
...	...	if ($r['repo_id'] != 3000) {
233	218	// Testing the rename of the repos	// Testing the rename of the repos
234	219	$rg_repos = "repos";	$rg_repos = "repos";
235	220	$_path = rg_repo_path_by_id($uid, $repo_id);	$_path = rg_repo_path_by_id($uid, $repo_id);
236		$r = mkdir($_path, 0755, TRUE);
237		if ($r !== TRUE) {
238		echo "Cannot create fake dir ($_path)!\n";
239		exit(1);
	221		if (!file_exists($_path)) {
	222		$r = @mkdir($_path, 0755, TRUE);
	223		if ($r !== TRUE) {
	224		echo "Cannot create fake dir ($_path)!\n";
	225		exit(1);
	226		}
240	227	}	}
241	228	$_path = dirname(rg_repo_path_by_name($uid, $repo_name));	$_path = dirname(rg_repo_path_by_name($uid, $repo_name));
242		$r = mkdir($_path, 0755, TRUE);
243		if ($r !== TRUE) {
244		echo "Cannot create fake dir 2 ($_path)!\n";
245		exit(1);
	229		if (!file_exists($_path)) {
	230		$r = @mkdir($_path, 0755, TRUE);
	231		if ($r !== TRUE) {
	232		echo "Cannot create fake dir 2 ($_path)!\n";
	233		exit(1);
	234		}
246	235	}	}
247	236	$new = $ri;	$new = $ri;
248	237	$new['rights'] = "F";	$new['rights'] = "F";
249	238	// Do first rename	// Do first rename
250	239	$new['name'] = $repo_name . "b";	$new['name'] = $repo_name . "b";
251		$r = rg_repo_update($db, $rg_ui, $new);
	240		$r = rg_repo_edit($db, $rg_ui, $new);
252	241	if ($r === FALSE) {	if ($r === FALSE) {
253	242	echo "Cannot rename repository (" . rg_repo_error() . ")!\n";	echo "Cannot rename repository (" . rg_repo_error() . ")!\n";
254	243	exit(1);	exit(1);
255	244	}	}
256	245	// Do a second rename	// Do a second rename
257	246	$new['name'] = $repo_name . "c";	$new['name'] = $repo_name . "c";
258		$r = rg_repo_update($db, $rg_ui, $new);
	247		$r = rg_repo_edit($db, $rg_ui, $new);
259	248	if ($r === FALSE) {	if ($r === FALSE) {
260	249	echo "Cannot rename repository (" . rg_repo_error() . ")!\n";	echo "Cannot rename repository (" . rg_repo_error() . ")!\n";
261	250	exit(1);	exit(1);

File tests/rights.php changed (mode: 100644) (index cf8f65e..f44e11b)
...	...	ini_set("track_errors", "On");
5	5	$INC = "../inc";	$INC = "../inc";
6	6	require_once($INC . "/init.inc.php");	require_once($INC . "/init.inc.php");
7	7	require_once($INC . "/rights.inc.php");	require_once($INC . "/rights.inc.php");
8		require_once("common.php");
9	8
10	9	rg_log_set_file("rights.log");	rg_log_set_file("rights.log");
	10		require_once("common.php");
	11
	12		$rg_sql_debug = 1;
11	13
12	14	// Defaults	// Defaults
13	15	$rg_admin_email = "rg@embedromix.ro";	$rg_admin_email = "rg@embedromix.ro";
14	16
	17
15	18	rg_log("test if combine works correctly (1)");	rg_log("test if combine works correctly (1)");
16	19	$a = "AF"; $b = "AD"; $e = "AFD";	$a = "AF"; $b = "AD"; $e = "AFD";
17	20	$r = rg_rights_combine($a, $b);	$r = rg_rights_combine($a, $b);
...	...	if (strcmp($e, $e) != 0) {
45	48	}	}
46	49
47	50	rg_log("rights: testing allow...");	rg_log("rights: testing allow...");
