static function call($name, $subname, Contact $user, $qreq, $selection)
{
$uf = null;
if (isset(self::$byname[$name])) {
$ufm = self::$byname[$name];
if ((string) $subname !== "" && isset($ufm[$subname])) {
$uf = $ufm[$subname];
} else {
if (isset($ufm[""])) {
$uf = $ufm[""];
}
}
}
if (is_array($selection)) {
$selection = new SearchSelection($selection);
}
if (!$uf) {
$error = "No such search action.";
} else {
if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
$error = "Missing credentials.";
} else {
if ($uf[1] & SiteLoader::API_PAPER && $selection->is_empty()) {
$error = "No papers selected.";
} else {
if (!$uf[0]->allow($user)) {
$error = "Permission error.";
} else {
$error = $uf[0]->run($user, $qreq, $selection);
}
}
}
}
if (is_string($error) && $qreq->ajax) {
json_exit(["ok" => false, "error" => $error]);
} else {
if (is_string($error)) {
Conf::msg_error($error);
}
}
return $error;
}
function check_login()
{
$username = check_post("username");
$password = check_post("password");
$remember = check_post("remember");
if (!$username || !$password) {
return false;
}
include '../bbdd/bbdd.php';
foreach ($users as $user) {
if ($username == $user["username"] && $password == $user["password"]) {
/*Pregunto si queremos cookies*/
if ($remember) {
setcookie("login", $username, strtotime("+15 days"), "/");
}
session_start();
$_SESSION["username"] = $username;
header("location:profile.php");
exit;
}
}
echo "No existe el usuario y/o contraseña";
return false;
}
function check_login()
{
$username = check_post('username');
$password = check_post('password');
$remember = check_post('remember');
if (!$username || !$password) {
return false;
}
include '../bbdd/bbdd.php';
foreach ($users as $user) {
if ($username == $user['username'] && $password == $user['password']) {
/* Pregunto si queremos cookies */
if ($remember) {
setcookie('login', $username, strtotime('+15 days'), '/');
}
session_start();
$_SESSION['username'] = $username;
header('Location:profile.php');
exit;
}
}
echo "No existe el usuario y/o contraseña";
return false;
}
public static function loginHandle()
{
if (check_post('cc_login_uname', 'cc_login_passwd', 'cc_login_login')) {
// for security, we don't want session fixation :(
session_regenerate_id();
$_SESSION['uname'] = $_POST['cc_login_uname'];
$_SESSION['pword'] = hash('whirlpool', $_POST['cc_login_passwd']);
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['last_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
if (self::checkSession()) {
//var_dump(TH_PUB_ADMIN);exit();
if ($_POST['cc_login_remember'] == "yes") {
$host = $_SERVER['HTTP_HOST'];
if (substr($host, 0, 4) == "www.") {
$host = substr($host, 3);
}
setcookie('ln', self::packCookie(), time() + 60 * 60 * 24 * 30 * 12);
}
cc_redirect(TH_PUB_ADMIN, true);
} else {
Filters::bind('post_output_login', 'Users::outputError');
}
}
}
global $User, $Pset, $Info, $Commit;
$User = $Me;
if (isset($_REQUEST["u"]) && (!$Me->isPC || !($User = ContactView::prepare_user($_REQUEST["u"])))) {
redirectSelf(array("u" => null));
}
assert($User == $Me || $Me->isPC);
assert($Me->privChair);
if (@$_POST["enable"] && check_post()) {
UserActions::enable(array($User->contactId), $Me);
redirectSelf();
}
if (@$_POST["disable"] && check_post()) {
UserActions::disable(array($User->contactId), $Me);
redirectSelf();
}
if (@$_POST["update"] && check_post()) {
$ck = $cv = array();
$roles = 0;
if (@$_POST["pctype"] === "chair") {
$roles |= Contact::ROLE_CHAIR | Contact::ROLE_PC;
} else {
if (@$_POST["pctype"] === "pc") {
$roles |= Contact::ROLE_PC;
}
}
if (@$_POST["sysadmin"]) {
$roles |= Contact::ROLE_ADMIN;
}
$ck[] = "roles={$roles}";
Dbl::qe_apply("update ContactInfo set " . join($ck, ",") . " where contactId=" . $User->contactId, $cv);
redirectSelf();
// echo $query;
$lng_id_query = mysql_query($query, $GLOBALS["link"]) or die("" . $query . " <br> " . mysql_error($GLOBALS["link"]));
$lng_id = mysql_fetch_assoc($lng_id_query);
for ($i = 1; $i <= 4; $i++) {
echo "<img src=\"assets/images/" . ($lng_id["cena" . $i] > 0 ? "checked" : "unchecked") . ".png\">";
}
echo "</td>";
echo "<td><img src=\"assets/images/" . (file_exists("../docs/products/{$pol['id']}.3ds") ? "checked" : "unchecked") . ".png\"></td>";
