⌈⌋ branch:  freshcode

Artifact [2ff7255217]

Artifact 2ff7255217312a4a9eb4ba963810d2d01a929f40:

  • File page_submit.php — part of check-in [51269b3994] at 2021-12-21 13:48:42 on branch trunk — Log submit failures (user: mario size: 4084)

 * api: freshcode
 * type: page
 * title: Submit/edit project or release
 * description: Single-page edit form for projects and their releases
 * version: 0.7.3
 * category: form
 * license: AGPLv3
 * Prepares the submission form. On POST checks a few constraints,
 * but UPDATE itself is handled by release::update() and ::store().
 * Tags: http://aehlke.github.io/tag-it/

// Form field names
$form_fields = array(
    "name", "title", "homepage", "description", "license", "tags", "image",
    "version", "state", "scope", "changes", "download", "urls", "summary",
    "autoupdate_module", "autoupdate_url", "autoupdate_regex",
    "submitter", "lock",

// Get project ID from request
$name = $_REQUEST->proj_name->length…2…33["name"];

// Retrieve existing project data in DB.
$data = release::latest($name);
$is_new = empty($data);

// Else create empty form value defaults in $data
if ($is_new) {
    $data = array_fill_keys($form_fields, "");
    $data["name"] = $name;
    $data["submitter"] = $_SESSION["name"];
    // Optional: import initial $data from elsewhere
    if ($_POST->has("import_via")) {
        $data = array_merge($data, project_import::fetch());

// Project entry can be locked for editing by specific OpenIDs.
if (!release::permission($data, $_SESSION["openid"], $_SESSION["password"])) {
    $error = "This entry cannot be edited with your current <a href='/login'>login</a>. Matches neither password nor OpenID handle. If your OpenID provider login fails to work, please flag for for moderator attention.";

// Start page output

 * Fetch form input on submit.
 * Check some constraints.
 * Then insert into database.
if ($name and $_REQUEST->has("title", "description")) {

    // Check field lengths
    if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
        print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
        log_spam($_REQUEST, "too short");
    // Terms and conditions
    elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
        print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
    // Simple CSRF check
    elseif (!csrf(TRUE)) {
        print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
        log_spam($_REQUEST, "csrf");
    // Passed
    else {
        // Merge new data
        $release = new release($data);
                "flag" => 0,   // User flags presumably become obsolete when project gets manually edited
                "submitter_openid" => $_SESSION["openid"],
                "via" => "form",

        // A few blacklists
        if (data_blacklisted($release)) {
            print "<h2>Error #52</h2> <p>An unspecified issue with storing your data. Please drop a note if you're not a spambot!</p>";
            log_spam($_REQUEST, "data_blacklisted");
        // Update project
        elseif ($release->store()) {
            print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
                  <p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
        else { 
            print "Unspecified database error. Please retry later.";


#-- Output input form with current $data
else {
    $data = array_map("input::html", $data);