48		$rights = "ABC"; $needed_rights = "BCD";
49		$r = rg_rights_allow($rights, $needed_rights);
	51		$rights = array(array("rights" => "ABC", "ip" => ""));
	52		$needed_rights = "BCD"; $ip = "1.2.3.4";
	53		$misc = FALSE;
	54		$r = rg_rights_allow($rights, $needed_rights, $ip, $misc);
50	55	if ($r !== FALSE) {	if ($r !== FALSE) {
51	56	echo "allow is not working right!\n";	echo "allow is not working right!\n";
52	57	exit(1);	exit(1);
53	58	}	}
54	59
55		rg_log("rights: testing allow...");
56		$rights = "ABC"; $needed_rights = "";
57		$r = rg_rights_allow($rights, $needed_rights);
	60		rg_log("rights: testing rg_rights_set...");
	61		$a = array();
	62		$a['right_id'] = 0;
	63		$a['who'] = 90;
	64		$a['obj_id'] = 333;
	65		$a['uid'] = 200;
	66		$a['rights'] = "abc";
	67		$a['misc'] = "misc1";
	68		$a['ip'] = "1.1.1.1 2.2.2.2 10.0.0.0/8";
	69		$a['prio'] = 3;
	70		$r = rg_rights_set($db, "type1", $a);
	71		if ($r !== TRUE) {
	72		echo "Seems I cannot set rights 1 (" . rg_rights_error() . ")\n";
	73		exit(1);
	74		}
	75		$a['rights'] = "d"; $a['misc'] = "misc2";
	76		$r = rg_rights_set($db, "type1", $a);
	77		if ($r !== TRUE) {
	78		echo "Seems I cannot set rights 2 (" . rg_rights_error() . ")\n";
	79		exit(1);
	80		}
	81
	82		rg_log("Testing rg_rights_get...");
	83		$right_id = 0;
	84		$r = rg_rights_get($db, "type1", $a['obj_id'], $a['uid'], $right_id);
	85		if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) {
	86		echo "Seems I cannot get rights (" . rg_rights_error() . ")\n";
	87		print_r($r);
	88		exit (1);
	89		}
	90
	91		rg_log("Testing delete_list...");
	92		$list = array(1, 2);
	93		$r = rg_rights_delete_list($db, $a['obj_id'], $list);
58	94	if ($r !== TRUE) {	if ($r !== TRUE) {
59		echo "allow is not working right (empty needed_rights)!\n";
	95		echo "We should be able to delete rights!\n";
60	96	exit(1);	exit(1);
61	97	}	}
	98		$right_id = 0;
	99		$r = rg_rights_get($db, "type1", $a['obj_id'], $a['uid'], $right_id);
	100		if (($r['ok'] !== 1) || (count($r['list']) > 0)) {
	101		echo "We should not have anymore type1 objects, after a delete.\n";
	102		print_r($r);
	103		exit (1);
	104		}
	105
	106		rg_log("Testing IP match part - test1");
	107		$list = "1.2.3.4/24 10.0.0.0/8 fd00::/64"
	108		. " 1234:5678:aaaa:bbbb:cccc:dddd:eeee::/120"
	109		. " 2222::/24";
	110		$r = rg_rights_test_ip($list, "1.2.3.5");
	111		if ($r !== TRUE) {
	112		echo "ip test 1 failed\n";
	113		exit(1);
	114		}
	115		rg_log("Testing IP match part - test2");
	116		$r = rg_rights_test_ip($list, "10.2.3.4");
	117		if ($r !== TRUE) {
	118		echo "ip test 2 failed\n";
	119		exit(1);
	120		}
	121		rg_log("Testing IP match part - test3");
	122		$r = rg_rights_test_ip($list, "fd00::3030:aaaa");
	123		if ($r !== TRUE) {
	124		echo "ip test 3 failed\n";
	125		exit(1);
	126		}
	127		rg_log("Testing IP match part - test4a");
	128		$r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:44");