echo "<td><img src=\"assets/images/" . (file_exists("../docs/products/{$pol['id']}.max") ? "checked" : "unchecked") . ".png\"></td>";
echo "</tr>";
}
echo "\r\n </tbody>\r\n</table>\r\n";
}
if ($action == "edit") {
if ($_POST[submit]) {
$id = check_post($_POST[id]);
$zobraz = check_sql($zobraz);
if (is_numeric($id) and is_numeric($zobraz) and is_numeric($rodic)) {
$query = "UPDATE " . PREFIX . "{$table} SET vyrobok=\"{$vyrobok}\", zobraz={$zobraz}, druh={$druh}, seria={$seria}, popis_serie={$popis_serie},\r\n farby=\"{$farby}\", rozmer=\"{$rozmer}\", hmotnost={$hmotnost}, parent={$rodic}, novinka={$novinka} \r\n WHERE id={$id}";
//echo $query;
$result_menu = mysql_query($query, $GLOBALS[link]) or die("SQL nebol uspesne napojeny<br>" . $query . " <br> " . mysql_error($GLOBALS[link]));
// ---------- uprava cien vyrobku
$query = "SELECT id FROM " . PREFIX . "vyrobky_ceny WHERE id_vyrobky={$id}";
$lng_id_query = mysql_query($query, $GLOBALS["link"]) or die("" . $query . " <br> " . mysql_error($GLOBALS["link"]));
$lng_id = mysql_num_rows($lng_id_query);
if ($lng_id > 0) {
$query = "UPDATE " . PREFIX . "vyrobky_ceny SET cena1={$cena1}, cena2={$cena2}, cena3={$cena3}, cena4={$cena4}\r\n WHERE id_vyrobky={$id}";
echo $query;
$result_menu = mysql_query($query, $GLOBALS[link]) or die("SQL nebol uspesne napojeny<br>" . $query . " <br> " . mysql_error($GLOBALS[link]));
} else {
$query = "INSERT INTO " . PREFIX . "vyrobky_ceny (id, id_vyrobky, cena1, cena2, cena3, cena4) \r\n VALUES ( '', {$id}, '{$cena1}', '{$cena2}', '{$cena3}', '{$cena4}')";
Dbl::qe_raw("delete from ReviewRequest where paperId={$prow->paperId} and email='" . sqlq($email) . "'");
if (($reqId = Contact::id_by_email($email)) > 0) {
Dbl::qe_raw("insert into PaperReviewRefused (paperId, contactId, requestedBy, reason) values ({$prow->paperId}, {$reqId}, {$Requester->contactId}, 'request denied by chair')");
}
// send anticonfirmation email
HotCRPMailer::send_to($Requester, "@denyreviewrequest", $prow, array("reviewer_contact" => (object) array("fullName" => trim(defval($_REQUEST, "name", "")), "email" => $email)));
$Conf->confirmMsg("Proposed reviewer denied.");
} else {
Conf::msg_error("No one has proposed that " . htmlspecialchars($email) . " review this paper.");
}
Dbl::qx_raw("unlock tables");
unset($_REQUEST["email"], $_GET["email"], $_POST["email"]);
unset($_REQUEST["name"], $_GET["name"], $_POST["name"]);
}
// add primary or secondary reviewer
if (isset($_REQUEST["addpc"]) && $Me->allow_administer($prow) && check_post()) {
if (($pcid = cvtint(@$_REQUEST["pcid"])) <= 0) {
Conf::msg_error("Enter a PC member.");
} else {
if (($pctype = cvtint(@$_REQUEST["pctype"])) == REVIEW_PRIMARY || $pctype == REVIEW_SECONDARY || $pctype == REVIEW_PC) {
$Me->assign_review($prow->paperId, $pcid, $pctype);
$Conf->update_rev_tokens_setting(false);
}
}
loadRows();
}
// paper table
$paperTable = new PaperTable($prow, make_qreq(), "assign");
$paperTable->initialize(false, false);
confHeader();
// begin form and table
if (get($_POST, "anonymous") === "yes") {
$o->anonymous = true;
} else {
$o->anonymous = $old_pset->anonymous ? false : null;
}
save_config_overrides($psetkey, $o, $json);
}
if ($Me->privChair && check_post() && get($_GET, "reconfig")) {
reconfig();
}
// check global system settings
if ($Me->privChair) {
require_once "adminhome.php";
}
// Enable users
if ($Me->privChair && check_post() && isset($_GET["enable_user"])) {
if ($_GET["enable_user"] == "college") {
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and not extension"));
} else {
if ($_GET["enable_user"] == "extension") {
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and extension"));
} else {
if ($_GET["enable_user"] == "pc") {
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PC . ")!=0"));
} else {
$users = edb_first_columns(Dbl::qe("select contactId from ContactInfo where email like ?", $_GET["enable_user"]));
}
}
}
if (!count($users)) {
$Conf->warnMsg("No users match.");
$kiosk_keys[$kj->show_papers ? 1 : 0] = $k;
}
}
for ($i = 0; $i <= 1; ++$i) {
if (!$kiosk_keys[$i]) {
$key = hotcrp_random_password();
$kiosks[$key] = (object) array("update_at" => $Now, "show_papers" => !!$i);
$kiosk_keys[$i] = $kchange = $key;
}
}
// save kiosks
if ($kchange) {
$Conf->save_setting("__tracker_kiosk", 1, $kiosks);
}
}
if ($Me->privChair && isset($_POST["signout_to_kiosk"]) && check_post()) {
LoginHelper::logout(false);
$Me->change_capability("tracker_kiosk", $kiosk_keys[@$_POST["buzzer_showpapers"] ? 1 : 0]);
redirectSelf();
}
function kiosk_lookup($key)
{
global $Conf, $Now;
$kiosks = (array) ($Conf->setting_json("__tracker_kiosk") ?: array());
if (@$kiosks[$key] && $kiosks[$key]->update_at >= $Now - 604800) {
return $kiosks[$key];
}
return null;
}
$kiosk = null;
if (!$Me->has_email() && !$Me->capability("tracker_kiosk") && ($key = Navigation::path_component(0)) && ($kiosk = kiosk_lookup($key))) {
public static function call_api($fn, $user, $qreq, $prow)
{
// XXX precondition: $user->can_view_paper($prow) || !$prow
if (isset(SiteLoader::$api_map[$fn])) {
$uf = SiteLoader::$api_map[$fn];
if (!($uf[1] & SiteLoader::API_GET) && !check_post($qreq)) {
json_exit(["ok" => false, "error" => "Missing credentials."]);
}
if ($uf[1] & SiteLoader::API_PAPER && !$prow) {
json_exit(["ok" => false, "error" => "No such paper."]);
}
call_user_func($uf[0], $user, $qreq, $prow);
return true;
}
return false;
}
$groestl_power = check_post($_POST["groestl_power"], $groestl_power);
$qubit_power = check_post($_POST["qubit_power"], $qubit_power);
$sha_hardware = check_post($_POST["sha_hardware"], $sha_hardware);
$scrypt_hardware = check_post($_POST["scrypt_hardware"], $scrypt_hardware);
$skein_hardware = check_post($_POST["skein_hardware"], $skein_hardware);
$groestl_hardware = check_post($_POST["groestl_hardware"], $groestl_hardware);
$qubit_hardware = check_post($_POST["qubit_hardware"], $qubit_hardware);
$sha_poolfee = check_post($_POST["sha_poolfee"], $sha_poolfee);
$scrypt_poolfee = check_post($_POST["scrypt_poolfee"], $scrypt_poolfee);
$skein_poolfee = check_post($_POST["skein_poolfee"], $skein_poolfee);
$groestl_poolfee = check_post($_POST["groestl_poolfee"], $groestl_poolfee);
$qubit_poolfee = check_post($_POST["qubit_poolfee"], $qubit_poolfee);
$power_cost = check_post($_POST["power_cost"], $power_cost);
$myr_price = check_post($_POST["myr_price"], $myr_price);
$btc_price = check_post($_POST["btc_price"], $btc_price);
$coins_per_block = check_post($_POST["coins_per_block"], $coins_per_block);
$results = calculate();
if (search_ip_address($user_array, $ip) >= 0) {
update_user($ip, $sha_hashrate, $scrypt_hashrate, $skein_hashrate, $groestl_hashrate, $qubit_hashrate, $sha_power, $scrypt_power, $skein_power, $groestl_power, $qubit_power, $sha_hardware, $scrypt_hardware, $skein_hardware, $groestl_hardware, $qubit_hardware, $sha_poolfee, $scrypt_poolfee, $skein_poolfee, $groestl_poolfee, $qubit_poolfee, $power_cost);
} else {
add_user($ip, $sha_hashrate, $scrypt_hashrate, $skein_hashrate, $groestl_hashrate, $qubit_hashrate, $sha_power, $scrypt_power, $skein_power, $groestl_power, $qubit_power, $sha_hardware, $scrypt_hardware, $skein_hardware, $groestl_hardware, $qubit_hardware, $sha_poolfee, $scrypt_poolfee, $skein_poolfee, $groestl_poolfee, $qubit_poolfee, $power_cost);
}
if ($_POST["clear"]) {
$diff = get_avg_diffs($avg);
$average_string = "(24 hr average)";
$sha_diff = number_format($diff[0], 2, '.', '');
$scrypt_diff = number_format($diff[1], 2, '.', '');
$skein_diff = number_format($diff[2], 2, '.', '');
$groestl_diff = number_format($diff[3], 2, '.', '');
$qubit_diff = number_format($diff[4], 2, '.', '');
$sha_hashrate = "";
}
}
// Double-encoding bugs found?
if ($Conf->setting("bug_doubleencoding")) {
$m[] = "Double-encoded URLs have been detected. Incorrect uses of Apache’s <code>mod_rewrite</code>, and other middleware, can encode URL parameters twice. This can cause problems, for instance when users log in via links in email. (“<code>a@b.com</code>” should be encoded as “<code>a%40b.com</code>”; a double encoding will produce “<code>a%2540b.com</code>”.) HotCRP has tried to compensate, but you really should fix the problem. For <code>mod_rewrite</code> add <a href='http://httpd.apache.org/docs/current/mod/mod_rewrite.html'>the <code>[NE]</code> option</a> to the relevant RewriteRule. <a href=\"" . hoturl_post("index", "clearbug=doubleencoding") . "\">(Clear this message)</a>";
}
// Unnotified reviews?