	129		if ($r !== TRUE) {
	130		echo "ip test 4a failed\n";
	131		exit(1);
	132		}
	133		rg_log("Testing IP match part - test4b");
	134		$r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:3344");
	135		if ($r === TRUE) {
	136		echo "ip test 4b failed\n";
	137		exit(1);
	138		}
	139		rg_log("Testing IP match part - test5");
	140		$r = rg_rights_test_ip($list, "2222::5533");
	141		if ($r !== TRUE) {
	142		echo "ip test 5 failed\n";
	143		exit(1);
	144		}
	145
	146
	147		// TODO: test if a user can read other rights
62	148
63	149	echo "rights: OK!\n";	echo "rights: OK!\n";
64	150	?>	?>

File tests/sql.php changed (mode: 100644) (index 0d127ba..091ba2a)
...	...	require_once("common.php");
10	10
11	11	rg_log_set_file("sql.log");	rg_log_set_file("sql.log");
12	12
13		echo "db: open connection...\n";
14		$db = rg_sql_open("dbname=trg");
15		if ($db === FALSE) {
16		echo "Cannot create a database (" . rg_sql_error() . ")!\n";
17		exit(1);
18		}
19
20	13	echo "db: drop 'test' table...\n";	echo "db: drop 'test' table...\n";
21	14	$sql = "DROP TABLE IF EXISTS test";	$sql = "DROP TABLE IF EXISTS test";
22	15	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
...	...	if ($res === FALSE) {
26	19	}	}
27	20
28	21	echo "db: test creation of a table...\n";	echo "db: test creation of a table...\n";
29		$sql = "CREATE TABLE test (id TEXT PRIMARY KEY)";
	22		$sql = "CREATE TABLE test (id TEXT PRIMARY KEY"
	23		. ", f1 TEXT DEFAULT '', f2 TEXT DEFAULT '')";
30	24	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
31	25	if ($res === FALSE) {	if ($res === FALSE) {
32	26	echo "Cannot create table 'test' (" . rg_sql_error() . ")!\n";	echo "Cannot create table 'test' (" . rg_sql_error() . ")!\n";
...	...	echo "db: test insert with the same key...\n";
45	39	$sql = "INSERT INTO test (id) VALUES ('aaa')";	$sql = "INSERT INTO test (id) VALUES ('aaa')";
46	40	$res = @rg_sql_query($db, $sql);	$res = @rg_sql_query($db, $sql);
47	41	if ($res !== FALSE) {	if ($res !== FALSE) {
48		echo "I can do double insert!\n";
	42		echo "I can do double insert, not good!\n";
49	43	exit(1);	exit(1);
50	44	}	}
51	45
...	...	if ($res === FALSE) {
57	51	exit(1);	exit(1);
58	52	}	}
59	53
	54		echo "db: test prepare with named values...\n";
	55		$sql = "INSERT INTO test(id, f1, f2) VALUES (@@id@@, @@f@@, @@f@@)";
	56		$params = array("id" => "myid", "f" => "value", "junk" => "aaa");
	57		$res = rg_sql_query_params($db, $sql, $params);
	58		if ($res === FALSE) {
	59		echo "Cannot insert into test using @@x@@!\n";
	60		exit(1);
	61		}
	62		$sql = "SELECT * FROM test WHERE id = 'myid'";
	63		$res = rg_sql_query($db, $sql);
	64		$row = rg_sql_fetch_array($res);
	65		if (strcmp($row['f1'], "value") != 0) {
	66		echo "Seems that insert with @@x@@ are not working!\n";
	67		exit(1);
	68		}
	69
60	70	// TODO: test rg_sql_last_id	// TODO: test rg_sql_last_id
61	71
62	72	rg_sql_close($db);	rg_sql_close($db);