if ($Conf->setting("pcrev_assigntime", 0) > $Conf->setting("pcrev_informtime", 0)) {
$assigntime = $Conf->setting("pcrev_assigntime");
$result = $Conf->qe("select paperId from PaperReview where reviewType>" . REVIEW_PC . " and timeRequested>timeRequestNotified and reviewSubmitted is null and reviewNeedsSubmit!=0 limit 1");
if (edb_nrows($result)) {
$m[] = "PC review assignments have changed. You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>. <a href=\"" . hoturl_post("index", "clearnewpcrev={$assigntime}") . "\">(Clear this message)</a>";
} else {
$Conf->save_setting("pcrev_informtime", $assigntime);
}
}
if (count($m)) {
$Conf->warnMsg("<div>" . join('</div><div style="margin-top:0.5em">', $m) . "</div>");
}
}
assert($Me->privChair);
if (isset($_REQUEST["clearbug"]) && check_post()) {
$Conf->save_setting("bug_" . $_REQUEST["clearbug"], null);
}
if (isset($_REQUEST["clearnewpcrev"]) && ctype_digit($_REQUEST["clearnewpcrev"]) && check_post() && $Conf->setting("pcrev_informtime", 0) <= $_REQUEST["clearnewpcrev"]) {
$Conf->save_setting("pcrev_informtime", $_REQUEST["clearnewpcrev"]);
}
if (isset($_REQUEST["clearbug"]) || isset($_REQUEST["clearnewpcrev"])) {
redirectSelf(array("clearbug" => null, "clearnewpcrev" => null));
}
admin_home_messages();
}
}
// update trueuser
if (strcasecmp($_SESSION["trueuser"]->email, $new_user->email)) {
$_SESSION["trueuser"] = (object) ["email" => $new_user->email];
}
if ($MergeError == "") {
$Conf->confirmMsg("Merged account " . htmlspecialchars($old_user->email) . ".");
$new_user->log_activity("Merged account {$old_user->email}");
go(hoturl("index"));
} else {
$new_user->log_activity("Merged account {$old_user->email} with errors");
$MergeError .= $Conf->db_error_html(true);
}
}
if (isset($_REQUEST["merge"]) && check_post()) {
if (!$_REQUEST["email"]) {
$MergeError = "Enter an email address to merge.";
} else {
if (!$_REQUEST["password"]) {
$MergeError = "Enter the password of the account to merge.";
} else {
$MiniMe = Contact::find_by_email($_REQUEST["email"]);
if (!$MiniMe) {
$MergeError = "No account for " . htmlspecialchars($_REQUEST["email"]) . " exists. Did you enter the correct email address?";
} else {
if (!$MiniMe->check_password($_REQUEST["password"])) {
$MergeError = "That password is incorrect.";
} else {
if ($MiniMe->contactId == $Me->contactId) {
$Conf->confirmMsg("Accounts successfully merged.");
$nfail = $Conf->session("rev_token_fail", 0) + 1;
$Conf->save_session("rev_token_fail", $nfail);
}
}
}
}
}
if ($cleared && !count($tokeninfo)) {
$tokeninfo[] = "Review tokens cleared.";
}
if (count($tokeninfo)) {
$Conf->infoMsg(join("<br />\n", $tokeninfo));
}
redirectSelf();
}
if (isset($_REQUEST["token"]) && check_post() && !$Me->is_empty()) {
change_review_tokens();
}
if (isset($_REQUEST["cleartokens"])) {
$Me->change_review_token(false, false);
}
if ($Me->privChair) {
require_once "adminhome.php";
}
$title = $Me->is_empty() || isset($_REQUEST["signin"]) ? "Sign in" : "Home";
$Conf->header($title, "home", actionBar());
$xsep = " <span class='barsep'>·</span> ";
if ($Me->privChair) {
echo "<div id='clock_drift_container'></div>";
}
// Sidebar
$Conf->warnMsg("That assignment file makes no changes.");
} else {
$atype = $assignset->type_description();
echo '<h3>Proposed ', $atype ? $atype . " " : "", 'assignment</h3>';
$Conf->infoMsg("Select “Apply changes” if this looks OK. (You can always alter the assignment afterwards.)");
list($atypes, $apids) = $assignset->types_and_papers(true);
echo Ht::form_div(hoturl_post("bulkassign", ["saveassignment" => 1, "assigntypes" => join(" ", $atypes), "assignpids" => join(" ", $apids)]));
$assignset->echo_unparse_display();
echo '<div class="g"></div>', '<div class="aahc"><div class="aa">', Ht::submit("Apply changes"), ' ', Ht::submit("cancel", "Cancel"), Ht::hidden("default_action", $defaults["action"]), Ht::hidden("rev_roundtag", $defaults["round"]), Ht::hidden("file", $text), Ht::hidden("assignment_size_estimate", $csv_lineno), Ht::hidden("filename", $filename), Ht::hidden("requestreview_notify", req("requestreview_notify")), Ht::hidden("requestreview_subject", req("requestreview_subject")), Ht::hidden("requestreview_body", req("requestreview_body")), Ht::hidden("bulkentry", req("bulkentry")), '</div></div></div></form>', "\n";
$Conf->footer();
exit;