File tests/state.php changed (mode: 100644) (index d11e1a2..b4db53c)
...	...	rg_log_set_file("state.log");
14	14
15	15	$rg_sql_debug = 1;	$rg_sql_debug = 1;
16	16
17		$db = rg_sql_open("dbname=trg");
18		if ($db === FALSE) {
19		echo "Cannot create a database (" . rg_sql_error() . ")!\n";
20		exit(1);
21		}
22
23		$r = rg_state_set($db, "schema_version", "0");
24		if ($r !== TRUE) {
25		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
26		exit(1);
27		}
28
29		$r = rg_sql_struct_update($db, RG_DROP_TABLES);
30		if ($r !== TRUE) {
31		echo "Cannot create structure (" . rg_sql_error() . ")!\n";
32		exit(1);
33		}
34
35	17	// check return for an invalid state	// check return for an invalid state
36	18	$r = rg_state_get($db, "asdsdsdf");	$r = rg_state_get($db, "asdsdsdf");
37	19	if ($r !== "") {	if ($r !== "") {

File tests/themes/util/t3/c6b changed (mode: 100644) (index 862719c..2ab5c84)
1	1	@@if("@@a@@" != ""){{A}}{{B}}	@@if("@@a@@" != ""){{A}}{{B}}
2		@@if("@@a@@" = ""){{X}}{{Y}}
	2		@@if("@@a@@" == ""){{X}}{{Y}}

File tests/themes/util/t3/c9 changed (mode: 100644) (index 4012a71..d4dc922)
1	1	XX	XX
2		@@if(@@X@@ == 1){{
3		@@if(@@Y@@ == 1){{
4		@@if(@@Z@@ == 1){{
5		TRUE_LEVEL_2
6		}}{{
7		FALSE_LEVEL_2
8		}}
9		}}{{
10		FALSE_LEVEL_1
11		}}
	2		@@if("@@X@@" == "abc"){{
	3		BLA
	4		BLA
	5		BLA
	6		@@X@@
12	7	}}{{	}}{{
13		FALSE_LEVEL_0
14	8	}}	}}
15		YY
	9		YY
	10		@@X@@

File tests/user.php changed (mode: 100644) (index bc030ce..624feea)
...	...	$rg_admin_name = "RocketGit Admin";
24	24	$_SERVER['HTTP_HOST'] = "fake.tld";	$_SERVER['HTTP_HOST'] = "fake.tld";
25	25
26	26
27		$db = rg_sql_open("dbname=trg");
28		if ($db === FALSE) {
29		echo "Cannot create a database (" . rg_sql_error() . ")!\n";
30		exit(1);
31		}
32
33		$r = rg_state_set($db, "schema_version", "0");
34		if ($r !== TRUE) {
35		echo "Cannot reset schema (" . rg_state_error() . ")!\n";
36		exit(1);
37		}
38
39		$r = rg_sql_struct_update($db, RG_DROP_TABLES);
40		if ($r !== TRUE) {
41		echo "Cannot create structure (" . rg_sql_error() . ")!\n";
42		exit(1);
43		}
44
45		$r = rg_fixes_update($db);
46		if ($r !== TRUE) {
47		echo "Cannot apply fixes!\n";
48		exit(1);
49		}
50
51		$r = rg_sql_struct_slaves_update($db);
52		if ($r !== TRUE) {
53		rg_log("Cannot create slaves!");
54		exit(1);
55		}
56
57	27	$r = rg_exec("rm -rf ubase");	$r = rg_exec("rm -rf ubase");
58	28	if ($r['ok'] != 1) {	if ($r['ok'] != 1) {
59	29	echo "Cannot remove ubase dir (" . $r['errmsg'] . ")!\n";	echo "Cannot remove ubase dir (" . $r['errmsg'] . ")!\n";

File tests/util.php changed (mode: 100644) (index 4a24f5a..016331a)
...	...	if ($r !== TRUE) {
25	25	exit(1);	exit(1);
26	26	}	}
27	27
	28
	29		echo "util.php: testing function rg_prepare_replace_helper...\n";
	30		$what = array(); $values = array();
	31		$a = array("a" => "b");
	32		rg_prepare_replace_helper($a, "", $what, $values);
	33		$w = rg_array2string($what);