}
}
}
}
if (isset($_REQUEST["saveassignment"]) && check_post() && isset($_POST["file"]) && get($_POST, "assignment_size_estimate") >= 1000) {
complete_assignment("keep_browser_alive");
finish_browser_alive();
}
echo Ht::form_div(hoturl_post("bulkassign", "upload=1"), array("divstyle" => "margin-top:1em"));
// Upload
echo '<div class="f-contain"><div class="f-i"><div class="f-e">', Ht::textarea("bulkentry", req_s("bulkentry"), ["rows" => 1, "cols" => 80, "placeholder" => "Enter assignments"]), '</div></div></div>';
echo '<div class="g"><strong>OR</strong> ', '<input type="file" name="bulk" accept="text/plain,text/csv" size="30" /></div>';
echo '<div id="foldoptions" class="lg foldc fold2o">', 'By default, assign ', Ht::select("default_action", array("primary" => "primary reviews", "secondary" => "secondary reviews", "pcreview" => "optional PC reviews", "review" => "external reviews", "conflict" => "PC conflicts", "lead" => "discussion leads", "shepherd" => "shepherds", "tag" => "add tags", "settag" => "replace tags", "preference" => "reviewer preferences"), defval($_REQUEST, "default_action", "primary"), array("id" => "tsel", "onchange" => "fold(\"options\",this.value!=\"review\");fold(\"options\",!/^(?:primary|secondary|(?:pc)?review)\$/.test(this.value),2)"));
$rev_rounds = $Conf->round_selector_options();
if (count($rev_rounds) > 1) {
echo '<span class="fx2"> in round ', Ht::select("rev_roundtag", $rev_rounds, $_REQUEST["rev_roundtag"] ?: "unnamed"), '</span>';
} else {
if (!get($rev_rounds, "unnamed")) {
echo '<span class="fx2"> in round ', $Conf->current_round_name(), '</span>';
}
}
if ($MST['vmobile'] && $MG['vmobile']) {
$V['vmobile'] or dheader('validate.php?action=mobile&itemid=1');
}
if ($MST['vtruename'] && $MG['vtruename']) {
$V['vtruename'] or dheader('validate.php?action=truename&itemid=1');
}
if ($MST['vcompany'] && $MG['vcompany']) {
$V['vcompany'] or dheader('validate.php?action=company&itemid=1');
}
}
if ($_credit < 0 && $MST['credit_less'] && $action == 'add') {
dheader('credit.php?action=less');
}
if ($submit) {
check_post() or dalert($L['bad_data']);
//safe
$BANWORD = cache_read('banword.php');
if ($BANWORD && isset($post)) {
$keys = array('title', 'tag', 'introduce', 'content');
foreach ($keys as $v) {
if (isset($post[$v])) {
$post[$v] = banword($BANWORD, $post[$v]);
}
}
}
}
$MYMODS = array();
if (isset($MG['moduleids']) && $MG['moduleids']) {
$MYMODS = explode(',', $MG['moduleids']);
}
if (count($changedn)) {
$Conf->confirmMsg("Changes saved.");
} else {
$Conf->warnMsg("No changes.");
}
$sv->report();
redirectSelf();
} else {
SettingGroup::crosscheck($sv, $Group);
$sv->report();
}
}
if (isset($_REQUEST["update"]) && check_post()) {
do_setting_update($Sv);
}
if (isset($_REQUEST["cancel"]) && check_post()) {
redirectSelf();
}
if (!$Sv->warnings_reported) {
SettingGroup::crosscheck($Sv, $Group);
$Sv->report();
}
$Conf->header("Settings ∕ <strong>" . SettingGroup::$all[$Group]->description . "</strong>", "settings", actionBar());
$Conf->echoScript("");
// clear out other script references
echo $Conf->make_script_file("scripts/settings.js"), "\n";
echo Ht::form(hoturl_post("settings", "group={$Group}"), array("id" => "settingsform"));
echo '<div class="leftmenu_menucontainer"><div class="leftmenu_list">';
foreach (SettingGroup::all() as $g) {
if ($g->name === $Group) {
echo '<div class="leftmenu_item_on">', $g->description, '</div>';
$pj = PaperStatus::clone_json($opj);
PaperSaver::replace_contacts($pj, $Qreq);
if ($ps->save_paper_json($pj, $opj)) {
redirectSelf();
} else {
Conf::msg_error("<ul><li>" . join("</li><li>", $ps->error_html()) . "</li></ul>");
$Error = $ps->error_fields();
}
} else {
Conf::msg_error(whyNotText(array("permission" => 1), "update contacts for"));
}
// use request?
$useRequest = true;
}
// delete action
if ($Qreq->delete && check_post()) {
if ($newPaper) {
$Conf->confirmMsg("Paper deleted.");
} else {
if (!$Me->privChair) {
Conf::msg_error("Only the program chairs can permanently delete papers. Authors can withdraw papers, which is effectively the same.");
} else {
// mail first, before contact info goes away
if (!$Me->privChair || $Qreq->doemail > 0) {
HotCRPMailer::send_contacts("@deletepaper", $prow, array("reason" => (string) $Qreq->emailNote, "infoNames" => 1));
}
// XXX email self?