	34		$v = rg_array2string($values);
	35		$ew = "a=[/@@a@@/uU]";
	36		$ev = "a=[b]";
	37		if ((strcmp($w, $ew) != 0) || (strcmp($v, $ev) != 0)) {
	38		echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";
	39		exit(1);
	40		}
	41
	42		$what = array(); $values = array();
	43		$a = array("ri" => array("repo_id" => "1", "name" => "repo1"));
	44		rg_prepare_replace_helper($a, "", $what, $values);
	45		$w = rg_array2string($what);
	46		$v = rg_array2string($values);
	47		$ew = "ri.repo_id=[/@@ri.repo_id@@/uU] ri.name=[/@@ri.name@@/uU]";
	48		$ev = "ri.repo_id=[1] ri.name=[repo1]";
	49		if ((strcmp($w, $ew) != 0) || (strcmp($v, $ev) != 0)) {
	50		echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";
	51		exit(1);
	52		}
	53
	54
28	55	$r = rg_exec("/xxxx");	$r = rg_exec("/xxxx");
29	56	if ($r['ok'] == 1) {	if ($r['ok'] == 1) {
30	57	echo "util.php: running non existing command does not return 0!\n";	echo "util.php: running non existing command does not return 0!\n";
...	...	if (strcmp($r, $e) != 0) {
195	222	exit(1);	exit(1);
196	223	}	}
197	224
	225		$t = "test rg_template with conditional formating (quotes)";
	226		rg_log($t);
	227		$data = array("a" => "abc");
	228		$r = rg_template("t3/c6b", $data);
	229		$r = preg_replace('/\s/', '', $r);
	230		$e = "AY";
	231		if (strcmp($r, $e) != 0) {
	232		echo "util.php: $t: not working (r=$r e=$e)!\n";
	233		exit(1);
	234		}
	235
198	236	$t = "test rg_template with conditional formating (!empty)";	$t = "test rg_template with conditional formating (!empty)";
199	237	rg_log($t);	rg_log($t);
200	238	$data = array("AAA" => "");	$data = array("AAA" => "");
...	...	if (strcmp($r, $e) != 0) {
216	254	exit(1);	exit(1);
217	255	}	}
218	256
219		$t = "test rg_template with conditional formating (a vriable contains '{{')";
	257		$t = "test rg_template with conditional formating (a variable contains '{{')";
220	258	rg_log($t);	rg_log($t);
221	259	$data = array("AAA" => "1", "BBB" => "}}", "CCC" => "{{");	$data = array("AAA" => "1", "BBB" => "}}", "CCC" => "{{");
222	260	$r = rg_template("t3/c8", $data);	$r = rg_template("t3/c8", $data);
...	...	if (strcmp($r, $e) != 0) {
227	265	exit(1);	exit(1);
228	266	}	}
229	267
	268		$t = "test rg_template with conditional formating: false branch is empty)";
	269		rg_log($t);
	270		$data = array("X" => "abc");
	271		$r = rg_template("t3/c9", $data);
	272		$r = preg_replace('/\s/', '', $r);
	273		$e = "XXBLABLABLAabcYYabc";
	274		if (strcmp($r, $e) != 0) {
	275		echo "util.php: $t: not working (r=[$r] e=[$e])!\n";
	276		exit(1);
	277		}
	278
230	279	$t = "test rg_copy_tree";	$t = "test rg_copy_tree";
231	280	rg_log($t);	rg_log($t);
232	281	$r = rg_copy_tree("tree1", "tree1.copy", 0755);	$r = rg_copy_tree("tree1", "tree1.copy", 0755);
...	...	if (strcmp($x['X.u'], "uval") != 0) {
267	316	exit(1);	exit(1);
268	317	}	}
269	318
270
271
272	319	echo "util: OK!\n";	echo "util: OK!\n";
273	320	?>	?>