$error = false;
$tables = array('Paper', 'PaperStorage', 'PaperComment', 'PaperConflict', 'PaperReview', 'PaperReviewPreference', 'PaperTopic', 'PaperTag', "PaperOption");
foreach ($tables as $table) {
$result = Dbl::qe_raw("delete from {$table} where paperId={$prow->paperId}");
}
// save tab width, wdiff
if (isset($_REQUEST["tab"]) && ctype_digit($_REQUEST["tab"]) && $_REQUEST["tab"] >= 1 && $_REQUEST["tab"] <= 16) {
$tab = (int) $_REQUEST["tab"];
$tab = $tab == 4 ? null : $tab;
$Info->update_commit_info(array("tabwidth" => $tab));
} else {
if (isset($_REQUEST["tab"]) && ($_REQUEST["tab"] == "" || $_REQUEST["tab"] == "none")) {
$Info->update_commit_info(array("tabwidth" => null));
}
}
if (isset($_REQUEST["wdiff"])) {
$Info->update_commit_info(array("wdiff" => (int) $_REQUEST["wdiff"] != 0));
}
// save run settings
if ($Me->isPC && $Me != $User && isset($_REQUEST["saverunsettings"]) && check_post()) {
$x = req("runsettings");
if (empty($x)) {
$x = null;
}
$Info->update_commit_info(array("runsettings" => $x), true);
if (isset($_REQUEST["ajax"])) {
$Conf->ajaxExit(array("ok" => true, "runsettings" => $x));
}
}
// check for new commit
if ($User && $Info->repo) {
Contact::check_repo($Info->repo, 30);
}
$Conf->header(htmlspecialchars($Pset->title), "home");
$xsep = " <span class='barsep'> · </span> ";
$Me->assign_review($row->paperId, $reviewer, $type, array("round_number" => $round_number));
}
}
if ($ins) {
$Conf->qe("insert into PaperConflict (paperId, contactId, conflictType) values " . substr($ins, 2) . " on duplicate key update conflictType=greatest(conflictType,values(conflictType))");
}
if ($del) {
$Conf->qe("delete from PaperConflict where contactId={$reviewer} and (" . substr($del, 4) . ")");
}
$Conf->update_rev_tokens_setting(false);
if ($Conf->setting("pcrev_assigntime") == $Now) {
$Conf->confirmMsg("Assignments saved! You may want to <a href=\"" . hoturl("mail", "template=newpcrev") . "\">send mail about the new assignments</a>.");
}
redirectSelf(["kind" => $qreq->kind]);
}
if ($qreq->update && $reviewer > 0 && check_post()) {
saveAssignments($qreq, $reviewer);
} else {
if ($qreq->update) {
Conf::msg_error("You need to select a reviewer.");
}
}
$Conf->header("Assignments ∕ <strong>Manual</strong>", "assignpc", actionBar());
echo '<div class="psmode">', '<div class="papmode"><a href="', hoturl("autoassign"), '">Automatic</a></div>', '<div class="papmodex"><a href="', hoturl("manualassign"), '">Manual</a></div>', '<div class="papmode"><a href="', hoturl("bulkassign"), '">Bulk update</a></div>', '</div><hr class="c" />';
// Help list
echo "<div class='helpside'><div class='helpinside'>\nAssignment methods:\n<ul><li><a href='", hoturl("autoassign"), "'>Automatic</a></li>\n <li><a href='", hoturl("manualassign"), "' class='q'><strong>Manual by PC member</strong></a></li>\n <li><a href='", hoturl("assign"), "'>Manual by paper</a></li>\n <li><a href='", hoturl("bulkassign"), "'>Bulk update</a></li>\n</ul>\n<hr class='hr' />\n";
if ($qreq->kind == "a") {
echo "Types of PC review:\n<dl><dt>" . review_type_icon(REVIEW_PRIMARY) . " Primary</dt><dd>Mandatory, may not be delegated</dd>\n <dt>" . review_type_icon(REVIEW_SECONDARY) . " Secondary</dt><dd>Mandatory, may be delegated to external reviewers</dd>\n <dt>" . review_type_icon(REVIEW_PC) . " Optional</dt><dd>May be declined</dd></dl>\n<hr class='hr' />\n";
}
echo "<dl><dt>Potential conflicts</dt><dd>Matches between PC member collaborators and paper authors, or between PC member and paper authors or collaborators</dd>\n";
if ($qreq->kind == "a") {
function escape()
{
global $Conf;
if (get($_REQUEST, "ajax")) {
if ($this->is_empty()) {
$Conf->ajaxExit(array("ok" => 0, "loggedout" => 1));
} else {
$Conf->ajaxExit(array("ok" => 0, "error" => "You don’t have permission to access that page."));
}
}
if ($this->is_empty()) {
// Preserve post values across session expiration.
$x = array();
if (Navigation::path()) {
$x["__PATH__"] = preg_replace(",^/+,", "", Navigation::path());
}
if (get($_REQUEST, "anchor")) {
$x["anchor"] = $_REQUEST["anchor"];
}
$url = selfHref($x, array("raw" => true, "site_relative" => true));
$_SESSION["login_bounce"] = array($Conf->dsn, $url, Navigation::page(), $_POST);
if (check_post()) {
error_go(false, "You’ve been logged out due to inactivity, so your changes have not been saved. After logging in, you may submit them again.");
} else {
error_go(false, "You must sign in to access that page.");
}
} else {
error_go(false, "You don’t have permission to access that page.");
}
}
static function track_api($qreq, $user)
{
if (!$user->privChair || !check_post()) {
json_exit(array("ok" => false));
}
// argument: IDENTIFIER LISTNUM [POSITION] -OR- stop
if ($qreq->track === "stop") {
self::clear();
return;
}
// check tracker_start_at to ignore concurrent updates
if (($start_at = $qreq->tracker_start_at) && ($tracker = self::lookup())) {
$time = $tracker->position_at;
if (isset($tracker->start_at)) {
$time = $tracker->start_at;
}
if ($time > $start_at) {
return;
}
}
// actually track
$args = preg_split('/\\s+/', $qreq->track);
if (count($args) >= 2 && ($xlist = SessionList::lookup($args[1])) && str_starts_with($xlist->listid, "p/")) {
$position = null;
if (count($args) >= 3 && ctype_digit($args[2])) {
$position = array_search((int) $args[2], $xlist->ids);
}
self::update($xlist, $args[0], $position);
}
}
$_REQUEST["cc"] = Text::user_email_to(Contact::site_contact());
}
}
if (isset($_REQUEST["replyto"]) && $Me->privChair) {
$_REQUEST["replyto"] = simplify_whitespace($_REQUEST["replyto"]);
} else {
$_REQUEST["replyto"] = defval($Opt, "emailReplyTo", "");
}
// Check or send
if (defval($_REQUEST, "loadtmpl") || defval($_REQUEST, "cancel") || defval($_REQUEST, "psearch")) {
/* do nothing */
} else {
if (defval($_REQUEST, "send") && !$recip->error && check_post()) {
MailSender::send($recip);
} else {
if ((@$_REQUEST["check"] || @$_REQUEST["group"] || @$_REQUEST["ungroup"]) && !$recip->error && check_post()) {
MailSender::check($recip);
}
}
}
if (isset($_REQUEST["monreq"])) {
$plist = new PaperList(new PaperSearch($Me, ["t" => "req", "q" => ""]), ["list" => true, "foldable" => true]);
$ptext = $plist->table_html("reqrevs", ["header_links" => true, "table_id" => "foldpl"]);
if ($plist->count == 0) {
$Conf->infoMsg("You have not requested any external reviews. <a href='", hoturl("index"), "'>Return home</a>");
} else {
echo "<h2>Requested reviews</h2>\n\n", $ptext, "<div class='info'>";
if ($plist->any->need_review) {
echo "Some of your requested external reviewers have not completed their reviews. To send them an email reminder, check the text below and then select “Prepare mail.” You’ll get a chance to review the emails and select specific reviewers to remind.";
} else {
echo "All of your requested external reviewers have completed their reviews. <a href='", hoturl("index"), "'>Return home</a>";
echo $base;
echo "\n";
echo "<pre>\n";
print "Raw GET Parameters:\n\n";
foreach ($_GET as $key => $value) {
print "{$key}={$value}\n";
}
print "Raw POST Parameters:\n\n";
foreach ($_POST as $key => $value) {
print "{$key}={$value}\n";
}
echo "\n";
return;
}
// Lets check to see if we have any excess parameters
$badpost = check_post();
if (count($badpost) > 0) {
echo "<p><b>Note unexpected POST values ignored:</b>\n";
foreach ($badpost as $key => $val) {
echo ' ' . $val;
}
echo "</p>\n";
}
// Now we have a valid, signed request - lets run the tests
$context_id = $_REQUEST['context_id'];
$user_id = $_REQUEST['user_id'];
$roles = $_REQUEST['roles'];
$resource_link_title = $_REQUEST["resource_link_title"];
$resource_link_description = $_REQUEST["resource_link_description"];
// Resource Link information
if (isset($resource_link_title)) {
session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE);
/*header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past*/
require '../dv-config.php';
require DEV_PATH . '/classes/db.class.v2.php';
require DEV_PATH . '/functions/global.php';
$GET_ID = empty($_GET['id']) ? '' : $_GET['id'];
$GET_MODE = empty($_GET['mode']) ? '' : $_GET['mode'];
define('Q_VERSION', '0.1');
$type = array("R" => '1 Resuscitation', "E" => '2 Emergency', "U" => '3 Urgency', "S" => '4 Semi-Urgency', "N" => '5 Non-Urgency');
if (check_post($_POST, array('em_date', 'em_type'))) {
if (!empty($_POST['em_id'])) {
$sql = 'UPDATE ' . TB_PREFIX . '7days SET
em_date = :date,
em_type = :type,
em_sex = :sex,
em_admit = :admit,
em_dead = :dead,
em_record = :record
WHERE em_id=:id';
} else {
$sql = 'INSERT INTO ' . TB_PREFIX . '7days VALUES (:id,:date,:type,:sex,:admit,:dead,:record)';
}
$arr = array('id' => $_POST['em_id'], 'date' => $_POST['em_date'], 'type' => $_POST['em_type'], 'sex' => $_POST['em_sex'], 'admit' => $_POST['em_admit'], 'dead' => $_POST['em_dead'], 'record' => date("Y-m-d H:i:s"));
if (CON::updateDB($arr, $sql)) {
$jsExt .= 'swal({title: "All done!", text: "บันทึกสำเร็จ", timer: 2000, showConfirmButton: false, type: "success"});';
echo '<div class="clear"></div>', "\n";
$Conf->footer();
exit;
}
// repo
$Info = user_pset_info();
$Repo = $Info->repo;
$RecentCommits = $Info->recent_commits();
// can we run this?
if (!$Repo) {
quit("No repository to run");
} else {
if (!$Info->commit()) {
quit("No commit to run");
} else {
if ($Qreq->run === null || !check_post()) {
quit("Permission error");
} else {
if (!$Info->can_view_repo_contents) {
quit("Unconfirmed repository");
}
}
}
}
// extract request info
$Queueid = cvtint($Qreq->get("queueid", -1));
$checkt = cvtint($Qreq->get("check"));
$Offset = cvtint($Qreq->get("offset", -1));
// maybe eval
function runner_eval($runner, $info, $answer)
{
$data['title_alias'] = iaSanitize::convertStr($data['title_alias']);
// check for duplicate title_alias in case a new album is added or title_alias has been updated
if (!isset($item['title_alias']) || isset($item['title_alias']) && $data['title_alias'] != $item['title_alias']) {
if ($iaAlbum->existsAlias($data['title_alias'])) {
$error = true;
$messages[] = iaLanguage::get('album_already_exists');
}
}
if (!$error) {
$iaCore->startHook("phpAdminBeforeAlbumSubmit");
if (!empty($_POST['artist'])) {
$artist_info = $iaArtist->getArtistByTitle($_POST['artist']);
$data['id_artist'] = $artist_info['id'];
$data['artist_alias'] = $artist_info['title_alias'];
}
$data['status'] = check_post('status');
if ('add' == $pageAction) {
$iaCore->startHook("phpAdminBeforeAlbumAdd");
$data['id'] = $iaAlbum->insert($data);
// implement common hook for all items
$iaCore->startHook('phpAddItemAfterAll', array('type' => 'admin', 'listing' => $data['id'], 'item' => 'albums', 'data' => $data, 'old' => $item));
$iaView->setMessages(iaLanguage::get('album_added'), 'success');
$url = IA_ADMIN_URL . 'manage/albums/';
$goto = array('add' => $url . 'add/', 'list' => $url, 'stay' => $url . 'edit/?id=' . $data['id']);
$iaCore->post_goto($goto);
} elseif ('edit' == $pageAction) {
$data['id'] = $item['id'];
$iaCore->startHook("phpAdminBeforeAlbumUpdate");
$iaAlbum->update($data);
$messages = iaLanguage::get('changes_saved');
}
echo '<div class="clear"></div>', "\n";
$Conf->footer();
exit;
}
// repo
$Info = user_pset_info();
$Repo = $Info->repo;
$RecentCommits = $Info->recent_commits();
// can we run this?
if (!$Repo) {
quit("No repository to run");
} else {
if (!$Info->commit()) {
quit("No commit to run");
} else {
if (!isset($_REQUEST["run"]) || !check_post()) {
quit("Permission error");
} else {
if (!$Info->can_view_repo_contents && !$Me->isPC) {
quit("Unconfirmed repository");
}
}
}
}
// extract request info
$Queueid = cvtint(defval($_REQUEST, "queueid", -1));
$checkt = cvtint(defval($_REQUEST, "check"));
$Offset = cvtint(defval($_REQUEST, "offset", -1));
// maybe eval
function runner_eval($runner, $info, $answer)
{
$capdata = $capmgr->check($resetcap);
if (!$capdata || $capdata->capabilityType != CAPTYPE_RESETPASSWORD) {
error_go(false, "That password reset code has expired, or you didn’t enter it correctly.");
}
if ($iscdb) {
$Acct = Contact::contactdb_find_by_id($capdata->contactId);
} else {
$Acct = Contact::find_by_id($capdata->contactId);
}
if (!$Acct) {
error_go(false, "That password reset code refers to a user who no longer exists. Either create a new account or contact the conference administrator.");
}
// don't show information about the current user, if there is one
$Me = new Contact();
$password_class = "";
if (isset($_POST["go"]) && check_post()) {
$_POST["password"] = trim(get_s($_POST, "password"));
$_POST["password2"] = trim(get_s($_POST, "password2"));
if ($_POST["password"] == "") {
Conf::msg_error("You must enter a password.");
} else {
if ($_POST["password"] !== $_POST["password2"]) {
Conf::msg_error("The two passwords you entered did not match.");
} else {
if (!Contact::valid_password($_POST["password"])) {
Conf::msg_error("Invalid password.");
} else {
$flags = 0;
if ($_POST["password"] === get($_POST, "autopassword")) {
$flags |= Contact::CHANGE_PASSWORD_PLAINTEXT;
}
<?php
session_start();
include "setting.php";
if (!check_post()) {
print "フォームは全て記入してください。";
exit;
}
$check = check_inputs();
if ($check != '') {
print $check;
exit;
}
$login_name = $_POST["login_name"];
$pwd = $_POST["pwd"];
$sex = getSex($_POST["sex"]);
$hashpwd = password_hash($pwd, PASSWORD_DEFAULT);
$db = new mydb();
if (check_exist_user($db, $login_name) == true) {
$query = "INSERT INTO member (login_name,pwd,sex) VALUES(\$1, \$2, \$3)";
$result = $db->query($query, array($login_name, $hashpwd, $sex));
if ($result == false) {
print "登録に失敗しました。";
} else {
$query = "select id from member where login_name=\$1";
$result = $db->query($query, array($login_name), "getid");
$row = pg_fetch_assoc($result, 0);
regist_success($login_name, $row['id']);
}
} else {
print "指定されたユーザー名は利用できません。";